Vigilante Privacy Statement

EFFECTIVE: 06/17/2020

Your privacy is very important to us. Vigilante’s core business is protecting consumers and brands from abuse and fraud resulting from the compromise and exposure of personal and business information. We work with companies to prevent security incidents and fraud.  This Privacy Statement (“Statement”) describes the privacy practices of Vigilante. (“Vigilante” “we,” “our” or “us”). This Privacy Statement explains the information we collect, why we collect it, how we use and share it, and the choices you can make regarding your information.

Use the Table of Contents to link directly to a specific section or scroll down to read the full Privacy Statement.


The following summarizes our Privacy Statement. For more detail, refer to the full Privacy Statement below. Refer to the Table of Contents to link directly to any section.

Information We Collect and How We Collect It. We collect personal and other information about consumers in several ways and from several sources including:

  • Directly when you open a corporate account with us or sign up to receive emails or research papers from us. Information collected may include name, email address and other important identifying information,
  • Automatically when you interact with us online. Information collected may include IP address, cookies, browsing history, and other device and internet information,
  • From other parties to help us set up, manage, protect or service your corporate account, such as service providers, marketing companies and data providers, and
  • From underground online communities, commonly referred to as the “dark web”, which can be sourced by a variety of means (e.g., vendor compromises, third party incidents, leaked or stolen data, etc.). 

Use of Personal Information. We use personal and other information for many reasons, including to:

  • Provide and maintain your corporate account, services, and products,
  • Provide forensically sound packages of publicly leaked data that can be utilized to determine the impact of a breach,
  • Perform analysis to report data exposure against a secured repository
  • Perform analytics and research studies to improve, develop, and protect our websites and services,
  • Let you know about updates or important information about your company’s services,
  • Protect our business, services, customers, websites or comply with legal requirements. 

Sharing Personal Information. We share personal and other information with others for business purposes, including with:

  • Corporate customers,
  • Authorized agents
  • Service providers,
  • Third parties in connection with a business transaction, and
  • Law enforcement, regulators, and other parties for legal reasons.

Your Rights as a California Resident: As a California resident, you have certain rights including the right to access your personal information and the right to request the deletion of your personal information. To learn more about these rights including how to make a request, refer to the full Privacy Statement below.



We collect personal and other information about you. Personal information is data that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with you. Other information does not and cannot reveal an individual’s identity such as information that has been de-identified or aggregated. The information we collect varies based on what products and services you have with us.

We collect personal and other information in several ways and from several sources. We collect personal information directly from you when you sign up to create a corporate account to access our services or if you sign up to receive emails or research papers. We collect information from underground online communities, commonly referred to as the “dark web”, which can be sourced by a variety of means (e.g., vendor compromises, third party incidents, leaked or stolen data, etc.). We and service providers working on our behalf collect personal and other information from you automatically when you use one of our websites, mobile apps, view our emails or otherwise engage with us through a computer or mobile device (“Sites”) such as IP address, browsing history and other internet activity information. We also collect personal and other information about you from third parties such as service providers, marketing companies, and data providers.

The following are the categories of personal and other information that we may have collected and shared for at least the past 12 months, and examples of the information that fall into those categories. We do not intentionally seek some of this information, but it may be present in data sets that we locate in compromised data files on the dark web. Much of the information collected is in a form that is not reasonably capable of being associated or linked with an individual and may not be considered personal information:

PERSONAL IDENTIFIERS AND OTHER IDENTIFYING INFORMATION Name, alias, signature, postal address, email address, unique personal identifier, online identifier, internet protocol (IP) address, phone number, date of birth, Social Security number, driver’s license number, state identification number, passport number, criminal conviction, credit information, bank account or credit card number or other payment or financial information, medical information or health insurance information or other similar identifiers.
PERSONAL CHARACTERISTICS Age, race, marital status, sex (including gender, gender identity, gender expression,),
COMMERCIAL INFORMATION Account name, payment history, records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
INTERNET OR OTHER ELECTRONIC NETWORK ACTIVITY INFORMATION Browsing history, search history, information regarding your interaction with our website, application or advertisement, links you use or web pages you visit while visiting our site or applications, browser type, internet service provider (ISP), cookies, and mobile device information including device identifier or other information.
GEOLOCATION DATA Physical location.
MULTIMEDIA INFORMATION Audio, electronic, or other recordings.
EMPLOYMENT INFORMATION Professional or employment‐related information.
EDUCATION INFORMATION Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, student financial information.

Our website is not intended for children. We do not market any products or services to children under the age of thirteen or knowingly collect any information from children under the age of thirteen.


We use personal and other information for business purposes including to:

  • Help prevent and detect security incidents and fraud. We use the information to identify data exposure and alert companies regarding specific exposures of information. Our corporate customers may use this information to alert individuals of the potential compromise of data to help prevent identity fraud or institute additional security measures deemed necessary.
  • Provide and maintain your services and products. We may use your personal information to provide service, or maintain your corporate account for services or products, make requested changes to your plan, complete a transaction, or respond to customer service requests or other inquiries.
  • Improve, develop, and analyze our Sites, services, and products. We use algorithms, analytics software, and other similar methods to analyze personal information in order to improve, develop or deliver our Sites, products, and services and develop new services, products, or features. We also use the information to analyze how visitors use our Sites to improve the Sites and enhance and personalize your experience. We collect some information used for these purposes using analytics software, cookies, and other tracking technologies. For more information about the collection and use of this information, see Cookies and Tracking Technologies
  • Communicate with you about services or products. We may communicate with you about our products or services or your corporate account, provide you transaction confirmations, payment alerts, or other service or product-related messages via mail, email or other available methods such as text messages, if requested and push notifications.
  • Comply with legal requirements and protect the safety and security of our business, services, and Sites. We may use personal information to comply with laws, regulations, or other legal obligations, to assist in an investigation, to protect and defend our rights and property or the rights of third parties or enforce terms and conditions. We may also use personal and other information to prevent suspected fraud, threats to our network or other illegal activities, prevent misuse, or for any other reason permitted by law. We may use personal information to protect our company, our affiliates, our customers, our network, and our Sites.


We may share personal information with our affiliates for business purposes consistent with the uses described in this Privacy Statement. We may also share personal information about you with third parties whenever you consent to or direct such sharing. We strive to work with companies that share our commitment to privacy. We may also share information with others in an aggregated or de-identified form that does not reasonably identify you.

We may also share personal or other information with service providers and other third parties for business purposes or as required or permitted by law including with:

  • Corporate customers: We may provide information from our repository which may contain your information. In most instances of this sharing, the information we provide is in a de-identified form that does not reasonably identify you.
  • Service providers: Personal information may be shared with service providers who perform services on our behalf for a business purpose including service providers that:
    • engage in payment processing,
    • provide services that support our online activities including providing tracking technologies, web hosting, and analytics,
    • provide technology services and enhance security, privacy and fraud protections,
    • provide data analytics services or conduct research studies, and
    • provide support to our operations.

Any information shared with service providers in this regard is done in connection with the Services you request.

  • Third parties in connection with a business transaction: Personal information may be disclosed to third parties in connection with a corporate transaction, such as a merger, sale of any or all of our company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by an affiliate or third party, or in the event of a bankruptcy or related or similar proceedings.
  • Law enforcement, regulators and other parties for legal reasons: Personal information may be disclosed to third parties, as required by law or subpoena, or if we reasonably believe such action is necessary to:
    • comply with the law and the reasonable requests of regulators, law enforcement or other public authorities,
    • protect our or others safety, rights or property, and
    • investigate fraud or to protect the security or integrity of our Sites or any product or services
  • Authorized agents: Vigilante may operate through agents and selling partners who sell our services and products on our behalf. We may share your personal information with those agents or selling partners to provide you with the services you’ve requested. They may use your personal information in the manner described in this Privacy Statement.

We share the following categories of personal information with the following parties:

Categories of Third Parties
Corporate customers Service providers Authorized Agents Law enforcement or regulators
Categories of Personal Information Employment information
Commercial Information
Education information
Geolocation data
Internet or other electronic network activity information
Multimedia information
Personal characteristics
Personal identifiers and other identifying information

Although possible, we do not typically share personal information with third parties as part of a business transaction, such as a merger or acquisition.


Technologies and Information Collected: When you visit our Sites, we and our service providers automatically collect information about your use of and access to these Sites. We collect this information through a variety of tracking technologies, including cookies and similar technology (collectively, “tracking technologies”). Information we collect automatically about you may be combined with other personal information we collect directly. The information collected in this manner includes:

  • Information about the computer, tablet, smartphone or other devices you use, such as your IP address, browser type, Internet service provider, platform type, device type/model/manufacturer, operating system, date and time stamp, a unique ID that allows us to uniquely identify your browser, mobile device or your account (including, e.g., a persistent device identifier or an Ad-ID), and other similar information,
  • Analytics information we collected or obtained via third party analytics tools, to help us measure traffic and usage trends for the Sites and to understand more about the demographics and behaviors of our users, and

Use of the information: We or our service providers may use the information collected through tracking technologies to improve, enhance and personalize your customer experience, to monitor and improve our Sites and for other internal purposes such as:

  • Provide custom, personalized content and information,
  • Perform analytics and detect usage patterns, and
  • Detect or prevent fraud or other harmful activities.

Our service providers include Google. To learn more about Google’s privacy practices, click here. To access and use the Google Analytics Opt-out Browser Add-on, click here.

Your choices regarding cookies: If you prefer not to accept cookies, most browsers will allow you to change your browser settings to disable existing cookies, automatically request cookies or to notify you when you receive a cookie. However, if you disable, modify, or reject cookies, some parts or functionalities of our Site may be inaccessible or not function properly. For example, disabling cookies may require you to repeatedly enter information to take advantage of services.


Links to other company’s websites may be provided on the Vigilante Sites as a convenience to you. If you choose to go to these external websites, you will be subject to the privacy practices of those external websites; Vigilante is not responsible for the privacy practices of those websites. We encourage you to be aware when you leave our Site to read the privacy policies or statements of every Website you visit, as those privacy policies or statements may differ from ours. Our Privacy Statement applies solely to the Sites where this Privacy Statement appears.

Our website includes Social Media features, such as for Twitter or LinkedIn. These features may collect your IP address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social Media features are either hosted by a third party or hosted directly on our Site. Your interactions with these features are governed by the privacy policy of the company providing it.


The security of your personal information is important to us. We use a combination of reasonable technical, administrative, and physical safeguards to protect your personal information. However, no website, mobile application, database or system is completely secure or “hacker proof.” So, we cannot guarantee its absolute security. You are also responsible for taking reasonable steps to protect your personal information against unauthorized disclosure or misuse.

We limit access to your personal information to those who need it to do their jobs. We comply with all applicable federal and state data security laws.


We may periodically update or revise this Privacy Statement. The date at the top of this page shows when this Privacy Statement was last revised. We will let you know when we update the Privacy Statement by changing the date or other appropriate means.


If you should have questions or concerns about our privacy practices or this Privacy Statement, you can contact us at 2425 East Camelback Road, Phoenix, AZ 85016 or via email at [email protected].


For California Residents:

California residents have certain rights to access and delete their personal information described in this section, as well as other rights described below.

To better protect you and your personal information, we will only respond to access or deletion requests that we have been able to properly verify through our authentication processes. Since Vigilante does not have direct relationships with consumers, our ability to verify an individual is limited. To verify your identity, you will be asked to provide several pieces of information, such as name and other demographic information, which we will only use to verify your identity or authority to make the request.

To submit an access or deletion request, please click here to submit an online request or call us at (1-800-659-1251).  Responses to a verified request may take up to 45 calendar days, or longer depending on the nature of the request. If additional time is needed, we will notify you of the additional time. We may only respond to two access requests within a 12-month period.  Requests from authorized agents must be submitted via the same online portal or toll-free number. To protect your privacy, all consumers will be required to verify their identity directly with us via our online portal or toll-free number.

Right to Access Your Personal Information: You have the right to request that we disclose certain information about our collection and use of your personal information over the past twelve months including:

  • the specific pieces of personal information we have collected about you,
  • the categories of personal information collected,
  • the categories of sources from which personal information was collected,
  • the business purpose for collecting the personal information, and
  • the categories of third parties with whom we share personal information.

Since Vigilante does not have direct relationships with consumers, our ability to verify an individual or match data in our repository with an individual is limited. Accordingly, we are likely unable to provide specific pieces of personal information in response to a request.

Right to Deletion of Personal Information: You have the right to request we delete the personal information we collected. We will delete your personal information in response to a verifiable request unless needed to:

  • Complete a transaction for which we collected the personal information, provide a good or service you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you,
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities,
  • Debug products to identify or repair errors that impair functionality,
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law,
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us,
  • Comply with a legal obligation, including compliance with the California Electronic Communications Privacy Act, or
  • Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

 Sale of Personal Information

We do not sell personal information for money. We do share information with our business customers to assist the business customer to detect security incidents and protect against fraudulent, deceptive, or illegal activity. In most instances of this sharing, the information we provide is in a de-identified form that does not reasonably identify you. Under California law, sharing of this information may be considered a “sale” of information. Except for this kind of sharing, we do not sell any other information.

Because Vigilante does not have direct relationships with consumers and information is kept in a form that is not reasonably capable of being associated or linked to an individual, Vigilante may be unable to locate your information in our records to limit the sharing. Where we are able to locate your information, limiting sharing will impact our business customers’ ability to notify you of a potential compromise of your information and to help you prevent identity fraud. To make a request for Vigilante not to “sell” this information, please click here or you can email our team with requests at [email protected].

Non-Discrimination Rights: You have the right not to receive discriminatory treatment by us for the exercise of your California privacy rights.