Security
We at Catchpoint are committed to the security and integrity of your information. This commitment is present when we design and build our software and system architecture; when we configure our servers, or select our vendors and partners. It extends to our internal security policies and processes and our employees who are an essential piece of this commitment.
Here are some of the measures we have adopted to keep our security posture strong:
- SOC 2 Type 2 Certification: The SOC 2 Type 2 certifications serves as a symbol of trust and transparency for organizations. It demonstrates that our security and confidentiality controls meet or exceed AICPA requirements. This certification is crucial for businesses handling sensitive data.
- ISO 27001 Certification: The ISO 27001 certification establishes a globally recognized framework for an organization's information security management systems (ISMS). It covers all types of business data - whether stored electronically, in hard copies, or with third-party suppliers. Achieving this certification boosts security measures and enhances reliability in handling information systems.
- Annual Penetration Test: This is conducted by a 3rd party against our infrastructure and website
- Quarterly Vulnerability Scans: We run these internally on a fixed schedule against all our infrastructure servers and follow up with required remediation.
- Our server deployment and security configurations follow NIST (National Institute of Standards and Technology) standards.
- We have SIEM, Intrusion Detection and Threat Response for our core infrastructure with a 24×7 SOC in place to address any threats.
Privacy Notice
Last Updated: October 2024
Effective: October 2024
Catchpoint Systems, Inc. (“Catchpoint”) provides web performance monitoring services that are used by our customers to measure, analyze and improve the speed, availability and reliability of their websites, web apps and web services (the “Catchpoint Services”). The definition “Catchpoint Services” includes the online web performance measurement and related services provided by WebPageTest (“WPT Services”), a Catchpoint product. Catchpoint performs the Catchpoint Services for the benefit of its customers as a third-party service provider. This Privacy Notice does not describe the activities of our customers’ websites, web apps or web services.
Scope
Catchpoint has prepared this Privacy Notice to describe our practices regarding the information we collect from: (i) visitors to our websites located at www.catchpoint.com and www.webpagetest.org (the “Corporate Websites”); (ii) visitors who register to attend or attend events in which Catchpoint or its affiliates participate (“Events”): (iii)individual users, typically representatives of Catchpoint’s customers, authorized to log into the Catchpoint Services user interfaces (“Platform Interfaces”); and (iv) visitors to or users of our customers’ websites, web apps and web services on which the Catchpoint Services are deployed.
Catchpoint’s customers are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements or other obligations, relating to the collection of personal information in connection with the use of the Platform Interfaces by individuals (also referred to in this Privacy Policy as “data subjects” or “consumers”) accessing and using the Platform Interfaces pursuant to our customers’ agreements with Catchpoint. With regard to such individuals, Catchpoint processes Personally Identifiable Information only pursuant to its customers’ directions in connection with such individuals’ access to and use of the Platform Interfaces. Catchpoint does not have a direct relationship with those individuals. Any individual accessing and using the Platform Interfaces pursuant to a Catchpoint customer’s agreement with Catchpoint should contact that customer directly with any questions about that customer’s data privacy practices.
Contact information:
Catchpoint Systems, Inc.
228 Park Avenue South #28080,
New York, NY 10003
USA
privacy@catchpoint.com
Corporate Website and Platform Interface
Information about visitors collected by the Corporate Websites, at Events, and by the Platform Interfaces.
Our Corporate Websites provide information about Catchpoint and the Catchpoint Services. The Corporate Websites also provide access to the portal used by Catchpoint Services customers to log into the Platform Interfaces, which is also accessible via the Catchpoint app. Events are intended to provide information about Catchpoint and the Catchpoint Services to Event attendees.
The following information may be collected about a visitor to the Corporate Websites, an attendee at an Event, and by the app, where relevant:
• The Personally Identifiable Information that is voluntarily submitted by a visitor or attendee at an Event, in connection with, for example, a request for more information about Catchpoint Services or for a free trial;
• The information that is automatically provided by the visitor’s computer browser (“Browser Information”), such as the computer operating system, Internet Protocol (IP) address (from which we can infer a visitor’s location), time and day of access, browser type and language, and the website the consumer visited before visiting the Corporate Websites;
• The username and password that is entered by an authorized individual user, Catchpoint user or WPT Services user, as applicable (“Catchpoint Services User”) to gain access to the Platform Interfaces;
• The name, email address, and company affiliation (i.e., the Personally Identifiable Information) of each Catchpoint Services User logged into the Platform Interfaces; and
• The IP address and hostname for Endpoint Devices (as defined below), which may constitute Personally Identifiable Information.
How information about visitors is collected by the Corporate Websites and Platform Interfaces
The Corporate Websites and Platform Interfaces use cookies and similar technologies, such as embedded scripts and web beacons (also known as tags or pixels), to collect the information described above.
How Catchpoint uses the information it collects from the Corporate Websites, Event attendees, and Platform Interfaces
Catchpoint uses the information collected through the Corporate Websites or from attendees at Events for the purposes for which such information was provided. For example, if you share your name and contact information with us when submitting a request for a free benchmark or an inquiry through our website, we will use this information to respond to you and provide you with the services or information requested. Where we seek and obtain your consent to engage in these processing activities, we will rely on such consent to process your personal data until you withdraw it. In other cases, we will process your personal data as necessary to perform our contractual obligations with you, or to otherwise provide the requested services, including the Catchpoint Services, or to provide information.
Catchpoint uses the information collected from the Corporate Websites as necessary for its legitimate business purposes. Depending on the context, Catchpoint can use the information collected to respond to a visitor’s request, to communicate with visitors about Catchpoint and the Catchpoint Services, or to otherwise operate, manage, secure and improve Catchpoint, the Corporate Websites, and the Catchpoint Services.
Catchpoint’s use of the information collected from the Platform Interfaces is limited to providing the Catchpoint Services which its customers have engaged. For example, the information is used to allow Catchpoint Services Users to log into the Platform Interfaces, to provide support, training and other services related to the Catchpoint Services, to optimize the user experience on the Platform Interfaces, to understand how a Catchpoint Services User interacts with the pages and features of the Platform Interfaces, and otherwise to operate, manage, and improve Catchpoint, the Platform Interfaces, and the Catchpoint Services. We will process this information as necessary for our legitimate business interests or as necessary to perform our contractual obligations with our customers. With the exception of information collected in connection with Catchpoint Services Users’ registration or authentication into the Catchpoint Services, this Privacy Policy does not apply to Catchpoint’s security and privacy practices in connection with access to and use of the Catchpoint Services. More information regarding Catchpoint’s security practices can be found here.
Catchpoint does not sell, rent, or lease the Personally Identifiable Information that it collects on the Corporate Website and the Platform Interface to third parties. The Personally Identifiable Information collected from the Corporate Website and Platform Interface may be shared with Catchpoint’s affiliates, and with the service providers that work on Catchpoint’s behalf. These service providers are restricted from using Personally Identifiable Information in any way other than to provide services for us and subject to our documented instructions only. Such information may also be disclosed by Catchpoint as required by law, valid court order, or other request from a governmental authority.
Individuals from the European Economic Area only
Our legal basis for collecting and processing Personally Identifiable Information depends on the context in which we collect such information. Catchpoint will only collect Personally Identifiable Information from visitors to the Corporate Website or attendees at an Event where: (a) Catchpoint has your consent to do so (e.g., when you voluntarily submit an inquiry through the website, share your business card, or agree to have your badge scanned); or (b) where Catchpoint has a legitimate interest (or a third party has a legitimate interest) that is not overridden by your data protection interests. If you have given consent, you can reverse that consent at any time by sending an email to privacy@catchpoint.com with a copy to Legal-dept@catchpoint.com.
Catchpoint Services
Information collected by the Catchpoint Services about consumers
The Catchpoint Services measure the performance of our customers’ websites, web apps and web services (each, a “Web Property”) by testing speed, reliability, and availability. With the exception of the following, the Catchpoint Services run tests that model a hypothetical consumer’s experience on a customer’s Web Property or network infrastructure using equipment located worldwide that is managed by Catchpoint Systems. In addition, the Catchpoint Service known as “Real User Measurement” (the “RUM Service”) is used by Catchpoint’s customers to measure a consumer’s actual experience of a Web Property, and the Catchpoint Service that monitors endpoint devices (the “Endpoint Service”) is used by Catchpoint’s customers to measure the performance of the devices and services of their employees, customers, or by individual users to monitor their own devices and services (such devices, “Endpoint Devices”). The RUM Service measures how fast a webpage and its components load on a consumer’s browser in order to provide our customers with information about the use of their Web Property to improve speed and reliability, and to detect and fix errors. The Endpoint Service provides Catchpoint’s customers with information to detect and fix device, network, and application performance issues affecting Endpoint Devices. With the exception of the RUM Service and the Endpoint Service, the Catchpoint Services do not measure or collect information about actual consumer visits, actual consumer devices or device metrics, or actual consumers.
In connection with providing the RUM Service to a customer, Catchpoint collects the following information about a consumer from a customer’s Web Property:
• Browser Information; and
• Information about a consumer’s usage of the Web Property that our customer asks Catchpoint to collect, which can include, for example, factors such as the number of visits, the number of page views per visit, whether the visit results in a purchase or other transaction, and whether the Web Property produced any errors during the visit.
In connection with providing the Endpoint Service to a customer, Catchpoint may collect the following information about a consumer’s Endpoint Device:
• IP address and hostname;
• Browser Information; and
• Information about a consumer’s usage of a Web Property, configured by our customer’s admin for such consumer, that our customer asks Catchpoint to collect, which can include, for example, factors such as the number of visits, the number of page views per visit, and Web Property performance metrics on that consumer’s Endpoint Device.
Lastly, the Catchpoint Service known as “Real User Benchmarking Measurement Network” (the “Benchmark Service”) is used by Catchpoint to measure the performance and availability of key infrastructure services as observed by the end users, without impacting the experience of the end user. The Benchmark Service does not track visits or sessions, or unique users, and it does not set or rely on tracking cookies or ids that are unique to a user or device. The Benchmark Service does log IP address of the user, but it anonymizes it by dropping the last octet.
How the RUM Service collects information about consumers
Catchpoint Services use cookies and similar technologies, such as embedded scripts and web beacons (also known as tags or pixels), to collect the information described above. Cookies are used to associate a consumer’s web browser with the information our customers specify. Embedded scripts are used to measure how a consumer uses a Web Property. Web beacons are used to transfer information between the cookies and Catchpoint computers. For the Endpoint Service, similar scripts are embedded via a browser plug-in installed on the Endpoint Device.
In addition, Catchpoint Services is authorized by our customers to set a Catchpoint cookie on our customers’ Web Properties in connection with providing the RUM Service. These cookies are used by the RUM Service to recognize a returning visitor, and to determine the number of unique visitors to a Web Property.
How Catchpoint uses the information collected by the Catchpoint Services
The information collected by the Catchpoint Services on a customer’s behalf is owned by that customer, and our ability to use that information is limited by Catchpoint’s contract with the customer. In general, Catchpoint is permitted to use that information to provide reporting and analysis services for the customer’s benefit. Catchpoint is also permitted to operate, maintain, and improve our products and services, and to share aggregated information collected from many companies with our customers, prospective customers, and partners in order to improve our products and services, to provide reports and market research, and to understand market trends. Aggregated information does not identify individuals, our customers, or website URLs. This aggregated information may be transferred to a successor in interest to Catchpoint, such as a company that acquires Catchpoint or the Catchpoint Services. Catchpoint is also permitted to disclose information as required by law, valid court order, or other request from a governmental authority.
How Catchpoint’s customers use the information collected by Catchpoint
Our customers use the reports, analytics, and metrics compiled by the Catchpoint Services to operate, identify issues on, improve, and optimize their Web Properties. The Catchpoint Services help our customers provide a better user experience to the people who use their Web Properties. To learn more about how a particular company or Web Property uses the information that Catchpoint collects on its behalf, please consult the privacy notice for that Web Property or company.
Cookies
Cookies are used to respond, by way of example, to a visitor’s request for more information about the Catchpoint Services or for a free trial. Cookies also authenticate the username and password of a Catchpoint Services User entered by that Catchpoint Services User in the Platform Interface. Some cookies are set by the Corporate Website and the Platform Interface to permit our service providers to perform services on our behalf. Any information transferred to our service providers is governed by our agreements with those service providers.
Embedded scripts are used to measure the pages and features of the Corporate Website used by visitors. Embedded scripts are also used by certain of Catchpoint’s service providers to collect the name, email address and company affiliation of Catchpoint Services Users.
Web beacons (or tags or pixels) are used to transfer information between a visitor’s browser and the computers of Catchpoint’s service providers in order to power some features of the Corporate Website (for example, to automate requests for further information, and to enable web analytics) on Catchpoint’s behalf.
Managing Cookie Settings
Some of the Catchpoint Services use cookies to help collect the information described above. Most Internet browsers automatically accept cookies, but you can usually modify your browser settings to block all cookies or to block just those set by companies other than the one whose website you are visiting (often called “Third-Party Cookies”). Please consult the instructions specific to your browser to change your cookie settings.
Our Corporate Website may use first- and third-party cookies and similar technologies for targeted advertising based on user interests, demographics, and past browsing activity. If you would like to opt out of having your information collected and used by us for these purposes, please visit here or here if you’re in the United States (if you’re in Europe, please visit here).
Your options with respect to a Web Property’s cookies (“First-Party Cookies”) are explained in that Web Property’s or company’s privacy policy. Please consult the privacy policy for that Web Property or company for more information.
General Data Protection Regulation
Catchpoint complies with the European Union’s General Data Protection Regulation (“GDPR”) with regards to the collection of personal data of European Union citizens. More information regarding Catchpoint’s GDPR compliance can be found here.
California Consumer Privacy Act
Catchpoint complies with the California Consumer Privacy Act (the “CCPA”). The CCPA came into effect on January 1, 2020, and gives California consumers additional privacy rights over their personal information. More information regarding the CCPA and Catchpoint’s CCPA compliance can be found here.
Under the CCPA, Catchpoint is a business as well as a service provider (as defined in the CCPA). In our capacity as service provider, including for our customers, we process personal information in accordance with instructions given to us by the business that engage us for our services. You may contact those businesses directly for more information on how they process your personal information.
Information we may collect may include the following categories of personal information:
• Identifiers such as name, IP address, hostname, and email address
• Internet activity, as set forth in the notice above for our RUM Service, Endpoint Service, and Website visitors
• Professional or employment-related information (your employer and job title)
We may collect the above information from you directly, from your device, and from third parties (including our customers). Catchpoint does not “sell” your personal information under the terms of the CCPA.
Information Security
Catchpoint employs robust security measures to prevent the loss, misuse, or alteration of information collected by the Corporate Website, the Platform Interface, and Catchpoint Services. Of course, data transmission over the Internet is inherently insecure, and we cannot guarantee the security of data sent over the Internet. See more information here.
Definitions
A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the website again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies.
Embedded scripts are bits of programming code included within some of our web pages that measure how you use those web pages (for example, the pages you visit and how long you stay on a page). You may be able to turn off scripting functionality, such as JavaScript, within your browser (please refer to your browser’s help function).
Personally Identifiable Information is information that allows someone to identify or contact a consumer, and includes, for example, a consumer’s name, physical address, and email address.
Web beacons (or “tags”) are bits of programming code included in web pages, emails, and ads that notify Catchpoint (or the companies that help us run our business) when those web pages, emails, or ads have been viewed or clicked on.
Changes to This Privacy Notice
Catchpoint may update this Privacy Notice to reflect changes to our practices. If we decide to change our privacy statement, we will post those changes to this Privacy Notice. We will post any Privacy Notice changes on this page and, if the changes are significant, we may provide a more prominent notice.
If you need help with exercising any of the opt-out rights set forth herein or under applicable law, please send us an email at privacy@catchpoint.com with a copy to Legal-dept@catchpoint.com.
If you have any questions about this Privacy Notice, please contact us at
Catchpoint Systems, Inc.
228 Park Avenue South #28080,
New York, NY 10003
USA
privacy@catchpoint.com
GDPR & CCPA
Summary
We believe that data privacy is a fundamental right of individuals and that respecting and protecting the privacy of individuals that use or are affected by its service is of the utmost importance. We comply with high security standards, including SOC 2, actively train our people on Catchpoint’s security and privacy obligations, and have 24/7/365 support available to our customers.
Catchpoint is SOC 2 compliant and has implemented data security and control measures to help ensure that any personal data that it maintains is protected and secure. See more on Catchpoint’s security here.
GDPR
What is the GDPR and who does it cover?
The EU General Data Protection Regulation (“GDPR”) is a data privacy regulation passed by the European Union Parliament that gained the force of law on May 25, 2018. GDPR replaced the EU Data Protection Directive (Directive 95/46/EC) previously in effect. GDPR deals with the protection of personal data in the EU, including security, confidentiality, the right to consent to data collection, the right to erasure of data, the right to notice of data usage, and many others.
GDPR imposes obligations on organizations that are located in the EU or that control (a “data controller”) or process (a “data processor”) the personal data of individuals located in the EU, including the way they access, acquire, share, and store personal data and how they provide individuals with access to their own personal data.
What is personal data under GDPR?
Personal data is information that can be used to directly or indirectly identify a natural person. Personal data includes names, email addresses, IP addresses, photos and many other types of information.
What are data controllers and data processors?
An organization can be either a data controller or a data processor with regard to personal data, or it can be both of these. A data controller decides the purpose and means of processing personal data. A data processor processes personal data for a data controller.
What is Catchpoint doing about GDPR?
We are committed to keeping personal data secure and maintaining compliance with GDPR. We work with customers worldwide to use our services in compliance with GDPR, and to ensure support for customers for their own GDPR requirements. Where personal data controlled by Catchpoint customers is transferred outside of the European Economic Area, those customers must ensure that the data is processed in compliance with applicable data protection law, including GDPR. Such customers may need data protection agreements in place to achieve those aims. Customers can obtain Catchpoint’s data protection agreement by submitting a request to privacy@catchpoint.com.
Where can I get more information about Catchpoint’s GDPR compliance?
If you have any other questions about the ways in which Catchpoint handles GDPR compliance, please reach out by emailing us at privacy@catchpoint.com.
CCPA
What is the CCPA and who does it cover?
The California Consumer Privacy Act (Cal. Civ. Code §§ 1798.100-17.98-199) is a consumer privacy law passed by the State of California in 2018, which became enforceable on January 1, 2020. The CCPA gives California consumers additional privacy rights over their personal information, including security, confidentiality, the right to know an organization’s data collection practices, the right to deletion of personal data, the right to notice of sale of personal data and to request that personal information not be sold, and many others. The CCPA includes both regulatory action and a private right of action in certain circumstances. Catchpoint actively tracks updates to the law.
The CCPA imposes obligations on certain for-profit organizations that are located in California or do business in California, that collect consumer personal information, and that meets certain revenue or consumer thresholds. These obligations include the way such organizations access, acquire, share, and sell personal data and how they provide individuals with access to their personal data
What is personal data under the CCPA?
The CCPA takes a broad view of personal information, and defines it as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Personal data includes names, email addresses, IP addresses, photos, and many other types of information.
Does Catchpoint sell personal information?
Catchpoint does not sell our customers’ personal information (as currently defined under the CCPA), nor does Catchpoint rent, disclose, release, transfer, make available or otherwise communicate that personal information to a third party for monetary consideration.
What is Catchpoint doing about the CCPA?
We are committed to maintaining compliance with the CCPA, including responding appropriately to consumer requests. We work with customers to use our services in compliance with the CCPA, and to ensure support for customers for their own CCPA requirements.
Where can I get more information about Catchpoint’s CCPA compliance?
If you have any other questions about the ways in which Catchpoint handles CCPA and other privacy compliance please reach out by emailing us at privacy@catchpoint.com. You can also call us at +1 877-240-4450.
Other Privacy Laws and Regulations
Catchpoint actively monitors changes in applicable law and regulation, and updates our privacy and security practices and policies as necessary to remain compliant with applicable law and regulations.