NinjaOne Privacy Policy

Last updated: August 10, 2023

As a global company with customers in nearly every country in the world, here at NinjaOne, protecting the personal information of our customers and their end-users is, and has always been, of the utmost priority.

This Privacy Policy covers the practices of NinjaOne, LLC and its affiliated companies (“NinjaOne” or “we” or “us”) concerning personal information that we handle in the context of offering or providing our services, including any such information we may collect from you or that you may provide when you visit the websites NinjaOne.com or any of our other websites that link to this Privacy Policy (collectively, our “Website”).

This policy is not a contract between NinjaOne and its users, but is merely a recitation of NinjaOne’s policies as of the date above. Please read this policy carefully to understand our policies and practices regarding personal information and how we will treat it. This policy may change from time to time, so please check the policy periodically for updates.

A special note about data processed by our software and services:

NinjaOne software and services allow NinjaOne customers to collect, distribute, visualize, and otherwise manage their own data. In many use cases, this data stays entirely within the customer's network, and NinjaOne has no access to it. In the limited situations and configurations in which NinjaOne has access to a portion of a customer's data, NinjaOne processes it solely to provide our service to that particular customer. NinjaOne handles that data solely pursuant to our contract with that customer, not pursuant to NinjaOne's own Privacy Policy. Thus, for example, the reference in this Privacy Policy to using personal information to send marketing and promotional communications does not apply to that customer data.

To the extent the data we receive through our services relates to an identified or identifiable individual, NinjaOne handles such data solely as the customer's "processor" within the meaning of the General Data Protection Regulation ("GDPR") and similar laws, and solely as the customer's "service provider'' within the meaning of the California Consumer Privacy Act ("CCPA"). Any inquiries or requests relating to such data should be directed to the relevant customer, not to NinjaOne.

This Privacy Policy contains the following sections:

Information We Collect
Use of Information
Disclosure of Information
International Data Transfers
Legal Basis for Processing Information
Your Rights and Choices
Protection of Information
Retention of Information
Updates and Changes to This Policy
Contact Information
Lead Data Protection Authority
Data Protection Officer
Additional Detail for California Residents

Information We Collect

a. Information You Provide to Us

You may provide the following types of information to us:

Identifiers (such as name, username, physical address, email address, and other contact information);
Commercial information (such as information provided to us in your communications, transaction data, information about interactions with NinjaOne or our partners, content of tickets you submit, information about your interests and preferences, information you provide in entering a promotion sponsored by us, and your posts to our online forums);
Financial data (such as payment information);
Internet or other network or device activity (such as IP addresses, device identifiers, cookie data, device attributes, device usage information, browsing information, metadata, and other information; and utilization data and configuration settings related to your use of our products);
Professional or employment-related data (such as company name);
Other information that identifies or can be reasonably associated with you; and
Inferences drawn from any of the above.

b. Cookies and Other Information Collection Technology

Through our online properties, we and third parties may collect information from your computer or other device by automated means such as cookies, web beacons, local storage, JavaScript, mobile-device functionality, and other computer code.

This information may include unique browser identifiers, IP address, browser and operating system information, device identifiers (such as advertising identifiers), location data, other device information, Internet connection information, as well as details about your interactions with the relevant website, email, or other online property (for example, the URL of the third-party website from which you came, the pages on our website that you visit, and the links you click on in a website). In some cases (such as cookies), the tools described here involve storing unique identifiers or other information on your device for later use.

These technologies help:

Display personalized content;
Store information about your preferences, allowing us to customize our Website according to your individual interests;
Perform analytics, estimate our audience size and usage patterns, and better understand the demographics of users;
Diagnose and fix technology problems;
Plan for and enhance our business; and
Facilitate the other uses and disclosures described in this Privacy Policy.

c. Information From Third Parties

We may also receive personal information from third parties, including our service providers, affiliates, and partners (such as organizations with whom we partner on events and contests, resellers, customers, technology vendors, business information vendors, and list brokers), as well as from publicly available sources (such as LinkedIn and company websites). We may combine some of that information with other information we have about you.

Use of Information

We and our service providers use the information described above for the following purposes:

Administer your account, including to process your registration and verify your information;
Provide, manage, and improve our services;
Conduct business operations in support of our services, such as auditing, security, fraud prevention, invoicing and accounting, sales and marketing, analytics, and research and development;
Send messages that are related to services we provide (e.g., welcome messages and confirmation notices, and the like), your activity on the Website, or updates and changes to the Website or services, consistent with any applicable communications options we offer;
Contact you regarding NinjaOne and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you, consistent with any applicable communications options we offer;
Send you other marketing and promotional communications, consistent with any applicable communications options we offer;
Customize content, preferences, and advertising on the services, across the Internet and elsewhere;
Create aggregated, de-identified, or anonymized information;
Comply with laws, regulations, and other legal process and procedures; and
Establish, exercise, or defend our legal rights.

We also may use and disclose appropriately aggregated, de-identified, or anonymized information for any lawful purpose.

Disclosure of Information

NinjaOne discloses personal information as follows:

To Customers: We disclose personal information to our customers.
To Service Providers: We may disclose personal information to companies that provide services to us or to you, such as providers of data storage, marketing, web hosting, security, analytics, and fraud prevention.
To Affiliates: We may disclose personal information to other members of our corporate family for the purposes described in this Privacy Policy.
Corporate Transactions: We may disclose personal information as part of, or to take steps in anticipation of, a sale of all or a portion of our business, a divestiture, merger, consolidation, asset sale, bankruptcy, or other significant corporate event.
To Other Users: When you disclose personal information by posting content to public areas of the Website like message boards, such personal information may be viewed by all users and may be publicly distributed in perpetuity.
To Business Partners: We may disclose information to business partners, such as organizations with whom NinjaOne partners to hold events and contests.
Legal: We may disclose information when we believe disclosure is appropriate due to a subpoena or similar investigative demand, a court order, or other request from a law enforcement or government agency; or as otherwise required by law.
Protection of NinjaOne and Others: We may disclose information when we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud, or other wrongdoing; to protect and defend the rights, property, or safety of our company, our employees, our customers, or others; and to enforce our terms and other agreements.
Your Consent: If you have consented to additional disclosure of certain personal information, we may also disclose that personal information consistent with your consent.

In some cases, we may disclose appropriately aggregated, de-identified, or anonymized information in these or other circumstances.

International Data Transfers

NinjaOne is a global company, and personal information may be transferred to recipients in the U.S., EU, and elsewhere, including to locations with privacy and data protection laws that are less protective than those in your home country. To the extent such transfers occur, personal information will be protected under appropriate mechanisms to ensure that it receives the legally required level of protection, such as (for GDPR-regulated data) through the use of the EU-approved Standard Contractual Clauses. If you wish to exercise a right to see copies of the mechanisms that NinjaOne uses to transfer data to third parties, please contact us as described at the end of this Privacy Policy.

Legal Basis for Processing Information

The General Data Protection Regulation (“GDPR”) and similar laws require data controllers to explain the legal bases that justify their processing of personal information. To the extent such rules apply, our legal bases are:

In many cases, processing personal information is necessary for our legitimate interests or the legitimate interests of others. For example, we may process personal information on this legal basis to:
- Manage and improve our services;
- Conduct business operations in support of our services, such as auditing, security, fraud prevention, invoicing and accounting, certain sales and marketing activities, certain analytics activities, and research and development;
- Contact you through certain channels regarding NinjaOne and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you;
- Create aggregated, de-identified, or anonymized information; or
- Establish, exercise, or defend our legal rights.
In some cases, processing personal information is necessary for us to comply with our legal obligations.
In other cases, we process personal information based on your consent. For example, in some cases the following activities will be performed on the basis of consent (which may be express consent or implied consent, depending on the situation and on which laws apply):
- Contacting you through certain channels regarding NinjaOne and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you; and
- Conducting certain other sales, marketing, and analytics activities.

Your Rights and Choices

On occasion, NinjaOne will send you messages that are related to services we provide (e.g., welcome messages, confirmation notices, and the like), your activity on the Website, or updates and changes to the Website or services. By default, these are through email, though we may send you messages in other ways (e.g., text messages or physical mail). If you would like to opt out of these messages, please contact us as described at the end of this Privacy Policy. NinjaOne may also send email newsletters or promotional emails, to which you may unsubscribe by following the instructions contained in the emails.

We do not handle or monitor browser-based “Do Not Track” signals, but, depending on your jurisdiction, you may have the ability to control certain cookies and similar tracking technologies. Below, we describe various options for adjusting your preferences for our use of various technologies on the Website in a particular browser. For most of the cookie preference options described below, your opt-out will be stored as a cookie. That means that you can undo your opt-out by manually clearing the cookies in your browser or by using a browser that automatically clears cookies. Depending on where you are and some other factors, this may reactivate the sorts of cookies that your previous preference had stopped. If you do that and then decide to opt-out again for that browser, you will need to perform the relevant opt-out steps again in that browser.

Depending on your jurisdiction, you may be able to adjust your preferences about how certain cookies and certain similar technologies are used on our Website by clicking on a Cookie Preferences link in the Website’s footer. You should repeat this process with each browser you use to visit the Website. Google also allows you to install a Google Analytics Opt-out Browser Add-on in some kinds of browsers.

To learn more about interest-based advertising generally, or to use a different method to opt out of targeted, interest-based ads by some of our current ad service partners, visit aboutads.info/choices or youronlinechoices.eu from each browser you use.

In addition, you may be able to set your web browser to refuse certain types of cookies, or to alert you when certain types of cookies are being sent. Some browsers offer similar settings for HTML5 local storage, and Flash storage can be managed as described here. However, if you block or otherwise reject our cookies, local storage, JavaScript, or other technologies, certain websites (including some of our own Website) may not function properly.

If you replace, change, or upgrade your browser, or delete your cookies, or use a browser that automatically clears cookies, you may need to use these opt-out tools again.

Please visit your mobile device manufacturer’s website (or the website for its operating system) for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation. Please note, however, that we do not respond to browser-based “Do-Not-Track” signals at this time.

Depending on which laws apply to particular situations, individuals in the European Economic Area, the UK, and some other jurisdictions have certain additional legal rights to do the following with personal information we handle:

obtain confirmation of whether we hold personal information about them, and receive information about how it is used and disclosed;
obtain a copy of the personal information, and in some cases, receive it in a structured, commonly used and machine-readable format, or have it transmitted to a third party in such form;
update, correct, or delete the information;
object to the use or disclosure of the information;
withdraw consent previously provided for the handling of the information (without affecting the lawfulness of prior use and disclosure of the information); and
obtain a restriction on the use of the information.

For example, individuals whose personal information is subject to the GDPR have a right to opt out of our handling of their personal information for direct marketing purposes, as do individuals in Canada and many other jurisdictions.

Many of the rights described above are subject to limitations or exceptions under applicable law.

For information about Californians’ privacy rights under California law, including how to exercise those rights, please see Section 13 below. If you wish to exercise any other privacy or data protection rights, please contact us as described at the end of this Privacy Policy. Your request should include your name, company name, email address, and physical address. NinjaOne will endeavor to address all requests as quickly as possible, but in no more than 30 days.

You also have a right to file a complaint about our privacy practices with the relevant supervisory authority, but we respectfully invite you to contact us first, as we would like to do our best to resolve any concern you may have. Complaints should be emailed to privacyteam@ninjarmm.com. Our privacy and/or legal team(s) will review the complaint, communicate about it with the business team and/or complaining party as appropriate, and attempt to reach a resolution. If you are not satisfied with our response, you may take your complaint to the relevant privacy regulator.

Protection of Information

We use various physical, technical, and administrative safeguards to help protect the personal information submitted to us. Unfortunately, no technology is completely secure. Any transmission of personal information is at your own risk, and we are not responsible for circumvention of any privacy settings or security measures contained on the Website.

The safety and security of your personal information also depends on you. We urge you to be careful about giving out information in public areas of the Website like message boards, as the information you disclose in public areas may be viewed by any user of the Website.

Retention of Information

NinjaOne will retain your personal information until we determine it no longer is needed to fulfill the purposes outlined in this Privacy Policy, unless the law requires us to keep it for a longer period of time. To provide security and business continuity for the activities described in this Privacy Policy, we make backups of certain data, which we may retain for longer than the original data.

Updates and Changes to This Policy

NinjaOne may update this Privacy Policy from time to time, such as to reflect changes in our practices or for legal reasons. We will post those changes here or on a similarly accessible page.

Contact Information

If you have questions, concerns, or suggestions you can contact us, by sending an email to privacyteam@ninjarmm.com, or at:

NinjaOne, LLC
3687 Tampa Road, Suite 200
Oldsmar, FL 34677

NinjaOne GmbH
Alexanderstraße 1
10178 Berlin

Lead Data Protection Authority

NinjaOne’s lead data protection authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Behördlicher Datenschutzbeauftragter
Friedrichstr. 219, 10969 Berlin
+49 30 13889-406
behDSB@datenschutz-berlin.de

You may lodge any complaints about NinjaOne’s data processing under the GDPR with this Lead Data Protection Authority, but we respectfully invite you to contact us first, as we would like to do our best to resolve any concern you may have.

Data Protection Officer

You can contact the NinjaOne Data Protection Officer by emailing: privacyteam@ninjarmm.com.

Additional Detail for California Residents

This Section 13 applies only to “personal information” about California residents, as that term is defined in the California Consumer Privacy Act (“CCPA”), and it supplements (and, in some cases, repeats) the information in the rest of our Privacy Policy above. Data about individuals who are not residents of California is handled differently and is not subject to the same rights described in this Section. This Section does not apply to data that NinjaOne handles in its capacity as a processor for its customers, even when such data is about a resident of California, or to other data or activities that are not subject to the relevant provisions of the CCPA.

A. Collection, Retention, and Use of California Personal Information

During the 12 months leading up to the effective date of this Privacy Policy, NinjaOne collected the categories of personal information described below. We intend to retain this information for as long as we feel it is necessary for the purposes described further below, or for any longer period required by law. Because we may collect and use the same category of personal information for different purposes and in different contexts, there is no general fixed retention period that always will apply to a particular category of personal information. Examples of how long we normally intend to retain personal information in certain situations are set forth below.

Category of personal information	Examples of how long we normally plan to keep this information
Identifiers (such as name, username, physical address, email address, and other contact information)	We may retain identifiers associated with points of contact within existing customers for the duration of the customer’s contract with NinjaOne, and for 2 years after that for related administration and sales purposes. We may retain identifiers associated with non-customer persons until 1 year after they unsubscribe from emails, or 1 year after the person’s last interaction with NinjaOne (whichever is greater) for analytics purposes.
Commercial information (such as information provided to us in your communications, transaction data, and information about interactions with NinjaOne or our partners);	We may retain information on a person’s interest in our products for up to 1 year after the person’s last interaction with NinjaOne, or 2 years after the end of their organization’s contract with NinjaOne.
Financial data (such as payment information)	We may retain financial data for 7 years in support of financial statements/filings and key financial or business process controls.
Internet or other network or device activity (such as IP addresses, device identifiers, cookie data, device attributes, device usage information, browsing information, metadata, and other information)	We retain the internet and other network device activity information of our existing customers for the duration of the customer’s contract with NinjaOne, and for 2 years after that for account authentication, fraud detection, and other cybersecurity purposes.
Professional or employment-related data (such as company name)	We typically retain professional or employment data of our customers’ and prospective customers’ personnel for 1 year after the person’s last interaction with NinjaOne, or 2 years after the end of a customer’s contract with NinjaOne.
Inferences drawn from any of the above	We often retain inferences for the same period of time for which we retain the underlying data.

NinjaOne uses personal information for the following purposes:

Administer your account, including to process your registration and verify your information;
Provide, manage, and improve our services;
Conduct business operations in support of our services, such as auditing, security, fraud prevention, invoicing and accounting, sales and marketing, analytics, and research and development;
Send messages that are related to services we provide (g., welcome messages, confirmation notices, and the like), your activity on the Website, or updates and changes to the Website or services, consistent with any applicable communications options we offer;
Contact you regarding NinjaOne and third-party products, services, surveys, research studies, promotions, special events, and other subjects that we think may be of interest to you, consistent with any applicable communications options we offer;
Send you other marketing and promotional communications, consistent with any applicable communications options we offer;
Customize content, preferences, and advertising on the services, across the Internet and elsewhere;
Create aggregated, de-identified, or anonymized information;
Comply with laws, regulations, and other legal process and procedures; and
Establish, exercise, or defend our legal rights.

“Sale,” “Sharing,” and Related Opt-out

As described further below, some of our disclosures of personal information qualify under the CCPA as what it defines as a “sale” or “sharing” of personal information. During the 12 months leading up to the effective date of this Privacy Policy, we “sold” and “shared” (as those terms are defined under the CCPA), what the CCPA calls “identifiers” (like IP addresses and email addresses), “internet or other electronic network activity information” (like information regarding an individual’s browsing interactions on a website), and “commercial information” (like the fact that a browser visited a page directed to people who are considering purchasing from us) to third parties that assist us, such as marketing providers and analytics providers. This practice continues today. To our knowledge, we do not “sell” or “share” (as those terms are defined under the CCPA) the personal information of individuals under 16 years of age.

You can exercise your right to opt out of those disclosures by following the instructions on our “Your Privacy Choices” form.

Your browser may also offer a way to activate the Global Privacy Control signal (“GPC”). The Website treats qualifying browsers for which the user has activated the GPC signal as having opted out of what CCPA calls a “sale” or “sharing” of any California personal information that is collected on that site from that browser using cookies and similar technology. You can override that treatment for a GPC-enabled browser by using the cookie controls available via the Cookie Preferences link in the Website’s footer to opt into particular categories of cookies from that browser. In that case, “sales” and “sharing” via cookies and similar technology in those categories may resume on that browser.

Opting out of “sales” and “sharing” limits only some types of disclosures of personal information, and there are exceptions to all of the rights described in this Section.

Other Disclosures of Personal Information

The following chart indicates the categories of personal information that we collected from Californians and the categories of third parties to whom we disclosed this data during the 12 months leading up to the effective date of this Privacy Policy.

Category of personal information	Categories of entities to whom we disclosed it
Identifiers (such as name, username, physical address, email address, and other contact information)	· Our affiliates. · Our customers. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors. · Joint marketing partners, including organizations with whom NinjaOne partners to hold events and contests. · Entities involved in dispute resolution (such as an arbitrator or an opposing party). · Entities involved in potential or actual significant corporate transactions or events involving NinjaOne or its affiliates. · Governmental entities.
Commercial information (such information provided to us in your communications, transaction data, information about interactions with NinjaOne or our partners);	Same as first row in this chart.
Financial data (such as payment information)	Affiliates and third parties that assist us, such as payment processors.
Internet or other network or device activity (such as IP addresses, device identifiers, cookie data, device attributes, device usage information, browsing information, metadata, and other information)	· Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors.
Professional or employment-related data (such as company name)	· Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors.
Other information that identifies or can be reasonably associated with an individual	· Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors.
Inferences drawn from any of the above	· Our affiliates. · Third parties that assist us, such as our providers of technical services (e.g., providers of data storage, web hosting, security), marketing providers, analytics providers, payment processors, and other subcontractors.

We do not use or disclose “sensitive personal information” covered by this Privacy Policy and as defined in the CCPA in a manner that requires us to offer a special right to limit our use of this data under the CCPA due to its sensitive nature.

b. CCPA Right to Access, Correct, or Delete Personal Information

If you are a California resident, California law also may permit you to request that we:

Provide access to and/or a copy of certain information we have about you;
Delete certain information we have about you;
Correct certain personal information we have about you; or
Provide you the categories of personal information we have collected or disclosed about you in the last 12 months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; the categories of third parties with whom we shared personal information; and more specific detail about what categories of information were “sold,” “shared,” or disclosed to particular categories of third parties, similar to the detail above this Section of the Privacy Policy.

Certain information is exempt from such requests under California law. For example, we need certain information to provide our services to you, so we may reject a deletion request for that information while providing services to you.

To request to exercise any of these rights and receive the fastest response, please email us as described at the end of this Privacy Policy. We will take steps to verify your identity to our satisfaction before responding to your request, which may include, depending on the type of request you are making, the sensitivity of any data you are requesting, and the nature of your relationship with us: verifying your name, asking you to click on a link that we send to your email address, requesting that you login to an account you maintain with us, or requesting that you provide us with information about our relationship that only you are likely to have.

c. Requests Made by Agents

For security and legal reasons, we do not accept personal information requests that require us to use a third-party service (such as one operated by an agent) to view or respond to the requests. If you are an agent making a request on behalf of a consumer, we reserve the right to take steps to verify that you are authorized to make that request, which may include requiring you to provide us with written proof such as a notarized authentication letter or a power of attorney. We also may require the consumer to verify their identity directly with us. Because opt-out requests for sales made through cookies and related technology must be performed from each browser that is used to access our Services, it is easiest for the consumer to perform such opt-outs themselves. However, if a consumer wishes for an agent to perform browser-based requests on their behalf, the consumer may arrange for the agent to use the consumer’s browser to make such requests. We are not responsible for the security risks of this or any other arrangements that a consumer may have with an agent. For clarity, this is not permission for any user to share their login credentials with an agent or any third party. Such sharing is prohibited and is not required for an agent to make requests under this Privacy Policy.

d. Nondiscrimination

You also have a right not to receive “discriminatory treatment” (within the meaning of the CCPA) for the exercise of the privacy rights conferred by the CCPA.