Effective May 25, 2018 (view archived version)

This cookie statement (“Statement”) explains how we use cookies when you access or use our public websites, including www.zerofox.com (collectively, “Sites”) or when you use our cloud-hosted social media and digital protection products and services, including those at cloud.zerofox.com and protect.zerofox.com (collectively, “Services”).

1. Who “we” are

When we say “ZeroFOX,” “we,” “us” or “our” in this Policy, we are referring to ZeroFOX, Inc., a Delaware (US) corporation, however this Policy also applies to our affiliated companies, including ZeroFOX UK Ltd.

2. Who “you” are

When we say “you,” we are referring either to a customer or to a visitor to our Sites.  A “customer” is an entity or organization that has acquired a subscription to ZeroFOX for Business Services (“business customer”), or an individual that has acquired a subscription to ZeroFOX for Everyone Services.

3. What’s a “cookie”?

A cookie is a small data file that is placed on your computer or other device when you visit a website.  Cookies are widely used by online service providers to make their websites or hosted services work, or to work more efficiently, as well as to provide reporting information.  A cookie set by the website owner or service provider is referred to as a first-party cookie; a cookie set by someone else is referred to as a third-party cookie.  Third-party cookies enable third-party features or functionality to be provided on or through the website or service you are using, such as advertising, interactive content and analytics.  The third parties that set these third-party cookies can recognize your device both when it visits the website or service in question and also when it visits certain other websites or services.

4. Scope of Statement

This Statement is (and will be treated as) part of our Privacy Policy.  Our Privacy Policy includes additional discussion of cookies and other tracking technologies, as well as information on how to disable cookies and how to opt out of behavioral advertising.

5. Updates to Statement

We will update this Statement from time to time in order to reflect, for example, changes to the cookies we use or for other operational, legal or regulatory reason.

6. Contacting us

Please contact us with any questions or comments about this Statement, including questions around how we process your personal information.  You can reach us by email at privacy@zerofox.com or by postal mail at ZeroFOX, Inc., Attn: Privacy, 1834 S Charles St, Baltimore, MD 21230 USA.

7. Types of cookies we use

We use both first- and third-party cookies, and have classified them into the following five categories:

  • Strictly necessary cookies, which are necessary for our Sites and Services to function and cannot be switched off in our systems.  You can set your browser to block these cookies, but some parts of the Sites and Services will not work.
  • Performance cookies, which allow us to count visits and traffic sources so we can measure and improve the performance of our Sites and Services. They help us to know which pages are the most and least popular and see how visitors move around.  Information collected by these cookies is aggregated.
  • Functional cookies, which enable the Sites and Services to provide enhanced functionality and personalization.  They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
  • Targeting cookies, these cookies may be set through the Sites by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant promotions on other websites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device.  If you do not allow these cookies, you will experience less targeted advertising.
  • Social media cookies, which are set by a range of social media services that we add to the Sites to enable you to share our content with your friends and networks. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

8. Cookies served through our Sites

The following cookies are served through Sites as of the date of this Statement:

Provider Cookie Category Description
ZerofOX zerofox_dummies
zerofox_talk_nerdy
Functional cookies This cookie is used to indicate if the user has seen a popup modal for content from the site yet or it still needs to be displayed
pll_language This indicates if the user has accepted allowing cookies to be stored on their machine. Absence indicates the lack of acceptance.
Google Analytics _ga Targeting cookies This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.
_gat
_gat_UA-45740019-1
According to documentation it is used to throttle the request rate - limiting the collection of data on high traffic sites.
_gid It is used to store and update a unique value for each page visited.
Google 1P_JAR Targeting cookies Google cookie. These cookies are used to collect website statistics and track conversion rates.
OGPC For information please refer to Google cookie privacy
AID
APISID
HSID
NID
SAPISID
SID
SIDCC
SSID
Google set a number of cookies on any page that includes a Google Map. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google Maps users.
Doubleclick id
IDE
test_cookie
Targeting cookies This domain is owned by Doubleclick (Google). Doubleclick is Googles real time bidding advertising exchange
Google Maps APISID
SSID
NID
PREF
SID
SAPISID
HSID
Functional cookies Google set a number of cookies on any page that includes a Google Map. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google Maps users.
1P_JAR Google cookie. These cookies are used to collect website statistics and track conversion rates.
OGPC For information please refer to Google cookie privacy
Facebook fr Targeting cookies We use the Facebook Like button to integrate our website with our page on Facebook.com
act
dpr
presence
Allow you to control the "Follow us on Facebook" and "Like" buttons
pl Persistent cookie of Facebook
sb
wd
Allow you to control the "Follow us on Facebook" and "Like" buttons, collect the language settings and allow you to share the page
xs These cookies are set by Facebook. We use this service to show you have “liked” our website on the Facebook social network. Facebook can use this information to serve our ads on their platform 
c_user It provides information to Facebook to associate functionality of Social Plugin. Send information to Facebook regardless if you are a member or you have logged on the social network. For more information read the paragraph "Facebook (Social Plugin)" about Cookies Third Party.
datr This domain is owned by Facebook, which is the world's largest social networking service. As a third party host provider, it mostly collects data on the interests of users via widgets such as the 'Like' button found on many websites. This is used to serve targeted advertising to its users when logged into its services. In 2014 it also started serving up behaviourally targeted advertising on other websites, similar to most dedicated online marketing companies. This cookie identifies the browser connecting to Facebook. It is not directly tied to individual Facebook the user. Facebook reports that it is used to help with security and suspicious login activity, especially around detection of bots trying to access the service. Facebook also say the behavioural profile associated with each datr cookie is deleted after 10 days. This cookie is also read via Like and other Facebook buttons and tags placed on many different websites.
Linkedin lang Targeting cookies This domain is owned by LinkedIn, the business networking platform. This sub-domain is connected with LinkedIn's marketing services that enable website owners to gain insight into types of users on their site based on LinkedIn profile data, to improve targetng.
liap Cookie used for Sign-in with LinkedIn and/or for LinkedIn follow feature
lidc
bscookie
bcookie
Used by the social networking service, LinkedIn, for tracking the use of embedded services.
_lipt
sdsc
These cookies are set by LinkedIn on the careers pages and are used for the 'Apply with LinkedIn' function.
visit This domain is owned by LinkedIn, the business networking platform. It typically acts as a third party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile, or agreed to their terms and conditions.
BizoID
UserMatchHistory
This domain is owned by LinkedIn, the business networking platform. This sub-domain is connected with LinkedIn's marketing services that enable website owners to gain insight into types of users on their site based on LinkedIn profile data, to improve targetng.
Ads.linkedin BizoID
BizoUserMatchHistory
Targeting cookies This domain is owned by LinkedIn, the business networking platform. This sub-domain is connected with LinkedIn's marketing services that enable website owners to gain insight into types of users on their site based on LinkedIn profile data, to improve targetng.
Bizable _BUID Targeting cookies A cokie used by Bizable in order to provide analytics data for targeting information
_biz_flagsA A single cookie that stores multiple information, such as whether or not the user has submitted a form, performed a crossdomain migration, sent a viewthrough pixel, opted out from tracking, etc.
_biz_nA Sequence number that bizible includes for all requests, for internal diagnostics purpose
_biz_pendingA Temporarily stores analytics data that has not been successfully sent to bizible server yet.
_biz_sid Session id of the user.
_biz_uid ​User id on the current domain.
HotJar _hjIncludedInSample Targeting cookies Determines if the user's navigation should be registered in a certain statistical place holder
_hjDonePolls This cookie is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not re-appear if it has already been filled in.
Cloudflare __cfduid Performance cookies Cookie assoiated with sites using CloudFlare, used to speed up page load times. According to CloudFlare it is used to override any security restrictions based on the IP address the visitor is coming from. It does not contain any user identification information.
Marketo _mkto_trk Targeting cookies This cookie is associated with an email marketing service provided by Marketo. This tracking cookie allows a website to link visitor behaviour to the recipient of an email marketing campaign, to measure campaign effectiveness. 
BIGipServersj09web-app_https The purpose of this cookie is to load Marketo forms on our Sites
Woo Commerce woocommerce_recently_viewed Functional cookies Woo Commerce is an e-commerce platform that uses this cookie to keep track of cart data, and the associated buying experience.
Youtube APISID
HSID
Targeting cookies Google set a number of cookies on any page that includes a Google Map. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google Maps users.
PREF Registers a unique ID which is used by Google to generate statistics about how the user interacts with YouTube videos across different websites
LOGIN_INFO
SAPISID
SID
SSID
These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.
VISITOR_INFO1_LIVE Tries to estimate the users' bandwidth on pages with integrated YouTube videos.
YSC This cookie is used when watching embedded Youtube videos on the website.
adsrvr.org TDCPM
TDID
Targeting cookies Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.
stackadapt.com sa-user-id
sa-user-id-v2
Targeting cookies Tbe purpose of this cookie is to be used by Stackadapt which is designed as an auidience intelligence tool
casalemedia.com CMID
CMPRO
CMPS
CMRUM3
CMSC
CMST
CMDD
Targeting cookies Collects anonymous data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.
rubiconproject.com put_2249
put_2307
rpb
rpx
khaos
c
Targeting cookies Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same ad network.
adbrn.com tuuid Targeting cookies This cookie enables Adbrain to attribute impressions, clicks and conversions from Adbrain campaigns
adnxs.com uuid2 Targeting cookies This cookie contains a unique randomly generated value that enables the platform to distinguish browsers and devices. It is matched against information – such as advertising interest segments and histories of ads shown in the browser or device – provided by clients or other third parties and stored on the Platform. 
anj The anj cookie contains data denoting whether a cookie ID is synced with our partners.
demdex.net demdex Targeting cookies This is a legacy domain controlled by Adobe. It reflects Audience Manager's original, pre-acquisition name
dpm DPM is an abbreviation for Data Provider Match. It tells internal, Adobe systems that a call from Audience Manager or the ID service is passing in customer data for synchronization or requesting an ID. 

9. Cookies served through our Services

The following cookies are served through the Services as of the date of this Statement:

Provider Cookie Category Description
ZeroFOX eupAuthToken Strictly necessary cookies This cookie is used for session tracking while the user is logged in to individually identify the user.
eupRegistrationToken Used during the registration process for cookie
eupLang This indicates if the user has accepted allowing cookies to be stored on their machine. Absence indicates the lack of acceptance.
declined_accounts Used to indicate that the user has not yet setup accounts to be protected. This option should be represented at the expiration of this cookie.
csrfSalt This cookie is used to prevent cross site request forgery attacks.
user_sess This cookie is used for session tracking while the user is logged in to individually identify the user.
acceptedCookies This indicates if the user has accepted allowing cookies to be stored on their machine. Absence indicates the lack of acceptance.
accepted_cookie This indicates if the user has accepted allowing cookies to be stored on their machine. Absence indicates the lack of acceptance.
csrftoken This cookie is used to prevent cross site request forgery attacks.
prodapisession This cookie is used for session tracking while the user is logged in to individually identify the user.
zfplatformsession This cookie is used for session tracking while the user is logged in to individually identify the user.
Google Analytics _ga Targeting cookies This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.
_gat According to documentation it is used to throttle the request rate - limiting the collection of data on high traffic sites.
_gid This cookie name is asssociated with Google Universal Analytics. It is used to store and update a unique value for each page visited.
Google Maps SAPISID Functional cookies Google set a number of cookies on any page that includes a Google Map. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google Maps users.
1P_JAR Google cookie. These cookies are used to collect website statistics and track conversion rates.
APISID
HSID
NID
OGPC
SID
SIDCC
Google set a number of cookies on any page that includes a Google Map. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google Maps users.
FullStory fs_uid Targeting cookies This cookie is used by FullStory for session tracking.
HotJar hjIncludedInSample Targeting cookies Determines if the user's navigation should be registered in a certain statistical place holder
hjShownFeedbackMessage Functional cookies This cookie is set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if they navigate to another page where it is set to show.
Zendesk _zendesk_authenticated
_zendesk_cookie
_zendesk_session
_zendesk_shared_session
_help_center_session
_gid
Strictly necessary cookies we use Zendesk for our customer service. This cookie records which questions and answers in our help center are viewed frequently. The information allows us to improve our products and services.
ajs_anonymous_id Targeting cookies Used to maintain an anonymised user session by the server
ajs_group_id Used to track users on our site and help us improve our website and market more effectively.