Wombat Security Privacy Policy


Wombat Security Privacy Policy


Wombat Security Technologies, Inc. is committed to the privacy and security of your personal information. The following privacy policy describes the information we collect and how we use it. By using this website you consent to our privacy policy. Like many websites, we gather information about how visitors use our website. In general, you can visit many of our web pages without telling us who you are or revealing any personal information about yourself. We may track your visit for trends and statistics. Once you choose to give us your personal information, you are identifiable to us.

Wombat Security Technologies, Inc. (“Wombat Security”, “we,” “us” or “our”) is committed to the privacy and security of your personal information. The following privacy policy describes the information we collect, share, secure and how we use it. It also describes your choices regarding use, access and correction of your personal information. By using either www.wombatsecurity.com (the “Website”) or www.community.securityeducation.com, Wombat Security’s Wisdom Community portal available only to customers via special access (the “Community Portal”), you consent to this Privacy Policy which shall be applicable to both the Website and the Community Portal (referred to collectively as the “Sites”). Like many sites, we gather information about how visitors use the Sites. In general, you can visit many of our web pages on the Sites without telling us who you are or revealing any personal information about yourself. The use of information collected through our service shall be limited to the purpose of providing the service for which the customer has engaged Wombat Security.

Wombat Security participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-US Privacy Shield Framework. Wombat Security is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/list

Wombat Security is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Wombat Security complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Wombat Security Technologies, Inc is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Wombat Security may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Information Collected by Us on the Sites


The Website includes forms you can fill out to request information, download or view content, or try our products. These forms request information such as your name, contact information, and information about your employer. We will use this information to provide the information requested and to send you information about our products and services. Please contact us at info@wombatsecurity.com if you no longer wish to receive information from us.


The Community Portal includes forms you can fill out to start discussions with the Wombat Security community of users (the “Community”), post content, create a support ticket, and generally communicate and engage with other Wombat Security customers and Wombat Security employees both an open-forum style conversation and private messages. All content posted by Community members must adhere the Terms of Use and Community Guidelines which can be accessed at: https://www.wombatsecurity.com/terms-of-use These forms include information provided by you. We will use this information to provide the information requested and to send you information about our products and services.

All information posted to a discussion in the Community are viewable to all Wombat Security customers and employees. If there is sensitive information you do not want shared with all Wombat Security customers, please create a support ticket by emailing support@wombatsecurity.com to ensure privacy of your information. Information posted to a group is viewable by members of that group if it is a “Private Group”, and by all Wombat Security customers if it is a public group. Group members can change at anytime depending on the administrator of the group.

Wombat Security protects the identity of its customers by only allowing customers to view contact information of other administrators and persons involved in the procurement of the software at their company’s account in Wombat’s Salesforce CRM. This information does NOT include information about or grant access to end users or employees of a Wombat Security customer that are uploaded into the Security Education Platform for assessment and educational purposes.

Nicknames, which are viewable to all Wombat Security customers and part of your Community profile, have been randomized by default to protect the identity of Wombat Security’s customers and are the only piece of information viewable about yourself in the Community. Your company name is not shared with the Community. All other personally information such as email address, names, and phone numbers can optionally be provided to other Wombat Security customers by going to “My Settings” in the Community. When this information’s Profile Visibility is set by you to either “Members” or “Public”, IT IS VIEWABLE TO ALL WOMBAT SECURITY CUSTOMERS.

Cookies and Tracking Technologies

Wombat Security and its partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. You have the choice of accepting or declining the use of cookies through your web browser. For more information on controlling cookie settings in your browser, please refer to the following links:

Please note that if you wish to turn off the cookies in your web browser, you might not be able to take advantage of many features of our service.

As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.

We partner with a third party to [display advertising on our website or to manage our advertising on other sites]. Our third party partner may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising click here [or if located in the European Union click here]. Please note you will continue to receive generic ads.

Website and Community Portal Tracking Metrics

We use javascript/cookie-based tracking using Google Analytics/Adwords, Hubspot, Salesforce, Vidyard, and other third party services to generate statistics about visitor activity on our website and our community portal. This allows us to better understand the ways in which people are using our sites.

As noted below, we are not responsible for the privacy practices of any other websites.

Use of Personal Information

We use the information you provide us to perform the services for which such data was collected. For example, if you sign up for an email newsletter, we will send the email newsletter to the address you provide us. Wombat Security may use your personal information for a number of purposes including but not limited to the following:

  • For "service administration purposes", which means that Wombat Security may contact you for reasons related to the service you have signed up for (e.g. to provide you with password reminders or to notify you that a particular service has been suspended for maintenance).
  • To contact you about a submission, discussion, support ticket, or other content you have posted to our Website or Community Portal, including any content you provide.
  • To issue invoices, administer accounts, collect and process payments.
  • To send you e-mails, e-newsletters, personalized offers via direct messaging or other communications about our products and services.
  • To send you information about our and our affiliates' and business partners' products and services and other information and materials that may be of interest to you.
  • To manage and administer sweepstakes, contests, or similar promotions.
  • To identify the number of visits (including via IP address logging) from different locations and also to block disruptive use.
  • To analyze and improve the services offered by Wombat Security Technologies.
  • To stop disruptive or abusive behavior by our users (e.g. the posting or transmission of offensive, inappropriate or objectionable content on or to Wombat Security Technologies).
  • • On rare occasions, to disclose specific information upon governmental request, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, a court order, when required by law, to enforce our website policies, or to protect our or others' rights, property, or safety. We may also share information with companies assisting in fraud protection or investigation. We do not provide information to these agencies or companies for their marketing or commercial purposes.

In the event Wombat Security Technologies goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personally identifiable information will likely be among the assets transferred. You will be notified via email of any such change in ownership or control of your personal information.


We may post customer testimonials/comments/reviews on our website which may contain personally identifiable information. We obtain the customer's consent via email to post their name prior to posting the testimonial. If you want your testimonial removed please contact us at info@wombatsecurity.com.

Sharing with Third Parties

Information about our customers is an important part of our business, and we use it responsibly. We do not share, sell, rent or otherwise disclose personal information collected by our forms such as email addresses, company information, or names to third parties for their promotional purposes. Information sent to third parties may include browsing data used for third party promotional or tracking purposes.

We do employ or partner with other companies and individuals to perform functions on our behalf. Examples include processing credit card payments, shipping, web analytics, surveys and providing marketing assistance to us. These agents/service providers have access to personal information needed to perform their functions, but may not use it for other purposes. We also release personal information when we believe release is appropriate to comply with law or protect the rights, property, or safety of Wombat Security Technologies, its users, or others.

Links to Other Sites

This website contains links to other sites that are not owned or controlled by Wombat Security Technologies. Please be aware that we, Wombat Security Technologies, are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our website and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies only to information collected by these sites.

Choice, Access, and Correction of Information

As discussed above, you can always choose not to provide certain information, however such information may be required to take advantage of our service features and functions.

Our Sites also generally provide you with the opportunity to choose not to receive communications from us and our partners. You have the following options for changing and modifying certain information previously provided or removing certain information from our database.

Email Communication: To unsubscribe from an email, please follow the instructions in the email you receive or send an email to info@wombatsecurity.com.

Upon request, Wombat Security will provide you with information about whether we hold any of your personal information. If you wish to access, correct or cancel your account or request that we no longer use your information to provide you services contact us at support@wombatsecurity.com. We will respond to your request within a reasonable timeframe.

We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements.

Please note, if you have unsubscribed from any Wombat Security Technologies communications, due to production schedules, you may receive communications already in production.


The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at support@wombatsecurity.com.

Security Education Platform PII

Our Security Education Platform uses the following Personally Identifiable Information (“PII”) residing in our production environment:

  • Customer email addresses (optional)
  • Customer first and last name (optional)
  • Mobile phone number (optional)
  • Other information supplied by customer (optional)

Wombat Security minimizes the use, collection, and retention of PII to what is strictly necessary to accomplish our business purpose and mission. Customer email addresses are collected to administer training assignments and to conduct assessments within the customer’s employee base. The email addresses are uploaded by the customer acting as administrator of the training and assessments.

For our Managed Services offerings, customers provide the data to Wombat Security via encrypted emails with Wombat certificates. Alternatively and upon request, Wombat Security creates a sftp server for customers to upload files.

Wombat Security limits access to PII to customers with administrative roles in managing their training and assessments activities. These administrators have independent access to their employee’s email addresses.

Wombat Security collects information under the direction of its customers, and has no direct relationship with the individuals whose personal data it processes. If you are an employee or contractor of one of our customers and would no longer like to be contacted by one of our customers that use our service, please contact the customer that you are employed by directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our customers.

Wombat Security acknowledges that you have the right to access your personal information. Wombat Security has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his/her query to Wombat Security’s customer (the data controller). If requested to remove data by its customer, we will respond within a reasonable timeframe.

We will retain personal data we process on behalf of our customers for as long as needed to provide services to our customers. Wombat Security will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Commitment to Children's Privacy

To protect children's personal information and to meet the standards of the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect any personal information from children under the age of 13. The website and service is a general audience service for users 18 and older and is not geared toward children. If you are under the age of 18, you should not use this service or website and should not submit any personal information to us.

Your California Privacy Rights

Under California’s "Shine the Light" law, California residents who provide personal information in obtaining products or services for personal, family or household use are entitled to request and obtain from us, once per calendar year, information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g. requests made in 2014 will receive information regarding 2013 sharing activities). To obtain this information from us, please send an email message to info@wombatsecurity.com with "Request for California Privacy Information" on the subject line and in the body of your message. We will provide the requested information to you at your e-mail address in response. Not all information sharing is covered by the "Shine the Light" requirements and only information on covered sharing (if any) will be included in our response.

Our website does not respond to “do not track” requests.

Changes to the Privacy Policy

Wombat Security reserves the right to update, modify or otherwise alter this privacy policy at any time, and at its sole discretion, and will generally provide prominent notice to users through posting an updated privacy policy on the site. Please review this website to be informed of any material changes to the privacy policy. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective.

The 'Last Updated' date at the bottom of this page will be updated after changes occur to this privacy policy.

Last updated: May 09, 2017

Wombat Security Technologies, Inc.
3030 Penn Avenue
Suite 200
Pittsburgh, PA 15201
United States of America

Phone: 412-621-1484
Fax: 412-621-1489

2018 State of the Phish Report  Protect your organization from phishing attacks. Download Now
2018 Beyond the Phish Report  Protect your organization from threats including and beyond phishing. Download Now