U.S. State Privacy Notice
U.S. State Privacy Notice
(Updated on April 22, 2024)
This U.S. State Privacy Notice (“Notice”) describes how SentinelOne, Inc. and its wholly owned subsidiaries and affiliates (collectively, “SentinelOne”, “we”, or “us”) collect, use, disclose and otherwise process your personal information in connection with the management of our business and out relationships with customers, visitors and event attendees as a resident of the United States. Specifically, the California Consumer Privacy Act of 2018 (“CCPA”), which became effective on January 1, 2020, and was subsequently amended effective January 1, 2023 by the California Privacy Rights Act (“CRPA”), created a variety of privacy rights for California consumers. Additional states have passed laws extending similar privacy rights to their consumers, including Virginia (effective January 1, 2023), Colorado (effective July 1, 2023), Connecticut (July 1, 2023), and Utah (December 31, 2023). This Notice provides the disclosures required by state data protection laws as of the date of this Notice. Please note that the rules implementing some of these laws have not yet been finalized, and other laws are currently pending passage. We are continuously working to better comply with these laws, and we will update our process, disclosures, and this notice as these implementing rules are finalized and additional laws are enacted.
Categories of Personal Information Collected
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). The personal information that we may collect, or may have collected from you in the preceding twelve months, fall into the following categories established by the CPRA, depending on how you engage with SentinelOne:
- Identifiers, such as your name, alias, address, phone number, or IP address;
- personal information as described in the California Customer Records statute, such as name, address, or email address;
- commercial information, such as transaction data;
- internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details;
- geolocation data, such as generalized location derived from an IP address;
- audio, visual, electronic or other similar information, including when you communicate with us by phone or otherwise;
- professional or employment-related information, for example data you may provide about your business; and
- inference data, such as information about your preferences.
Within these categories of personal information, we may also collect the following categories of sensitive personal information as defined under applicable U.S. state data privacy laws: account log-in, financial account, debit or credit card number, and the means to access the account (security or access code, password, credentials, etc.) We collect this information from you automatically through your interaction with SentinelOne, or from third parties. For more information about the personal information we collect, please refer to our Privacy Notice. We collect this information for the business and commercial purposes described in our Privacy Notice in the “How we Use Personal Information” section.
Categories of Personal Information Disclosed for a Business Purpose
The personal information that we may have disclosed about you for a business purpose in the preceding twelve months fall into the following categories established by the CPRA, depending upon how you engage with SentinelOne:
- Identifiers, such as your name, alias, address, phone number, or IP address;
- personal information as described in the California Customer Records statute, such as name, address, or email address;
- commercial information, such as transaction data;
- internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details;
- geolocation data, such as generalized location derived from an IP address;
- audio, visual, electronic or other similar information, including when you communicate with us by phone or otherwise;
- professional or employment-related information, for example data you may provide about your business; and
- inference data, such as information about your preferences.
For additional information about the personal information we may disclose for a business purpose, please see the “How We Share Personal Information” section of our Privacy Notice.
Sales and Sharing of Personal Information
We do not sell your personal information. We may “share” personal information with third parties for the specific business purposes set forth in our Privacy Notice. SentinelOne does not sell or share the personal information of consumers who are under 16 years of age.
Retention Period Criteria
We retain the personal information described above for as long as you engage with SentinelOne, as may be required by law (for example, to comply with applicable legal tax or accounting requirements), as necessary for other legitimate business or commercial purposes described in our Privacy Notice (for example, to resolve disputes or enforce our agreements), or as otherwise communicated to you.
De-Identified Data
We may use de-identified data in some instances. SentinelOne either maintains such data without attempting to re-identify it or treats such data as personal information subject to applicable law.
Profiling
We do not engage in profiling in furtherance of automated decisions that produce legal or similarly significant effects, as those terms are defined under the Colorado Privacy Act.
Your Rights and Choices
Access to Specific Information and Data Portability Rights
You have the right to request that We disclose certain information to you about Our collection and use of your personal information over the past 12 months. Once We receive and confirm your verifiable consumer request, We will disclose to you:
- The categories of personal information We collected about you;
- the categories of sources for the personal information We collected about you;
- our business or commercial purpose for collecting that personal information;
- the categories of third parties with whom We share that personal information;
- the specific pieces of personal information We collected about you; and
- if we disclosed your personal information for a Business Purpose, the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request we will delete (and direct our service providers to delete) your personal information from our records, unless an exception under CCPA applies.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable Consumer request to the Contact Information listed below.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination
We will not discriminate against you in any form for exercising any of your CCPA rights.
“Do Not Track” Disclosure
Certain U.S. state privacy laws require us to indicate whether we honor your browser’s “Do Not Track” settings concerning targeted advertising. We adhere to the standards set out in this Notice and do not monitor or respond to Do Not Track browser requests.
Contact Information
If you have any questions or comments about this Notice, the ways in which we collect or use your personal information described here, your choices and rights regarding such use, or wish to exercise your rights, please contact us at:
Email: [email protected]
Phone: +1-855-868-3733 Extension 3591
Website: https://www.sentinelone.com/
Postal Address:
Attn: Privacy Office
444 Castro St., Suite 400,
Mountain View, CA 94041, United States