Security1000SECURITY1000

Privacy Policy

Last updated: April 2026

Security1000 is operated by Forage Data LLC, a Delaware limited liability company ("Forage Data," "we," "us," or "our"). This Privacy Policy explains what information we collect when you use security1000.com or purchase our dataset, what we do with it, and what rights you have. It also explains how we treat the public information we aggregate about cybersecurity companies and the people who work at them.

1. Who This Policy Covers

This Policy applies to four groups, and the specifics differ for each:

  • Site visitors. Anyone who browses security1000.com.
  • Customers. Anyone who purchases a dataset download.
  • Company subjects. The 8,000+ cybersecurity companies whose public profiles we aggregate and rank.
  • People who appear on company profiles. Founders, executives, key employees, and others whose public professional information surfaces in a company's profile — typically name, title, and links to public professional pages.

2. What We Collect

2.1 From Site Visitors

When you browse the site, we collect standard request metadata — pages viewed, time on site, browser type, operating system, approximate location derived from IP, and referring URL. This is typical web-analytics data; we use it to understand how people use the site and to catch performance problems.

2.2 From Customers

When you purchase a dataset download, we collect your email address and a Stripe payment-session identifier. Payment card details are handled directly by Stripe and never touch our servers. We keep a record of the purchase (email, amount, timestamp, session id) for accounting and fraud-prevention purposes.

2.3 About Companies

The bulk of what we publish is aggregated public information about cybersecurity companies: company name, website, description, founding year, headquarters location, employee count, funding history, public news mentions, and derived growth metrics. All of it comes from public records, public company pages, licensed third-party providers, and similar public sources.

2.4 About People Who Appear on Company Profiles

Some company profiles include a handful of the most publicly visible people at that company — typically founders, executives, and a small number of other key contributors — along with their public professional title and a link to their public professional profile. We don't publish home addresses, personal phone numbers, or contact details that weren't already public. If you're one of these people and you want your information removed, see Your Rights below.

2.5 Cookies and Similar Technologies

We use a small number of first-party cookies for session state and cookie-consent tracking. We also use Google Analytics (a third-party measurement tool) which sets its own cookies. Analytics can be disabled via our cookie banner or your browser settings without affecting site functionality.

3. How We Use This Information

We use the information we collect to:

  • Operate, maintain, and improve the site.
  • Compute and publish the rankings.
  • Fulfill dataset purchases and handle refunds.
  • Investigate abuse, fraud, or violations of our Terms, and protect the rights and safety of users and third parties.
  • Respond to legal requests when we're required to.

We don't sell personal information. We don't use your email or purchase history to serve you ads.

4. Who We Share It With

We share data only with service providers who help us run the site, and only to the extent needed:

  • Stripe — payment processing. Stripe's privacy practices are governed by their own policy.
  • Google Analytics — anonymized usage measurement.
  • Sentry — error-monitoring for the application. Sentry may capture technical context about the browser and session when an error occurs.
  • Hetzner — application and database hosting (European Union).
  • Cloudflare — content delivery, DDoS protection, and object storage for public static assets such as preview images (European Union).
  • Amazon Web Services — object storage for the purchased dataset file (United States).

We may also disclose information if required by law, subpoena, or other legal process, or if we reasonably believe disclosure is necessary to protect rights, property, or safety. In a corporate transaction (merger, acquisition, asset sale), user data may transfer to the new owner, subject to this Policy.

5. Your Rights

5.1 Customers and Site Visitors

Depending on where you live, you may have the right to access, correct, delete, or export the personal information we hold about you, and to object to or restrict certain processing. Residents of the European Economic Area and the United Kingdom have these rights under the GDPR. California residents have analogous rights under the CCPA/CPRA. To exercise any of these rights, contact us at the address below.

5.2 People Who Appear on Company Profiles

If your name, title, or a link to your public profile appears on one of our company pages and you want it removed, email us with the URL of the page and the specific information you want taken down. We typically process removal requests within a few business days. If we're required to keep a limited record (for example, to prevent republication during an active dispute), we'll explain why.

6. Retention

Analytics data is retained for a rolling analysis window (typically up to 26 months). Purchase records are retained for as long as we're legally required to keep them — generally 7 years for tax and accounting purposes. Company profiles are retained for as long as the ranking covers that company, subject to any removal request we honor under Section 5.

7. Security

We use industry-standard safeguards to protect the information we hold — encryption in transit, access controls, environment isolation, and the usual security hygiene around credentials and secrets. No system is perfectly secure, but we take the protection of customer payment data and of any directly-identifying information seriously. If we become aware of a breach affecting your personal information, we'll notify you as required by law.

8. International Transfers

Our application and database servers are located in the European Union (Hetzner). Public static assets such as preview images are served from Cloudflare's European Union object storage. The purchased dataset file is stored by Amazon Web Services in the United States. If you're using the Service from a region with different data-protection standards, your information may be transferred to and processed in any of these locations. We rely on standard contractual clauses or equivalent safeguards with our subprocessors for transfers subject to European data-protection law.

9. Children

The Service is not directed at children under 18. We don't knowingly collect information from children. If you believe a child has submitted information to us, contact us and we'll delete it.

10. Changes to This Policy

We may update this Policy over time. When we do, we'll change the "Last updated" date at the top of this page. If a change is material — for example, a new category of sharing — we'll call it out more prominently. Continuing to use the Service after a change means you accept the updated Policy.

11. Contact Us

Forage Data LLC
c/o Legalinc Corporate Services, Inc. (Registered Agent)
651 N Broad St, Suite 206
Middletown, DE 19709
New Castle County, USA

For privacy questions, data-removal requests, or to exercise any of the rights described above, use the contact page and include the URL or identifier of anything specific you're asking about.