AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started

PRIVACY STATEMENT

Bishop Fox takes your privacy seriously. This is our official Privacy Statement effective as of June 01, 2026.

This Privacy Statement describes how Bishop Fox, which means Stach & Liu, LLC, Bishop Fox S.L., Bishop Fox Limited and BISHOP FOX MX, and S. DE R.L. DE C.V. (collectively, ‘Bishop Fox’, ‘We’, ‘Us’ or ‘Our’) handles personal data that we collect through our websites and applications that link to this Privacy Statement (collectively, the “Service”), as well as through our marketing and other activities described in this Privacy Statement.

CONTACT US

You can contact us via the following methods;

By email: [email protected]
By phone: +1-480-621-8967
By mail:
1414 W Broadway Road
Suite 233
Tempe, AZ 85282
United States

SCOPE

This Service is intended for individuals engaging with us in a commercial or professional context, and not for consumer use.

PERSONAL DATA WE COLLECT

The personal data we collect from you, either directly or indirectly, will depend on how you interact with us and with our Service. In general, we collect personal data about you from the following sources:

Information you provide to us. 

Personal data you may provide to us through the Service includes:

  • Contact data. Your full name, email address, phone number, and other contact details.
  • Professional or employment-related data. Information such as your professional title, organization’s name, and organization’s mailing address.
  • Communications data. Information in your communications with us, including when you communicate with us through the Service, email, social media, events or otherwise.
  • Referral data. Contact details of others that users provide to facilitate inviting them to use the Service. You should not share your or anyone else’s contacts or other information with us unless you have permission to do so.

If we collect personal data not specifically listed above, we will use it consistent with this Privacy Statement or as otherwise explained at the time of collection. 

Automatic collection. 

As you navigate the Service, our communications, and other online services, we and our service providers may automatically collect identifiable information about you, your computer or device, and your browsing actions and use patterns, such as:

  • Device data. Technical information about your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), unique device identification numbers or other identifiers, language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), IP address, and general location information associated with IP address, such as city, state, or geographic area.
  • Usage data. Page views, search terms, what videos and other content you view, how long you spent on a page, the website you visited before browsing to the Service, navigation paths between pages, information about your activity on a page, access times and duration of access, whether you have opened our emails or clicked links within them, and other functional information on Service performance (like diagnostics and crash logs).
  • Web technologies. We, our service providers and third parties we work with use the following technologies to facilitate some of the automatic data collection described above, including to enable Service functionality, analytics, and targeted advertising:
    • Cookies. Cookies are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser, remember preferences, and track user activity and patterns. Cookies used on our site include cookies that we serve as well as cookies served by third parties that we work with to enable the services they provide, such as analytics services that track traffic and usage. You can learn more about cookies and how to control them at www.allaboutcookies.org.
    • Pixels. Pixels (also known as web beacons or clear GIFs) are embedded in code and/or invisible as image files within webpages or HTML formatted emails to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, at a specific date and time using a particular device.
    • Browser web storage (including HTML5). Browser web storage (also known as locally stored objects) functions like cookies but enables the storage of a larger amount of data.
    • Embedded scripts. These scripts are software code temporarily downloaded to your device to collect information about your interactions with the Service such as the links you click.

Third party sources. 

We combine personal data we receive from you or collect automatically when you use the Service with personal data we obtain from other sources, such as:

  • Our business contacts. Our professional contacts share with us contact details about individuals in their networks, including prospective customers, vendors, and partners.
  • Public sources. Such as publicly-accessible social media platforms and websites.
  • Data providers. Such as information services and data licensors that provide professional and other information.

HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes or as otherwise described in this Privacy Statement or at the time of collection:

  • Service Delivery. We use your personal data to provide the Service, for example, to process your payments and to communicate with you about our Service.
  • Business operations. We use your personal data to administer and maintain our Service and our IT systems (including monitoring, troubleshooting, data analysis, testing, system maintenance, repair, and support, reporting and hosting of data) and to otherwise operate our business.
  • Research and development. We use your personal data for research and development purposes, including to analyze and improve the Service and our business in an informed way. As part of these activities, we may create aggregated, de-identified and/or anonymized data from personal data we collect. We make personal data into de-identified or anonymized data by removing information that makes the data personally identifiable to you. We may use this aggregated, de-identified or otherwise anonymized data and share it with third parties for our lawful business purposes, including to analyze, improve and promote the Service and our business.
  • Marketing.
    • Direct marketing. We may contact you about our products and services via email, phone, text message and other channels as permitted by law. You may opt-out of our direct marketing communications as described in the Opt-out of communications section below.
    • Targeted advertising. Third party advertising partners that we work with use the web technologies described above to collect personal data about your interaction with the Service, our communications, and other online services over time and with different browsers and devices. They use that information to serve online ads that they think will interest you on other online services and to measure their effectiveness. We may also share individuals’ contact data with our advertising partners to facilitate interest-based advertising on their platforms (e.g., social media platforms) to those individuals or others with similar traits.
  • Compliance and protection. We use your personal data to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities. We also use your personal data to protect our, your or others’ rights, privacy, safety, or property (including by making and defending legal claims), including by conducting internal audits against our policies; enforcing the terms and conditions that govern the Service; and taking steps to prevent, investigate and deter fraud, cyberattacks or other unauthorized, unethical, or illegal activity.

HOW WE SHARE YOUR PERSONAL DATA

  • Service Providers. Bishop Fox uses other third-parties to perform certain business-related functions. For example, such functions include business applications, cloud hosting and infrastructure, content delivery network, information technology, cybersecurity, marketing, email delivery, billing, telecommunications, and analytics. . Our trusted third-party service providers are processing information in compliance with our Privacy Statement and any other appropriate confidentiality and security measures. 
  • Legal Transfers. Parties (and their advisors) to transactions (or negotiations of or due diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Bishop Fox or our affiliates (including, in connection with a bankruptcy or similar proceedings). 
  • Related Companies. We may also share your personal data with any entity that is affiliated with us for purposes consistent with this Statement. 
  • Advertising Partners. Google and other third party advertising companies may collect, and we may share with them, personal data for targeted advertising purposes as described above. Their use of personal data is subject to their own privacy policies. You can read Google’s privacy policy at Privacy Policy - Privacy & Terms - Google. 
  • Professional advisors. Professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to us. 
  • Legal Requirements. We may disclose your information, if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) to protect and defend the rights or property of Bishop Fox, (iii) act in urgent circumstances to protect the personal safety of users of the website or service or the public, or (iv) protect against legal liability.

YOUR CHOICES

Your choices regarding the personal data we hold about you include the following:

  • Access or update your information. You can contact us to request access to your personal data.
  • Account and data deletion. You can contact us to request deletion of your personal data.
  • Opt-out of marketing communications. You may opt-out of our marketing emails by following the opt-out instructions in the email or by contacting us. Please note that if you opt-out of marketing emails, you may continue to receive service-related and other non-marketing emails.
  • Opt-out of text messages. If you receive text messages from us, you may opt out of receiving further text messages from us by replying STOP to our message or by contacting us.
  • Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
  • Limit collection by cookies and other web technologies. Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, certain features of the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.
  • Targeted ads. The following industry opt-out tools let you opt-out of targeted ads from participating companies:
  • Network Advertising Initiative
  • Digital Advertising Alliance
  • AppChoices mobile app, which will allow you to opt-out of targeted ads in mobile apps served by participating members of the Digital Advertising Alliance.

RETENTION 

We store the personal data we receive as described in this Privacy Statement for as long as you use our services or as necessary to fulfill the purpose(s) for which it was collected, provide our services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

SECURITY 

We use various technical and organizational measures designed to protect the personal data we process. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal data. We retain personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for the compliance and protection purposes described above.

CHILDREN

Bishop Fox services are not directed to children under 18, and we do not knowingly collect personal data from children. If you learn that a child has provided us with personal data, please contact us as described above. If we learn that we have collected any personal data in violation of applicable law, we will promptly take steps to delete such information.

CHANGES TO OUR PRIVACY STATEMENT

We reserve the right to modify this Privacy Statement at any time. If we make material changes to this Privacy Statement, we will notify you by updating the date of this Privacy Statement and posting it on the Service or other appropriate means. Any modifications to this Privacy Statement will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Statement indicates your acknowledgment that the modified Privacy Statement applies to your interactions with the Service and our business.

NOTICE TO EUROPEAN USERS

The information provided in this notice applies only to individuals in the United Kingdom (“UK”) and the European Economic Area (“EEA”) (we collectively refer to these countries as “Europe”).

The personal data that we collect from you is identified and described in greater detail in the section of the Privacy Statement entitled Personal Data we collect.

Controller. Stach & Liu, LLC, Bishop Fox S.L., Bishop Fox Limited and BISHOP FOX MX, S. DE R.L. DE C.V., collectively, ‘Bishop Fox’, is the controller of your personal data described in the Privacy Statement. See the Contact Us section above for more contact details.

Legal bases for processing. European data protection law requires that we have a “legal basis” for each purpose for which we process your personal data. Depending on the purpose for collecting your information, we may rely on one of the following legal bases:

  • The processing is necessary to perform a contract that we are about to enter into, or have entered into, with you (“Contractual Necessity”).
  • The processing is necessary to pursue our legitimate interests or those of a third party and we are confident that your privacy rights will be appropriately protected (“Legitimate Interests”).
  • We need to comply with laws or to fulfill certain legal obligations (“Compliance with Law”).
  • We have your specific consent to carry out the processing for the purpose in question (“Consent”). Generally, we do not rely on Consent as a legal basis for using your personal data other than in the context of direct marketing communications where required by applicable law.

The table below identifies the legal bases we rely on in respect of the relevant purposes for which we use your personal data. For more information on these purposes and the categories of personal data involved, see the section in the Privacy Statement entitled How we use your personal data.

Processing purpose Types of Personal Data processed Legal basis
Service delivery
  • Contact data
  • Professional or employment-related data
  • Communication data
  • Referral data
  • Device data
  • Usage data
 Contractual Necessity. If we have not entered a contract with you requiring use of this data, we process your personal data based our Legitimate Interests (in providing the Service you access or request)
Business operations
  • Contact data
  • Professional or employment-related data
  • Communication data
  • Referral data
  • Device data
  • Usage data
 Contractual Necessity. If we have not entered a contract with you, we process your personal data based our Legitimate Interests (in operating, providing, and improving our business)
Research and development
  • Contact data
  • Professional or employment-related data
  • Communication data
  • User content
  • Device data
  • Usage data
 Our Legitimate Interests (in analyzing and improving our Service and our business).
Marketing and advertising
  • Contact data
  • Professional or employment-related data
  • Communication data
  • Referral data
  • Device data
  • Usage data
 Our Legitimate Interests (in promoting our products and services through marketing communications). In circumstances or in jurisdictions where consent is required under applicable data protection laws, we rely on your Consent to send direct marketing communications.
Sharing your Personal Data as described in this Privacy Statement
  • Contact data
  • Professional or employment-related data
  • Communication data
 We use the original legal basis relied upon if the relevant further use is compatible with the initial purpose for which the personal data was collected. Otherwise, we rely on your Consent.
Compliance and Protection
  • All data relevant in the circumstances.
 Compliance with Law (where processing is necessary to comply with our legal obligations). Otherwise, we rely on our Legitimate Interests (in protecting our, your or others' rights, privacy, safety, or property).

Use for new purposes. 

We may use your personal data for reasons not described in this Privacy Statement where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal data for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive Personal Data. 

We do not require sensitive personal data (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) and ask that you do not provide us with any such information.

Your rights. 

European data protection laws give individuals in Europe the following rights regarding their personal data:

  • Right of access. You can ask us to provide you with information about our processing of your personal data and give you access to your personal data.
  • Right to rectification. If the personal data we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified.
  • Right to erasure. You can ask us to delete or remove your personal data where there is no lawful reason for us continuing to store or process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
  • Right to restrict processing. You can ask us to suspend the processing of your personal data:
    • if you want us to establish the information’s accuracy;
    • where our use of the information proves to be unlawful, but you do not want us to erase it;
    • where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or
    • if you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
  • Right to object. You can object to our processing of your personal data where we are relying on a legitimate interest (or those of a third party) to do so and you believe it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Right to data portability. You have the right, in certain circumstances, to ask us to provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
  • Right to withdraw consent at any time. Where we are relying on consent to process your personal data you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Exercising those rights. Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal data or where certain exemptions apply. If we decline your request, we will tell you why, subject to legal restrictions.

To exercise any of these rights, please contact us. We may request specific information from you to help us confirm your identity and process your request.

Your right to lodge a complaint with your supervisory authority. If you are not satisfied with our response to a request you make, or how we process your personal data, you can make a complaint to the data protection regulator in your habitual place of residence.

For users in the EEA: The contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-e...

For users in the UK: The contact information for the UK data protection regulator is below:

The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF
Tel. +44 303 123 1113
Website: https://ico.org.uk/make-a-complaint/

International data transfers. We are headquartered in the United States and may use service providers that operate in the United States and other countries. Therefore, we may transfer your personal data to recipients outside of Europe. Some of these recipients are in countries which have been formally recognized as providing an adequate level of protection for personal data by the European Commission and Secretary of State in the UK, in which case, we rely on the relevant "adequacy decisions".
Where the transfer is subject to the cross-border restrictions of applicable data protection law and no adequacy decision or regulations apply, we take appropriate safeguards to ensure your personal data remains protected in accordance with this Privacy Statement and applicable laws by entering into appropriate data transfer mechanism permitted under Article 46 of the GDPR / UK GDPR (as applicable), such as the European Commission's Standard Contractual Clauses or the UK International Data Transfer Addendum (as applicable). A copy of our data transfer mechanism can be provided on request.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.