Privacy Notice

Effective Date: February 27, 2020


This Privacy Policy sets out how NS8 Inc. and its group entities ("NS8" or "we") use and protect any information that you provide to NS8 when you visit our website(s) https://www.ns8.com, https://www.truestats.com/, and https://www.staylive.com/ ("the Websites") and correspond with us. NS8 Inc. is the data controller for our website, and the local NS8 entity (NS8 Inc. or NS8 B.V.) with whom you may interact is the data controller for such interactions.

NS8, Inc. offers abuse, fraud and user experience protection solutions ("Services") to its customers. These Services rely on the analysis of (abnormal) behavior on our customers' customers' websites and platforms which we may compare with and test against historical data in our database. Security and data protection are the cornerstones of our solutions and we wish to be fully transparent about our Services. Insofar as our Services process Personal Information, this Privacy Policy applies.


For purposes of this Privacy Policy, "Personal Information" means any information from or about a person that either identifies that person directly or that makes that person identifiable when it is combined with other information from or about that person from any source.


(1) Data Collected Automatically

Most of the data we collect in and through the Websites and the Services is technical in nature and is collected and processed automatically through scripts, cookies and similar software-based technologies. Alone or in combination with other data, such automatically collected data may constitute Personal Information. The data we may collect by automated means may include, without limitation:

  • Device data: including data on device IDs and similar hardware qualifiers.
  • Websites, applications and browsers: including data on the existence, characteristics and behavior of websites, applications and browsers (e.g., browser type, version, language, preferences).
  • Network and internet information: including URLs, IP addresses, bounce rates, use of spoofing, active (TCP/IP) ports, originating search engine, number of sessions initiated, click streams, location information and network/Wi-Fi access points.
  • Information we collect on the use of the Websites via cookies. Please see the section "How do we use cookies" below and our Cookie Notice for more information.

Google Analytics is an element of the Websites. By using cookies, Google Analytics collects and stores data such as time of visit, pages visited, time spent on each page of the Websites, the Internet Protocol address, and the type of operating system used in the devices used to access the Website. By using a browser plugin available at http://www.google.com/ads/preferences/plugin/ provided by Google, you can opt out of Google Analytics.

(2) Data You Provide to Us

When you use the Websites or otherwise communicate with us, we collect data that you provide to us directly. For example, we collect data in the following circumstances: when you sign up for a newsletter, when you contact us via the Websites; and when you otherwise communicate with us.

The data you provide to us directly may include, without limitation, the following information that may, alone or in combination with other data, constitute Personal Information:

  • Information you provide through our 'Contact' section, including your name, company, e-mail, country, inquiry, and any other information you decide to provide;
  • Information you provide via email or using the contact details listed on various parts of the website, including your name, company, and phone number, and any other information you provide to us;
  • Information you provide in order to subscribe to our newsletters and updates, including your email address, the topic for which you wish to receive updates, or any other information you decide to provide us with. You may always unsubscribe from these emails by following the instructions included;
  • If you are one of our customers, suppliers or prospects, we may process limited Personal Information in the course of our business relation with you, for example when you place an order, request a demo or vice versa. Such Personal Information may include your name, company, title, e-mail address, telephone number, address, order details, and where applicable and relevant, credit registrations and credit limits;
  • transaction and limited (non-PCI) payment data; and
  • Other information: We may also collect any other information you may want to share with us, such as Personal Information related to recruitment / job applications. Moreover, if you contact us, a record of this correspondence may be kept.

We may also obtain data from third-party sources such as our customers, data providers, and credit bureaus, where permitted by law.

(3) Data Received from Third Parties

We may also obtain data from third-party sources such as our customers, data providers, and credit bureaus, where permitted by law. We obtain contact details and other personal information regarding media contacts and influencers from a variety of sources including Cision. If you wish to know more about how such information is collected and used, please refer to Cision’s privacy notice at www.cision.com/us/legal/privacy-policy/.


The Personal Information we collect is primarily processed for and on behalf of our customers and used to provide our abuse, fraud and user experience protection solutions on their websites, platforms and applications. In providing our Services, we obtain feedback from our customers. We process and use this feedback for the legitimate interests of our Customers, their bona fide end-users and of us providing our Services, preventing fraud and abuse (including identity and credit card fraud) and securing online websites and environments.

We use the Personal Information you provide to us when you contact us in relation to enquiries, orders, comments or complaints made by you for conducting business with you and for our legitimate interest of communicating with you about our products and services. With your consent (unless otherwise permitted by applicable law) we use the Personal Information you provide us via our Websites (for example when signing up to our newsletters) to send you information on our products and services, special offers and other information based on the interests that you have indicated to us. If you do not wish to receive such information, you can indicate so via the details directly below or the links provided in our emails. If you are one of our customers, suppliers or prospects, we use Personal Information about you to establish and fulfil our contract with you. This may include verifying your identity, communicating with you and arranging the provision of products and services. We also use Personal Information about you for our legitimate interests of documenting and managing our internal administration.

We use the Personal Information we obtain from use of the Websites for market research in pursuance of our legitimate interests of improving our products and services and being able to offer our customers and prospects tailored products and services.

In addition to the above, we use the Personal Information in order to comply with applicable laws and for our legitimate purposes of protection our legal rights, in connection with legal claims, and for compliance, regulatory, and investigative purposes. This may include sharing the Personal Information with third parties, such as governmental authorities or law enforcement officials subject to applicable law.


We may disclose Personal Information you provide to us or that we collect automatically on the Websites and in and through the Services with the following categories of third parties:

  • Service providers, such as data storage service providers, marketing service providers, accounting service providers, social media platforms you use, and communications service providers (e.g. Intercom.io, Salesforce.com, Outreach.io, Stripe.com, Unbounce.com and Marketo.com) and human resources service providers;
  • Public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties; and
  • Our subsidiaries and affiliates; or a subsequent owner, co-owner or operator of the Websites and/or the Services and their advisors in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization, in accordance with this Privacy Policy.

For service providers and third parties outside of the European Economic Area ("EEA") that are not subject to an adequacy decision from the European Commission we rely on the so-called EU model clauses, their EU-US Privacy Shield Certification and the Binding Corporate Rules they may have adopted. If you wish to hear more about these safeguards, please contact us through the details further below.


Our Services are set up in such way that they allow our customers a great deal of control of any (further) use of the Services and Personal Information. As our customers exercise such control and can use and implement the Services to their liking (as detailed in their contract with us), we are not responsible for any further use of our Services and Personal Information (including the combination of the Personal Information with other information) by our customers. If you would like to have more information on how the Services and Personal Information are used by our customers, we invite you to read their respective data protection notices and/or contact them directly.


Where we process Personal Information, individuals are entitled to ask us for an overview of the Personal Information we have about them and also to access, correct or delete certain Personal Information, restrict processing of their Personal Information, or to ask us to transfer some of Personal Information to other organizations. Certain individuals can also object to some processing of their Personal Information and, where we have asked for their consent, they can withdraw their consent at any time. Insofar as Personal Information about them is processed, certain individuals also have a right to know more about the protection we apply when transferring Personal Information to non-EEA countries.

Note that we are not legally obligated to agree to such requests in all circumstances, and in certain circumstances, agreeing to a request may be infeasible – for example, a deletion request when we are required by law to maintain the Personal Information. Please also note that we are not able to act on any of the above requests if we are not in a position to identify an individual filing such request.

Where applicable, these rights can be exercised by sending us an email through the contact details further below. Depending on where you live, you may have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning Personal Information about you. We encourage you to first reach out to us at compliance@ns8.com so we have an opportunity to address your concerns directly before you do so. We are committed to compliance with the General Data Protection Regulation ("GDPR") where applicable, so please contact us through the details listed below if you have any questions about these rights.


California Civil Code Section 1798.83 permits Website(s) users who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make a request, please contact us: compliance@ns8.com.

Your California Privacy Rights:

Subject to the limitations set forth in Cal. Civ. Code § 1798.100 et seq, if you are a California resident you may have the right:

  • to request disclosure of the categories and specific pieces of Personal Information collected about you;
  • to request the disclosure of the business purpose for collecting or selling your Personal Information; the categories of third parties with whom it is shared, and the categories of sources from which Personal Information is collected;
  • to request the deletion of Personal Information collected about you, subject to the limitations set forth in California Civil Code Section 1798.105(d);
  • not to be discriminated against for exercising the rights guaranteed by California Civil Code Section 1798.100 et seq.

For the categories of Personal Information we collect, the purposes for processing that information, and the categories of third parties to whom we disclose that information please refer to Section 3 “What Data Do We Collect”, 4 “Purposes for Our Collection and Use of Personal Information”, and 5 “Who Do We Share Personal Information With”, above.

Requests to Know

You have the right to request that we disclose:

  • The categories of Personal Information we collect;
  • The categories of Personal Information we sell or disclose for a business purpose;
  • The categories of sources from which we collect your Personal Information;
  • Our business or commercial purpose for selling or collecting your information;
  • The categories of Personal Information sold or shared about you, as well as the categories of third parties to whom the Personal Information was sold, by category of Personal Information for each party to whom information was sold;
  • The specific pieces of Personal Information collect.

You may submit a request to know via email at compliance@ns8.com. Delivery may take place electronically or by mail. We are not required to provide Personal Information to you more than twice in a 12-month period.

Requests to Delete

You have the right to request that businesses delete any Personal Information about you collect from you. Upon receiving a verified request to delete your Personal Information, we will do so unless otherwise authorized by law.

You may submit a request to delete your information via email at compliance@ns8.com.

Verifiable Requests

We will acknowledge the receipt of requests to know or requests to delete your information free of charge, within 10 days. You may submit requests via the mechanisms given below.

In order to protect your privacy and the security of your information, we verify consumer requests by asking you to submit specific pieces of personal information that we can verify by matching against our records.

We will respond to your request within 45 days of receipt, after we have successfully verified your identity.

Sale of Personal Information

You have a right to opt-out of the sale of your Personal Information. You may, at any time, direct businesses that sell your Personal Information to third parties not to sell your Personal Information.

Under the CCPA, a “sale” includes “renting, releasing, disclosing disseminating, making available, transferring or otherwise communicating a consumer’s personal information to another business or third party for monetary or other valuable consideration.” Sales do not necessarily require that money be exchanged for the transfer of personal information. We have taken substantial steps to identify whether any of our data sharing arrangements would constitute a “sale” under the CCPA. Due to the complexities and ambiguities in the CCPA, we will continue to evaluate some of our third party and customer relationships as we await the publication of final implementing regulations and guidance.

It is unclear if some elements of our Services qualify as “sales” under the CCPA. Your interaction with our Services may depend on your affirmative actions with relation to our customers’ platforms.

We will continue to update our business practices as regulatory guidance becomes available and provides clarity on what constitutes a sale transaction, in the online security space.

The Right to Non-Discrimination

You have a right not to receive discriminatory treatment for the exercise of your California privacy rights.

Personal Information the We Have Disclosed for a Business Purpose in the Last 12 Months

(A) Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

(B) Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.

(C) Geolocation data.

(D) Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Authorized Agents:

You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us. Alternatively, an authorized agent that has been provided power of attorney pursuant to Probate Code sections 4000-4465 may submit a request on your behalf.

You may submit a request for access to or deletion of your information via email at compliance@ns8.com.


NS8 is a U.S.-based company with domestic and international business clients. As a result, Personal Information that we collect on our Websites and through the Services may be transferred to our U.S. offices to permit us to comply with our legal and contractual obligations, to provide information and services to prospective and current clients, and to perform related business activities. In addition, we may work with third-party service providers in the U.S. and in other countries to support our business activities. Thus, Personal Information may be transferred to, stored on servers in, and accessed from the United States and countries other than the country in which the Personal Information was initially collected. In all such instances, we use, transfer, and disclose Personal Information solely for the purposes described in this Privacy Policy.


NS8 complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework (collectively, "Privacy Shield") as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Information from European Union (the "EU") member countries and Switzerland. NS8 has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. A violation of our commitment to Privacy Shield may be investigated by the Federal Trade Commission and/or the United States Department of Commerce. If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, to the extent available, please visit https://www.privacyshield.gov.

In compliance with the Privacy Shield Principles, NS8 commits to resolve complaints about your privacy and our collection or use of Personal Information about you. Persons from the EU or Switzerland who have inquiries or complaints regarding this Statement should first contact us via email at: compliance@ns8.com.

NS8 has committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.

Additionally, with respect to complaints concerning human resources data that is transferred from the EU and Switzerland to the United States, we have agreed to participate in the dispute resolution procedures of the EU Data Protection Authorities. Contact details for the EU data protection authorities can be found at: http://ec.europa.eu/justice/dataprotection/bodies/authorities/index_en.htm. NS8 will cooperate with the appropriate EU Data Protection Authorities during investigation and resolution of complaints concerning human resources data that is transferred from the EU and Switzerland to the United States under the Privacy Shield.

These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Pursuant to the Privacy Shield, NS8 remains potentially liable for the transfer of Personal Information to third parties acting as our agents unless we can prove we were not a party to the events giving rise to the damages.

In cases of onward transfer to third parties of Personal Information of EU individuals received pursuant to the EU-US and Switzerland-US Privacy Shield, NS8 is potentially liable.


We retain Personal Information about you only for as long as needed for the purposes for which it was collected.

Personal Information is only kept for as long as needed for the purposes described in this Privacy Policy and for our legitimate business purposes, after which it is scrubbed, anonymized or obfuscated as soon as possible unless otherwise required by applicable legislation. This typically happens within one (1) year after initial collection of such Personal Information for the Company's "Protect" offerings. Historical data (utilized for the Company's TrueStats offering) will typically be retained for a period of two (2) years after initial collection.

If you are a customer or supplier of NS8, NS8 will retain Personal Information about you for the duration of the contractual relationship you or your company has with us and after the end of that relationship for as long as necessary to perform the purposes set out above or to comply with other legal obligations. Personal Information we collect as a result of you subscribing to our newsletter or press releases will be stored until you decide to withdraw your subscription.


We maintain commercially reasonable risk-based security and data protection measures, which include end-to-end encryption for Personal Information in transit and encryption for Personal Information at rest. For more information on our security practices, please review our Security Policy at https://www.ns8.com/en-us/policies/security.

Our Websites may contain links to other websites of interest. However, once you have used these links to leave our Websites, we do not have any control over third party websites. We cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Policy. You should exercise caution and review the Privacy Policy applicable to the website in question.


NS8 does not offer Services to children. If you are under 18, you may use the Services only with the full knowledge and consent of a parent or guardian.


Some of the features on this website require the use of "cookies" - small text files that are stored on your computer's hard drive. We use cookies to measure which pages are being accessed, and which features are most frequently used. This enables us to continuously improve this website to meet the needs of our visitors.

For more information about our use of cookies, please view our Cookie Policy at: https://www.ns8.com/en-us/policies/cookie-notice/.


This Privacy Policy may change from time to time, effective from the date mentioned in the updated version of the Privacy Policy. Please check the Websites periodically to review such changes in the Privacy Policy. We may email periodic reminders of our agreements and policies in the event of a change.


If you have any questions or concerns about this Privacy Policy or about NS8's privacy or data security practices, please contact us via the following:

Data Protection Officer (Spencer Fairbairn):

NS8 Inc
241 W Charleston Blvd, Suite 111
Las Vegas, NV 89102
Attn: Data Protection Officer
Email: privacy@ns8.com

NS8's representative in the EU is:

NS8 B.V.
Weesperstraat 61
1018 VN Amsterdam, Netherlands
Attn: Managing Director