Strider Intel

Privacy Policy

Last updated: January 1, 2026

This Privacy Notice ("Privacy Notice") explains the processing of personal data by Strider Technologies, Inc. and its affiliates (“we” or “Strider”). 

1. Strider’s Strategic Intelligence Platform

Strider provides a “Strategic Intelligence Platform” to help its customers secure and advance their technology, people, and supply chains.  Section I of this Notice describes the data processing necessary to provide our Strategic Intelligence Platform, including Strider’s data collection (1.1), data processing and delivery to customers (1.2), and the respective roles of Strider and its customers under data privacy law and the legal basis (1.3).

1.1 Data Collection 

Overview and Purpose: Strider captures selected open source intelligence from publicly accessible data sources. This data includes data captured using crawlers and purchased data, all stored in a continuously updated database (“OSINT Database”). This data is curated and shared with Strider’s clients to help them secure and advance their technology, people, and supply chains.   

Data sources: Strider collects publicly accessible data from the following data categories, all of which may contain personal data:

  • Company records 
  • Course catalogues from universities or research institutions
  • Work and professional history, including resumes (data from private social media networks like Facebook or LinkedIn are not crawled)
  • Data from sourcing platforms (e.g., buyers, sellers, products)
  • Information from talent programs, such as scholarships and guest lectures
  • Patent filings and grants
  • Research articles in scientific journals
  • Academic history
  • Shipping data

Method of collection: These documents are collected using crawlers which search publicly accessible websites or licensed/purchased from third parties who collected data from publicly accessible sources. 

Collected personal data: The personal data that Strider captures is publicly accessible and generally about individuals’ professional and academic history. The personal data contained in the collected documents depends on their specific content, but will regularly include name, education history, employment history, conference or event attendance history, professional or industry group association history, publication history, intellectual property filing history, information regarding defense, military or government ties, and areas of technological expertise or other information that is contained in the collected documents. 

1.2 Data Processing & Delivery to Customers

Overview and Purpose: Strider uses the created OSINT Database to provide its Strategic Intelligence Platform. The platform helps Strider’s customers to identify potential risks associated with state-sponsored intellectual property theft, talent acquisition, and supply chain vulnerabilities. Data may also be delivered to customers through Services, which are customized, hands-on economic security research projects and program development support. Services are based on Strider’s OSINT Database and leverage the analysis and techniques developed by Strider in a customized manner depending on the scope of work agreed upon with the customer.

Processing and Analysis: Strider processes such personal data to identify unique individuals, and determine whether individuals or organizations could possibly present one or more risks to its customers. This process is generally carried out in the following steps:

  1. Extracting relevant information: The collected documents are processed using extractors, natural language processing and a proprietary parsing technique. This results in structured information that can be further analyzed.
  2. Curated Risk identification: For Strider’s Insights product, a list of targeted individuals/organizations is built based on relevancy. First, individuals are checked to identify whether they are part of a customer’s current or historical personnel. Second, individuals/organizations must be associated with organizations of concern. No personal data shared by the customer is used in the risk identification step, as Strider’s zero-touch architecture does not require any of the customer’s internal data. After the risk identification and review process a customer profile ("digital twin") is built from the identified targets and identified risks that is then pushed to the customer’s tenant.
  3. On Demand Risk Identification: For Strider’s search products (e.g. People Search or Organizations Search), Customers may run searches on entities and individuals by submitting a name and additional identification information, such as an email address or employer. Customers may also run a search by submitting a resume of an individual. Customer-submitted data is used only as a query parameter, not ingested into the OSINT Database. When a search is run, Strider will return a profile on the individual or entity, and where applicable, assign a risk signal(s) to the person or entity (e.g. defense university ties or relevant former employment). For Organizations Search, risk signals are assigned to organizations and their respective ties to other organizations. Strider stores an end-user’s search history for a length of time determined by the customer. An end-user’s search history is not shared with anyone beyond the specific end-user. 
  4. Request For Information (RFI):  When requested by a customer, a multi-page report is prepared on a requested entity.  This entity can be a person, organization or other item of interest based on the needs of the business.
  5. Research Projects:  Clients commission detailed research into a topic of strategic importance and a lengthy report or detailed data set is delivered back to client.
  6. Delivery phase: The delivery phase is the customer-facing interface of the Strategic Intelligence Platform. The data is delivered via the Strider web-portal, APIs, or in a bespoke work product. 
  7. Decisions: Strider provides intelligence, but does not recommend any specific course of action for its customers.  Automated tools are used to assist with data organization and analysis, but all outputs are designed to support human review. Customers are solely responsible for any decisions they make based on information provided through Strider’s products and services, and such decisions are made at their discretion and under their own policies and procedures. Strider does not engage in automated decision-making, including profiling, that produces legal or similarly significant effects concerning individuals.

1.3 Legal basis and Role of Strider for Providing the Strategic Intelligence Platform

Role: Strider is the data controller (or equivalent under other privacy laws) for providing the Strategic Intelligence Platform and Services. As controller, Strider is responsible for its own compliance with data privacy law. Customers are independent controllers of the Strider data. 

Legal basis for collection: Strider relies on its legitimate interests as its legal basis to collect personal data in connection with services under Article 6 (1) (f) of the EU/UK GDPR. Strider’s purpose of processing personal data is offering its products to its customers, and its processing presents a benefit to Strider’s customers in that Strider’s products enable its clients to understand and evaluate their exposure to nation-state actors by helping them detect and combat insider threats and other threats to people, technology, and supply chains. Those threats might otherwise result in talent loss, IP theft, forced technology transfer, supply chain or other similar risks. Strider’s clients have a commercial interest in mitigating such threats. Strider had conducted a legitimate interests analysis and can share that upon request. 

2. Other processing activities 

2.1 Website

If you access our website, some personal data is temporarily stored. In particular, the following data is collected when you visit our website:

  • IP address and host name of your computer
  • Date and time of access
  • Browser metadata, including your browser type and operating system, whether the access was successful and the amount of data transferred, page visited on our website and a third-party-website from which you clicked on a link to our website

The temporary storage of this personal data is necessary to deliver the website to you. The legal basis for this processing of your personal data is our legitimate interest in effective corporate communications.

2.2 Log data

Further storage of this data takes place in log files, in order to ensure the functionality of our website and, if necessary, to check and enforce our rights, our terms of use and the rights of third parties. The log files are stored as long as necessary for the respective purpose, usually no longer than one (1) year. The legal basis is our legitimate interest in providing the website securely.

2.3 Registration, communication and contact forms

We process personal data that you provide in the context of using certain content and functions on our website. For example, if you use a contact form on our website, we use this personal data to respond to your queries, and/or provide the services and/or information that you have requested. The same applies to communication by other means, such as e-mail, messenger or telephone. The legal basis for this data processing is our legitimate interest in effective corporate communications.

2.4 Communication with customer and prospect contact persons

We process contact details of the respective contact persons of our business partners (e.g., address, telephone number, mobile phone number, e-mail address) and other personal data of the respective contact persons, insofar as the respective business partner makes these available to us in the context of the business relationship.

The processing of the personal data of contact persons serves the following purposes: 

  • Performance of the contract: Contract negotiations, execution and processing of the contractual relationship between us and our business partners, e.g. contract and payment processing, customer, supplier and invoice management and customer backup. The legal basis for this data processing is our legitimate interest in fulfilling our contractual obligations.
  • B2B Marketing: We use e-mail addresses of contact persons of your company that we have received in connection with the sale of our products to your company in order to inform the respective contact persons of your company about similar goods or services of our company. The legal basis for such B2B marketing is our legitimate interest in direct marketing. The respective contact persons of your company have the right to object to the sending of such advertising e-mails at any time in the future. If the respective contact persons consent to receiving such marketing, the legal basis is their consent (which they can withdraw at any time).
  • Customer relationship management: We store certain information about our contact persons and our B2B customers in our customer relationship management service. The legal basis is our legitimate interest in maintaining customer relationships.

2.5 Other purposes for which we process your personal data

Furthermore, we process your personal data: 

  • To fulfil contracts and in the context of existing or new business relationships. We will retain this personal data at least for the duration of our business relationship. The legal basis is the performance of a contract.
  • To meet our legitimate interests, including the following:
    • Enter into corporate transactions (e.g., restructuring, asset deals, mergers)
    • Protect our rights or property, enforce our terms of use and legal notices, and provide for the establishment, exercise, and defense of legal claims
    • To fulfil our legal obligations, court orders or administrative decisions
    • With your consent for other purposes, such as subscription to a newsletter; in this case, you have the option to revoke your consent at any time.

3. Recipients of Your Personal Data

We share information about you as follows or as otherwise described in this Privacy Notice:

  • If collected by Strider as outlined in Section 1 from publicly accessible sources, we share with customers that use our products to obtain such personal data. Where we provide personal data to customers as part of our products, we only provide such information to customers who can demonstrate that they have legitimate interests in such personal data, and even then, we limit such customer access only to the personal data that is relevant for their purposes. 
  • With vendors, business partners, consultants and other service providers who need access to such information to carry out work on our behalf including to facilitate operation, access and use of our products, provide products on our behalf, perform website-related services (including, but not limited to, data storage, maintenance services, database management, web analytics, customer relationship management vendors, and improvement of the Sites’ features) or assist us in analyzing how our products are used. A list of Strider’s subprocessors are available here: https://trust.striderintel.com/subprocessors
  • In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements.
  • If we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of Strider or others.
  • In connection with, or during negotiations of, any merger, sale of our assets, financing or acquisition of all or a portion of our business by another company.
  • Between and among Strider and our current and future parents, affiliates, subsidiaries and other companies under common control and ownership.
  • With other recipients based on your specific consent

4. International Transfers

Personal data of individuals who visit our website or otherwise interact with us may be transferred and accessed from around the world, such as from countries where we or our group entities operate. If we transfer your personal data outside of the European Economic Area (“EEA”) to a country which provides a different level of data privacy, we will use a transfer mechanism to ensure the same level of data privacy as within the EEA. For this purpose, we mainly use Standard Contractual Clauses ("SCC") and in individual cases other appropriate guarantees. You can request a copy of the SCC or other contract ensuring the appropriate level of data privacy by contacting us by the contact methods described in section 9.

5. Cookies

In addition to the processing purposes mentioned above, we also use cookies and similar technologies such as pixels or web storage (together: "Cookies") if they are technically necessary to offer our website or if we are obliged to do so. 

Cookies that are not technically necessary (e.g., for analytical purposes) are only processed with your consent, if required by the applicable jurisdiction. 

Unless otherwise stated in this Privacy Notice, Cookies remain stored as long as necessary to fulfil the respective processing purposes. You can object to the storage of Cookies by browser preferences and delete them manually in your browser settings. Please note, however, that some Cookies may be mandatory for the use of our website or its individual functions.

For more information about the Cookies set on this website and how to revoke or give your consent, please use our Data Access Request form. 

6. Privacy of children

Our website and app are not designed for or directed to children under the age of 16 and we do not knowingly collect personal data from children. If you have reason to believe that we have inadvertently collected personal data about a child, please contact us and we will take steps to delete this data.

7. Regular deletion of personal data

For data shared by a customer with Strider through the Strider products, the customer can set its own data retention period or request Strider delete such customer data. Otherwise, unless a specific retention period is specified in this Privacy Notice, we will only process your data as long as this is necessary for the respective purposes or as long as there are legal retention obligations. After the respective processing purpose ceases to apply and retention obligations end, your data will be routinely deleted. 

8. Your rights

If required under law in your applicable jurisdiction, you can request access to the personal data stored by us. If you have provided personal data on the basis of a contract or consent, you have the right to receive this personal data in a standard and machine-readable format.

You can also request the deletion, correction or restriction of the processing of your personal data subject to certain exceptions or limitations. You can revoke your consent at any time without affecting the lawfulness of processing based on your consent before its withdrawal.

If you have provided your consent, you can withdraw your consent at any time.

For those based in the EEA, you can object to the data processing on the basis of our legitimate interests at any time based on grounds relating to your particular situation.

To exercise your rights you can use our Data Access Request form and contact us using the contact details provided below in Section 9.

In case of questions and in case of possible concerns about the data processing, you can also complain to a data protection authority. 

9. Security

We take reasonable measures to help protect information about you from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. More information about Strider’s security practices is here: https://trust.striderintel.com/

10. Geographic Specific Sections

10.1 California Residents

This section applies only to residents of the State of California. The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), grants California residents specific rights regarding their personal information. If you are a California resident, you have the right to know what personal information is collected and how it's used and shared. You also have the right to request the deletion or correction of your personal information. Additionally, you have the right to opt-out of the sale or sharing of your personal information and to limit the use and disclosure of sensitive personal information. We will not discriminate against you for exercising these rights. To exercise these rights, use our Data Access Requestform. We will verify your identity and respond to your request within the required timeframes.

10.2 Other Jurisdictions: 

Individuals located in other jurisdictions (such as other states in the USA, Canada, or Brazil) may have similar rights under their local privacy laws, which Strider will honor where applicable.

10.3 Data Privacy Framework:

Strider complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (collectively, the “DPF”) as set forth by the U.S. Department of Commerce. Strider has certified to the U.S. Department of Commerce that it adheres to the DPF Principles with respect to the processing of personal data transferred from the European Union, the United Kingdom (and Gibraltar), and Switzerland to the United States. If there is any conflict between the terms in this Privacy Notice and the DPF Principles, the DPF Principles shall govern. All U.S. subsidiaries using brand name “Strider” adhere to the EU-U.S. DPF Principles, including the UK Extension to the EU-U.S. DPF. Strider is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We may transfer personal data to third parties acting as agents or service providers for the purposes described in this notice. Strider remains liable under the DPF if a third party processes personal data in a manner inconsistent with the Framework’s principles, unless we prove that we are not responsible for the event giving rise to the damage.

For more information about the Data Privacy Framework program, and to view our certification, please visit the U.S. Department of Commerce’s Data Privacy Framework website at:
https://www.dataprivacyframework.gov/

10.4 Alternative Dispute Resolution:

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Strider commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to the International Centre for Dispute Resolution – American Arbitration Association (ICDR-AAA DPF IRM Service), an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit: https://go.adr.org/dpf_irm.html for more information or to file a complaint.  The services of ICDR-AAA DPF IRM are provided at no cost to you.

10.5 Arbitration: 

In certain circumstances, individuals may have the right to invoke binding arbitration to resolve residual claims regarding the processing of their personal data that have not been resolved through other available dispute resolution mechanisms. This option is available only after other required avenues for redress have been exhausted and subject to the conditions set forth in the applicable Data Privacy Framework and its arbitration procedures.

11. Contact

If you have any questions about our data processing or want to exercise your rights under data privacy law, please contact us at privacy-request@strider.tech or at:

Strider Technologies, Inc., Attn: Privacy 10355 S. Jordan Gateway #600, South Jordan, UT 84095

VeraSafe has been appointed as Strider’s representative in the EU and UK for data privacy matters, pursuant to Article 27 of the EU/UK GDPR. If you are in the European Economic Area or UK, VeraSafe can be contacted in addition to Strider, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form or via telephone at: +420 228 881 031.

Alternatively, you can contact VeraSafe at:

EU: VeraSafe Ireland Ltd., Unit 3D North Point House North Point Business Park New Mallow Road, Cork, T23AT2P Ireland

UK: VeraSafe United Kingdom Ltd., 37 Albert Embankment, London SE1 7TL, United Kingdom

We may change this Policy from time to time. If we make changes, we will notify you by revising the date at the top of the Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Policy periodically to stay informed about our information practices and the choices available to you.