Leveraging Infostealers to Breach Companies: A Cybersecurity Intelligence Perspective

Infostealers are specialized malware designed to extract sensitive data from infected systems. They operate in the background, collecting login credentials, browser histories, and cookies, often without detection. Deployed through phishing emails or malicious websites, infostealers are a growing favorite among cybercriminals due to their low risk of detection and the high-value data they yield.

Unlike more overt forms of cyberattacks like ransomware, infostealers are subtle and continuous. The stolen information is often sold in bulk on dark web marketplaces or used to launch further attacks, such as gaining access to company networks or committing financial fraud. The sophistication of these tools has grown, making them one of the most effective methods for threat actors to compromise corporate environments.

Why Infostealers Are Effective Against Companies

Infostealers are attractive to threat actors for several reasons:

  1. Low Detection Rates: Infostealers are designed to evade detection by traditional security measures such as antivirus software. Once deployed, they blend seamlessly into legitimate system processes, making it challenging for conventional security solutions to recognize or remove them. This stealth allows them to operate undetected for extended periods, gathering critical data.
  • Targeting High-Value Data: Infostealers are capable of extracting a wide range of sensitive information, including passwords, session cookies (which can be used to bypass multi-factor authentication), financial records, and proprietary business data. This stolen data is often sold on dark web marketplaces or used for extortion, leading to significant financial and reputational damage.
  • Wide Availability and Accessibility: Infostealers are readily available for purchase on dark web forums, frequently offered as part of malware-as-a-service (MaaS) platforms. This makes them accessible even to less experienced cybercriminals, lowering the barrier to entry for launching sophisticated attacks. The ease of access and customization further amplifies their appeal to threat actors across the cybercriminal ecosystem.

Top Threat Actors Leveraging Infostealers

We have seen that many cybercriminals are actively using infostealers data as a preferred method for infiltrating organizations. These groups have leveraged infostealers to breach companies, leading to extensive financial and reputational damage. Below are a number of threat actors that stand out for their sophisticated use of these tools:

  • USDoD: This threat actor has carried out high-profile attacks, including the breach of Airbus by exploiting compromised credentials from a Turkish Airlines employee. This attack underscores the significant risk that infostealers pose to supply chains, allowing hackers to penetrate companies through vulnerable third-party partners​.
  • Sp1d3rHunters: Known for exploiting Snowflake accounts, Sp1d3rHunters has executed breaches against major companies such as Ticketmaster and AT&T, exfiltrating sensitive data such as customer information and event tickets. Their operations demonstrate how infostealer logs can be used to gain access to cloud services and wreak havoc​.
  • IntelBroker: This notorious threat actor has breached both government and private sector entities, targeting organizations such as Apple, Zscaler, and Microsoft. By using Infostealer-collected credentials, IntelBroker has facilitated attacks on critical infrastructure and sold access to compromised systems on dark web forums, further intensifying the risk to companies​.
  • Andariel (North Korea): Part of the Lazarus Group, Andariel is a North Korean state-sponsored Advanced Persistent Threat (APT) actor. This group is known for using infostealers, alongside other tools like keyloggers and remote access trojans (RATs), to target sectors such as military, nuclear, and manufacturing. Andariel’s strategy of using Infostealers to gather intelligence and financial data is a key part of their cyber operations​.
  • Lapsus$: Emerging in 2021, Lapsus$ has quickly gained a reputation for its high-profile breaches of companies like NVIDIA, Samsung, and Vodafone. Lapsus$ utilizes info stealers to harvest login credentials, payment information, and proprietary business data. In a notable attack, Lapsus$ breached Electronic Arts (EA), stealing source code for popular games like FIFA. The group’s aggressive tactics have caused widespread disruption in the tech and financial sectors​.

These groups’ sophisticated use of infostealers illustrates why businesses must adopt more advanced detection and monitoring systems to protect against this growing threat.

How Companies Can Defend Against Infostealers

While info stealers present a complex threat, companies can adopt several key strategies to mitigate the risks and minimize the impact of such attacks:

  • Analyze Exposed Data for Risk Mitigation: After a suspected infostealer attack, companies must conduct thorough analyses of the stolen data to assess the potential risks. This includes examining session cookies that could be hijacked to bypass multi-factor authentication (MFA), as well as personal credentials that may be used to impersonate employees or escalate privileges within the organization. Proactively identifying and addressing these risks can help prevent follow-up attacks or unauthorized access.
  • Strengthen Authentication Practices: While MFA is an essential safeguard, it is not foolproof, especially if session cookies are compromised. Companies should implement adaptive MFA, which monitors for anomalies in login attempts (such as unusual locations or devices) to prevent attackers from using stolen credentials. Additionally, frequent reauthentication can help disrupt the use of stolen session tokens.
  • Monitor for Unusual Access Patterns: Regularly reviewing access logs and monitoring for anomalous login attempts—such as multiple failed attempts, logins from unexpected locations, or odd behavior patterns—can help detect infostealer activity early. Endpoint Detection and Response (EDR) systems can play a key role in identifying and mitigating the effects of infostealers by flagging unusual data access or exfiltration activities.
  • Educate Employees on Phishing and Cyber Hygiene: Many infostealers are deployed through phishing attacks or malicious links. Regularly training employees to recognize suspicious emails, websites, and attachments can significantly reduce the likelihood of an initial infection. Implementing phishing simulations and real-time feedback can help maintain employee vigilance.

Uncovering Cyber Criminals Leveraging the World’s Most Extensive Database

Constella Intelligence, a pioneer in Deep OSINT investigations, unlocks the power of the deep and dark web to uncover cyber criminals and create the world’s most extensive database of malicious actors. This blog delves into Deep OSINT and explores how Constella Intelligence leverages it for superior Cyber-Investigations, Fraud Detection, and Insider Monitoring. 

Finding Actors Beyond the Surface 

Traditional Open-Source Intelligence (OSINT) gathers information from readily available online sources like social media and public records. Deep OSINT ventures far deeper. It delves into the hidden corners of the web, the deep and dark web, uncovering data that was never meant for public eyes. 

Constella Intelligence leverages Deep OSINT to build the world’s largest data lake, which exceeds one trillion digital assets. Even though the raw data from the deep and dark web can be messy and inconsistent, once is processed it can be used at scale:

  • Data Normalization Provides Scalability: Constella applies sophisticated data normalization and verification techniques. This ensures the data is formatted consistently and the information is real and not fabricated. Imagine millions of data points from various sources speaking a universal language – that’s the power of data normalization. 
  • ID Fusion Algorithms Connect the Dots: Once normalized, Constella’s ID Fusion algorithms take center stage. These advanced algorithms connect the dots, meticulously linking disparate data records into comprehensive profiles of individuals. Social media handles, forum aliases, dark web fingerprints – all these scattered pieces are woven together to create a holistic picture. 

A Digital Treasure Trove for Uncovering Cyber Criminals:  

  • Identify Criminals Behind Incidents: After a security incident, Deep OSINT helps identify the perpetrators by tracing their digital footprints across the web. ID Fusion then connects these footprints to build a complete profile of the attacker. Categorization allows you to identify if the attacker is a hacker, a phisher, or an insider based on their past activities and affiliations. 
  • Monitor Insider Threats: Mitigate insider threats by uncovering hidden connections, past activities, and potential red flags associated with employees. ID Fusion helps link seemingly unconnected data points to reveal a more comprehensive picture of an employee’s digital footprint, flagging potential insiders. 
  • Analyze Third-Party Vendors: Deep OSINT investigations provide a comprehensive analysis of third-party vendors, uncovering potential risks before establishing partnerships. ID Fusion helps ensure a complete vendor profile is established, identifying any inconsistencies or red flags that may indicate money laundering or other illicit activities. 
  • Digital Background Checks: Conduct thorough digital background checks on individuals, identifying any concerning activity lurking in the deep and dark web. ID Fusion connects the dots across various data sources to provide a holistic view of the individual’s digital presence, including potential ties to human trafficking or other harmful activities. 
  • Advanced KYC (Know Your Customer): Deep OSINT helps verify customer identities with unparalleled thoroughness, uncovering potential discrepancies and preventing fraud. ID Fusion ensures all aspects of a customer’s identity are examined and linked together for a watertight KYC process, identifying potential money launderers or other financial criminals. 

Constella Intelligence’s Database: A Categorized Arsenal Against Malicious Actors 

Constella Intelligence’s database isn’t just vast; it’s meticulously categorized. This categorization allows for targeted searches and identifications. Here’s a glimpse into the malicious actor categories within the database: 

  • Hackers: Individuals with advanced technical skills who exploit computer systems for malicious purposes. 
  • Carders: Criminals who steal and sell credit card information on the dark web. 
  • Hitmen: Individuals who are allegedly hired to commit murder. 
  • Pedophiles: Those who engage in illegal activities involving child exploitation.) 
  • Phishers: Deceptive individuals who attempt to steal personal information by impersonating legitimate entities. 
  • Insiders: Employees or trusted individuals who misuse their access privileges to harm an organization. 
  • Money Launderers: Criminals who disguise the source of illegally obtained money. 
  • Human Traffickers: Individuals who exploit and trade human beings for forced labor, sexual exploitation, or organ harvesting. 
  • Nation-State Actors: Government agencies that engage in cyber espionage or other malicious activities. 

By leveraging Deep OSINT, data normalization, and ID Fusion, Constella Intelligence empowers businesses and security service providers to: 

  • Shorten investigation times: Quickly identify the perpetrators behind security incidents. 
  • Strengthen insider threat detection: Proactively identify potential insider threats before they can cause harm. 
  • Make informed decisions about third-party vendors: Partner with trustworthy vendors who minimize security risks. 
  • Conduct comprehensive background checks: Hire with confidence by uncovering any concerning activities in an individual’s digital footprint. 
  • Comply with KYC regulations: Ensure robust KYC procedures to prevent money laundering and other financial crimes. 

Deep OSINT: The Future of Security 

Deep OSINT offers a revolutionary approach to security. By integrating Constella Intelligence’s database and expertise into your security measures, you gain a significant advantage in the fight against cybercrime and fraud. Constella Intelligence sets a benchmark for robust digital defense mechanisms in today’s complex threat landscape. 

Don’t Wait Until It’s Too Late: Secure Your Digital World Today 

Deep OSINT is not a luxury; it’s a necessity for robust cybersecurity. Explore how Constella Intelligence can empower you to create new revenue streams, improve customer retention, and ultimately, secure your digital world in the face of ever-evolving threats. 

Constella and Social Links Join Forces to Deliver Transformative OSINT Solutions

March 25, 2024[1]  — Social Links, a leading developer of open-source intelligence (OSINT) software, has announced a strategic partnership with Constella Intelligence, a prominent identity signals provider. This collaboration marks a milestone in the investigative reach of both Social Links’ solutions and the OSINT industry at large.

Social Links has always understood the crucial role that darknet data plays in increasing the reach and scope of investigative work. By integrating Constella Intelligence’s leading-edge identity intelligence with a powerful OSINT platform, users will be able to conduct investigations that search wider and deeper. This will lead to more insights and leads, higher levels of success, and, most importantly, contribute to digital and global safety.

Social Links CEO, Ivan Shkvarun, reiterated the transformative potential this partnership brings. “We’ve always strived to provide our users with the most comprehensive, accurate, and up-to-date data. And our new collaboration with Constella Intelligence shows that we are really expanding horizons and giving investigators, prosecutors, and security professionals the invaluable edge they need to resolve their cases.”

As prominent specialists in digital risk protection and providers of data from diverse sources, Constella Intelligence brings immense expertise and advanced technologies to the partnership. Their specialized techniques and tools to extract data from the Deep and Dark Web can deliver the data that case breakthroughs are made of.

Constella Intelligence’s available resources include data that can’t be found through Surface Web domains. Used responsibly, such information can be instrumental in investigative work, case-building and evidence collection, as well as a range of cybersecurity objectives, such as exposure identification or incident response. 

Constella Intelligence CEO, Kevin Senator expressed enthusiasm for the partnership’s potential to drive significant innovation in the field of intelligence software: “The innovative, forward-thinking solutions of Social Links are the perfect counterpart to our mission to deliver the most complete, reliable data possible. This synergy has the potential to bring something truly groundbreaking to the OSINT landscape, revolutionize investigative work, and make the world a safer place.”

About Social Links

Social Links is a leading open-source intelligence (OSINT) provider, bringing together data from 500+ sources covering social media, messengers, blockchains, and the Dark Web. The company’s ML-powered solutions facilitate data-driven investigations for law enforcement, national security, cybersecurity, due diligence, and more.

About Constella Intelligence  

Constella.ai offers comprehensive identity protection solutions that leverage deep and dark web intelligence to provide actionable insights. Our solution integrates seamlessly with existing security systems and prioritizes data security through compliance with industry standards. With the world’s largest breach database, containing over Trillion data attributes and 200 billion Identity records in 125+ countries and over 53 languages, Constella sets the standard in data depth and security. Our expertise in OSINT investigations provides critical insights into digital footprints, offering a decisive edge in protecting and securing your data. Ready for a secure future? Reach out to Constella today and stay one step ahead of digital threats.


Placeholder.

A Tale of Two Identity Trends: Minimizing privacy for criminals & maximizing our own

Never before have our identities been so publicly available, minimizing privacy.

From our exact location (mobile phone GPS) to evolving physical appearances (Instagram) and even our internal thoughts (X, formally-Twitter), the internet is a treasure trove for validating and attributing identity and intentions.

The birth of the OSINT expert

The explosion of Open Source Intelligence (OSINT) professionals shows us that a lot of skill and effort is involved to weave together all this personal exposure into an actionable piece of intelligence. If there was a magic button to profile an identity, we wouldn’t need OSINT experts. Far from falling victim to automation, the OSINT expert community is actually booming.

The OSINT community is full of helpful ‘How to’ guides and libraries showcases 100s of tools to help finding people. Yes, Social Media is a primary source, but from wedding gift registries, flight records, archived webpage capture, vehicle history and electoral rolls, there’s plenty more to keep an investigator busy when identifying someone.

OSINT done right is a highly specialized and laborious task. And it’s only getting harder.

Criminals are painting us into a corner – minimizing privacy

Meta recently stopped API access to Facebook Groups, and in 2023 X started what many deem as phase one of monetizing or gating API access to its rich content.

This comes just as End-2-End Encryption (E2EE) is being rolled out in earnest across all remaining social messengers. A perfect storm for OSINT investigators. Less data (or exclusionary data) equals less intelligence.

For the sake of privacy, many welcome these initiatives, and indeed privacy is often the trigger for these policies in the first place. But you don’t need to go far to find investigators, especially tasked with unmasking criminals, unhappy with this direction.

Such is the reaction from OSINT community that one start up even became a privacy champion in response to X’s API restrictions , switching from consuming X … to protecting users from X.

This response from the market is to be expected. Without co-dependence between platforms and 3rd parties, a quasi-adversarial culture of VPNs, privacy tools and takedown services have sprung up in response.

Identity: A weapon for criminals

But a boom in any market brings with it fraudsters and manipulators. There are criminals in all walks of life. Ironically, the privacy industry can’t escape identity thieves.

For example, Brian Krebs (with the help of Constella) recently investigated various consumer data brokers and people-search providers – such as OneRep and Radaris – both of which have links to Belarus and Russia… respectively raising suspicions.

Criminals have more options: more privacy tools at their disposal…to fight an increasingly disjointed enemy of manual OSINT investigators, regulators and privacy activists.

Identity: A weapon for us

Here’s where we believe exposed identity data – that is, the mass dumps of identity information found online – can changes things for the better.

Apart from the obvious protection that being aware of exposed credentials offer individuals and business (social engineering, ATO and synthetic ID fraud remain top threat vectors of attack), exposed identity data fills the gap for an OSINT investigator searching for an effective response to new online profiling obstacles.

As outlined by Krebs above, and in countless other OSINT investigations, aliases identified in breached datasets join the dots between people and networks the surface web cannot resolve by itself. What’s more, it’s a dataset which, by its nature, can’t be put back in the box and subject to takedown. It’s a decentralized and uncontrolled treasure chest. There’s nothing a criminal can do to stop it.

By Lindsay Whyte

Website Privacy Policy

Website Privacy Policy

Website Privacy Policy

Last Updated: December 15th, 2020

At Constella Intelligence, Inc. (“Constella”, “we”, or “us”), we take your privacy seriously. This Online Privacy Policy (the “Privacy Policy”) explains how we collect, share, use, and protect your Personal Data (defined below) when you visit or use our online service, including our website, products and services offered at constellaintelligence.com and any other online services offered by Constella and its affiliates (collectively, our “Services”).

Some Services utilize data that we collect from available open sources on the surface, social, deep, and dark webs at high pace, and that we place into one or more of our proprietary databases (collectively, the “Datalake”). Data that we collect from such sources may or may not include your Personal Data. Any data that we ultimately place into the Datalake from these available open sources on the Internet is independent of your interactions with our Services.  Simply put, we have no control over whether the Datalake contains your Personal Data.  Our collection, use, processing, and protection of such data collected from the Internet are separately governed by the Datalake Privacy Notice. Please review the Datalake Privacy Notice for more information. The Datalake Privacy Notice supplements (and does not supersede) this Privacy Policy; however, in the event of any conflict between the Datalake Privacy Notice and this Privacy Policy, the Datalake Privacy Notice shall prevail with respect to any data (including Personal Data contained therein) collected by us from the Internet for the Datalake.

Please read this Privacy Policy to learn how we treat your personal information collected when you access or use our Services. By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use and share your information as described in this Privacy Policy.

Remember that your use of the Services is at all times subject to our Terms of Use, which incorporates this Privacy Policy and the Datalake Privacy Notice. Any terms we use in this Privacy Policy without defining them have the definitions given to them in the Terms of Use.

You may print a copy of this Privacy Policy by clicking here. If you have a disability, you may access this Privacy Policy in an alternative format by contacting privacy@constellaintelligence.com.

  1. What this Privacy Policy Covers

This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules or regulations. As noted above, this Privacy Policy doesn’t cover our practice of collecting data from available open sources on the Internet and any Personal Data that may be contained in such data. Please refer to our Datalake Privacy Notice for more information. Also, this Privacy Policy does not cover the practices of companies we don’t own or control, or people we don’t manage.

  1. Categories of Personal Data We Collect

This section details the categories of Personal Data that we collect and have collected over the past 12 months:

Sources of Personal Data

We collect Personal Data about you from the following categories of sources:

  • You:
    • When you provide such information directly to us (see the subsection titled “Information You Provide to Us” below).
    • When Personal Data about you is automatically collected in connection with your use of our Services (see the subsection titled “Information Collected Automatically” below).
  • Third Parties:
    • Third parties may provide us with Personal Data about you. Third parties that share your Personal Data with us include:
      • Clients. We may receive information about you from some of our enterprise clients who purchase our Services, in order to assist those clients in offering identity theft protection, account monitoring, and other protection services to you.
      • Service providers. For example, we may use analytics service providers to analyze how you interact and engage with the Services, or third parties may help us to provide you with customer support.

 

Information You Provide to Us:

We receive and store any information that you provide to us.  For example, through the registration process and/or through your account settings, we may collect information such as your first name, last name, email address, phone number, and your company name, and your title. Certain information may be required to register with us, schedule a demo, contact us, or take advantage of portions of the Services or some of our features.

Information Collected Automatically

The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser and tell us how and when you visit and use our Services, to analyze trends, to learn about our user base and to operate and improve our Services. Cookies are small pieces of data – usually text files – placed on your computer, tablet, phone, or similar device when you use that device to access our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). Please note that because of our use of Cookies, the Services do not support “Do Not Track” requests sent from a browser at this time.

We use the following types of Cookies:   

  • Essential Cookies. Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features and services unavailable.
  • Functional Cookies. Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • Performance/Analytical Cookies. Performance/Analytical Cookies allow us to understand how visitors use our Services such as by collecting information about the number of visitors to the Services, what pages visitors view on our Services and how long visitors are viewing pages on the Services. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Services’ content for those who engage with our advertising. For example, Google Inc. (“Google”) uses cookies in connection with its Google Analytics services. Google’s ability to use and share information collected by Google Analytics about your visits to the Services is subject to the Google Analytics Terms of Use and the Google Privacy Policy. You have the option to opt-out of Google’s use of Cookies by visiting the Google advertising opt-out page at www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/.

You can decide whether or not to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website, and some of the Services and functionality may not work.

To explore what Cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. To find out more information about Cookies, including information about how to manage and delete Cookies, please visit allaboutcookies.org/ or ico.org.uk/for-the-public/online/cookies/ if you are located in the European Union.

  • How We Use Your Personal Data

We process Personal Data to operate, improve, understand and personalize our Services. We use Personal Data for the following purposes:

  • To offer products and services that are designed to protect against or deter fraudulent, illegal or harmful actions and to assist our clients with maintaining the safety, security and integrity of their products and information relating to their customers (which may include you). Please refer to our Datalake Privacy Notice for additional details.
  • To offer products and services that are designed to: (i) map and cluster online data, and enable real-time visualizations and insights into that data; (ii) help turn vast amounts of complex online data into valuable, actionable intelligence; and (iii) fully immerse users in interactive visual representations of datasets.
  • To meet or fulfill the reason you provided, directly or indirectly, the information to us.
  • To communicate with you about the Services, including Service announcements, updates, or offers.
  • To provide support and assistance for the Services.
  • To create and manage your account or other user profiles.
  • To personalize website content and communications based on your preferences.
  • To process orders or other transactions.
  • To respond to user inquiries and fulfill user requests.
  • To improve and develop the Services, including testing, research, analysis, and product development.
  • To comply with our legal or contractual obligations, resolve disputes, and enforce our Terms of Use.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • For any other business purpose stated when collecting your Personal Data, or as otherwise set forth in applicable data privacy laws such as the California Consumer Privacy Act (the “CCPA”).

We will not use the Personal Data we collect for materially different, unrelated, or incompatible purposes without providing you notice.

As noted in the list above, we may communicate with you if you’ve provided us with the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers or email you about your use of the Services. Also, we may receive a confirmation when you open an email from us, which helps us improve our Services. If you do not want to receive communications from us, please indicate your preference by emailing us at privacy@constellaintelligence.com.

  1. How We Share Your Personal Data

Categories of Third Parties with Whom We Share Personal Data

We disclose your Personal Data as described above to the following categories of third parties:  

  • Clients
    • These are our clients who purchase our Services for the purpose of detecting or deterring fraudulent, illegal, or harmful actions and to maintaining the safety, security, and integrity of their products and information relating to their individual customers (which may include you). In most cases, our clients share specific types of Personal Data about you with us in the first place, and our clients are responsible for obtaining your consent for such sharing.  Our Services process such data with the goal of determining whether there is a correlation with the data records we have in the Datalake. We only share Personal Data for this purpose according to the specific criteria of the data search or requests as instructed by our clients. For clarity, we do not compile your Personal Data to create a profile.
  • Service Providers
    • These are third parties that help us provide our Services, including payment processors, security and fraud prevention providers, hosting and other technology and communications providers, analytics providers, and staff augmentation and contract personnel.
  • Acquirers
    • Your Personal Data may also be transferred to a third party if we undergo a merger, acquisition, bankruptcy, or other transaction in which that third party assumes control of our business (in whole or in part).

Disclosures of Personal Data for a Business Purpose

We disclose your Personal Data to service providers and other parties for the following business purposes:

  • Auditing related to a current interaction and concurrent transactions, including, but not limited to, auditing compliance with this specification and other standards.
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Mapping and clustering online data, and enabling real-time visualizations and insights into that data.
  • Debugging to identify and repair errors that impair existing intended functionality.
  • Short-term, transient use of Personal Data that is not used by another party to build a consumer profile or otherwise alter your consumer experience outside the current interaction.
  • Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytics services, or providing similar services on behalf of the business or service provider.
  • Undertaking internal research for technological development and demonstration.
  • Undertaking activities to verify or maintain the quality or safety of a service or device that we own, manufacture (or that was manufactured for us), or control.
  1. Data Security and Retention

We seek to protect your Personal Data from unauthorized access, use, and disclosure using appropriate physical, technical, organizational, and administrative security measures based on the type of Personal Data and how we are processing that data. For example, the Services use industry-standard Secure Sockets Layer (SSL) technology to allow for the encryption of Personal Data in our control. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser, and signing off after you have finished accessing your account with any online services.

We retain Personal Data about you for as long as necessary to provide our Services. In some cases, we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes, or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

  1. Personal Data of Children

As noted in the Terms of Use, we do not knowingly collect or solicit Personal Data about children under 16 years of age; if you are a child under the age of 16, please do not attempt to register for or otherwise use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 16 years of age, we will delete that information as quickly as possible. If you believe that a child under 16 years of age may have provided Personal Data to us, please contact us at privacy@constellaintelligence.com.

  • California Resident Rights

If you are a California resident, you have the rights set forth in this section. Please see the “Exercising Your Rights” section below for instructions regarding how to exercise these rights. Please note that we may process Personal Data of our customers’ end users or employees in connection with our provision of certain Services to our customers. If we are processing your Personal Data as a service provider, you should contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data.

If there are any conflicts between this section and any other provision of this Privacy Policy and you are a California resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us at privacy@constellaintelligence.com.

For the sake of clarity, the rights set forth in this Section VII do not cover data that may be contained in the Datalake.  Please refer to our Datalake Privacy Notice for more information on your rights with respect to data that may be contained in the Datalake.

Exercising Your Rights

Please follow the instructions and requirements described below and on our websites when submitting your requests. Requests that fail to comply with any of these instructions and requirements may result in delayed or no response.

To exercise the rights described below as a California resident, you must send us a request (1) that provides sufficient information (including, without limitation, email verification) to allow us to verify that (i) you are the person about whom we have collected Personal Data, (ii) you, as the requester, are the same person as the data subject for whose information you’re requesting (or such person’s parent/guardian), (2) that describes your request in sufficient detail to allow us to understand, evaluate and respond to it, (3) that declares, under the penalty of perjury, that you’re exercising your rights under the CCPA as a California resident solely for lawful purposes, and (4) in a way that does not and would not unduly burden or otherwise abuse our data request system and/or our Services. Each request that meets all of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will use commercially reasonable efforts to determine whether a request may be for harmful, fraudulent, deceptive, threatening, harassing, defamatory, obscene, or otherwise objectionable purposes, and we reserve the right not to respond to such request. We will only use Personal Data provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.

We will work to respond to your Valid Request within 45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.

You may submit a Valid Request using the following methods:

You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.

 

Access

You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. In response to a Valid Request, we will provide you with the following information:

  • The categories of Personal Data that you requested and we have collected about you.
  • The categories of sources from which that Personal Data was collected.
  • The business or commercial purpose for collecting or selling your Personal Data.
  • The categories of third parties with whom we have shared your Personal Data.
  • The specific pieces of Personal Data that you explicitly requested and we have collected about you.

If we have disclosed your Personal Data to any third parties for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third party recipient. If we have sold your Personal Data over the past 12 months, we will identify the categories of Personal Data sold to each category of third-party recipient.

Deletion

You have the right to request that we delete the Personal Data that we have collected about you. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.

Personal Data Sales Opt-Out and Opt-In

We will not sell your Personal Data, and have not done so over the last 12 months. To our knowledge, we do not sell the Personal Data of minors under 16 years of age.

We Will Not Discriminate Against You for Exercising Your Rights Under the CCPA

We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the CCPA) with varying prices, rates or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.

  • Other State Law Privacy Rights

California Resident Rights

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at privacy@constellaintelligence.com.

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services that you do not wish such operators to track certain of your online activities over time and across different websites.  Our Services do not support Do Not Track requests at this time. To find out more about “Do Not Track,” you can visit www.allaboutdnt.com.

Nevada Resident Rights

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Data to third parties who intend to license or sell that Personal Data. We do not engage in such “sale” of your Personal Data covered by this Online Privacy Policy. If you have any questions regarding your sale opt-out right as a Nevada resident, please contact us at privacy@constellaintelligence.com with the subject line “Nevada Do Not Sell Request” and provide us with your name and the email address associated with your account.

  1. European Union Data Subject Rights

EU Residents

If you are a resident of the European Union (“EU”), United Kingdom, Lichtenstein, Norway or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your Personal Data, as outlined below.

For this section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure.

If there are any conflicts between this section and any other provision of this Privacy Policy, the policy or portion that is more protective of Personal Data shall control to the extent of such conflict.  If you have any questions about this section or whether any of the following applies to you, please contact us at privacy@constellaintelligence.com. Note that we may also process Personal Data of our customers’ end users or employees in connection with our provision of certain services to customers, in which case we are the processor of Personal Data. If we are the processor of your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data.

We may need to collect and process Personal Data in order to provide requested information, provide the Services to you, or because we are legally required to do so. Regarding Personal Data that may be collected in the use of the Constella website, Constella Intelligence, Inc., will act as the data controller. You can contact us at the following address: 289 S. San Antonio Road, Suite 110, Los Altos, CA 94022. We also have a branch Sucursal en España located at C/Acanto 22, 13th floor, 28045, Madrid (Spain).  Our email address: privacy@constellaintelligence.com.

In compliance with data protection regulations, the company has appointed a Data Protection Officer (DPO). For any questions regarding data protection or this Privacy Policy, you may contact our DPO at the following email address: privacy@constellaintelligence.com.

For the sake of clarity, the rights set forth in this Section IX do not cover data that may be contained in the Datalake.  Please refer to our Datalake Privacy Notice for more information on your rights with respect to data that may be contained in the Datalake.

INFORMATION OBTAINED FROM OUR WEBSITE

We collect information from you, including Personal Data, when you fill out a form. When registering on our website, you may be asked to enter your name or e-mail address. You also may, however, visit our website anonymously.

Purposes for the processing

We will use your Personal Data for providing the different Services you may contract with us to provide, schedule a demonstration of our software, administer promotions or surveys or any other website feature, send periodic emails, and respond to other requests or questions you may raise. Your personal data will also be used for the management of the contractual relationship between us.

Lawful basis for the processing

For the processing of your Personal Data, our legal basis depends on how you interact with the Services. We may base the processing of data on other legal bases, such as our legitimate interests as a company, the fulfillment of a legal obligation, or the management of our contractual relationship.

When we send marketing communications to our clients, the legal basis for such communications shall be the client’s explicit consent.

Do we disclose any information to third parties?

Except as stated under Section IV (How We Share Your Personal Data) above, we do not disclose or otherwise transfer to outside parties your personally identifiable information. We may also release your information when said release is appropriate to comply with the law, enforce our policies or the Terms of Use, protect our rights, property, or safety, or protect the rights, property, or safety of third parties.   

Constella will only disclose your Personal Data if any of the following lawful bases occur:

Consent:

We will not share or disclose your nonpublic information except to deliver Services to you or on your behalf unless you affirmatively opt-in to such sharing.

Constella will also process your Personal Data to send to you important information regarding the Services, your account status, changes to the Terms of Use, this Privacy Policy, or any other policies, agreements, or transactions relevant to your use of the Services.

Legal requirements:

Constella may share your information without your consent if the disclosure of such information is reasonably necessary to:

  • Satisfy any applicable law, regulation, legal process, or valid governmental request; or
  • Detect, prevent, or otherwise address fraud, security, or technical issues.

Retention periods

We will retain your Personal Data for as long as necessary in accordance with the purpose(s) for which it was collected and in accordance with applicable law. The criteria used to determine our retention periods include:

  • the length of time during which we have a relationship with you;
  • whether there is a legal obligation to which we are subject; and
  • whether retention is advisable in light of the legal position to which we are subject (such as that relating to applicable limitations or statutes, pending litigation, or regulatory investigations).

 

How can you exercise your data protection rights?

If you would like to review, correct, update, suppress, delete or otherwise limit our use of your Personal Data that has been previously provided to us, or if you would like to request an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent you have a right to data portability under applicable law), you may make a request by contacting us using the information provided in the contact section of the website. We will respond to your request in a manner consistent with applicable law.

For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and consistent with applicable law. Please note that once you exercise your rights to delete your data, we will duly block your data for as long as liability can be derived in accordance with applicable law.

You can exercise your rights by sending a request to the contact address above or to the following email address: privacy@constellaintelligence.com. You must include detailed information and documentation proving your identity in order to manage your request satisfactorily. We will process your request and give you an answer within the time limits set by current legislation.

  1. Changes to this Privacy Policy

We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time, but we will alert you to any such changes by placing a notice on our website, by sending you an email, and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes. The use of information we collect is subject to the Privacy Policy in effect at the time such information is collected.

  1. Contact Information:

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us at:

If you are located in the European Union, you may use the following information to contact our Data Protection Officer and our European Union-Based Member Representative:

  • Our branch office in the European Union: Sucursal en España located at C/Acanto 22, 13th floor, 28045, Madrid (Spain)
  • Data Protection Officer: privacy@constellaintelligence.com.

Annual Records

Last updated: July 1, 2021

The following chart provides statistics about our responses to requests from California residents over the past calendar year:

 Requests to KnowRequests to DeleteRequests to Opt-Out
Requests received:000
Requests complied with:000
Requests denied:000
Median response time (in days):000
 

Terms of Use

Terms of Use

Terms of Use

Last Updated: December 15th, 2020

Welcome to Constella. Please read on to learn the rules and restrictions that govern your use of our website (the “Site”). If you have any questions, comments, or concerns regarding these terms or the Site, please contact us at:

Email: info@constellaintelligence.com

Address: Constella Intelligence, Inc., 289 S. San Antonio Road, Suite 110, Los Altos, CA 94022, Attn: General Counsel

These Terms of Use (the “Terms”) are a binding contract between you and Constella Intelligence, Inc. (“Constella,” “we” or “us”). Your use of the Site in any way means that you agree to all of these Terms, and these Terms will remain in effect while you use the Site or any part of it. These Terms include the provisions in this document as well as those in the Privacy Policy and any other relevant policies. Your use of or participation in certain product and services offered by Constella may also be subject to additional policies, rules and/or conditions (“Additional Terms”), which are incorporated herein by reference, and you understand and agree that by using or participating in any such products or services, you agree to also comply with all Additional Terms.

Please read these Terms carefully. They cover important information about the Site. These Terms include information about future changes to these Terms, limitations of liability, a class action waiver, and resolution of disputes by arbitration instead of in court. PLEASE NOTE THAT YOUR USE OF AND ACCESS TO OUR SITE ARE SUBJECT TO THE FOLLOWING TERMS; IF YOU DO NOT AGREE TO ALL OF THE FOLLOWING, YOU MAY NOT USE OR ACCESS THE SITE IN ANY MANNER.

ARBITRATION NOTICE AND CLASS ACTION WAIVER: EXCEPT FOR CERTAIN TYPES OF DISPUTES DESCRIBED IN THE ARBITRATION AGREEMENT SECTION BELOW, YOU AGREE THAT DISPUTES BETWEEN YOU AND US WILL BE RESOLVED BY BINDING, INDIVIDUAL ARBITRATION AND YOU WAIVE YOUR RIGHT TO PARTICIPATE IN A CLASS ACTION LAWSUIT OR CLASS-WIDE ARBITRATION.

Will these Terms ever change?

We are constantly trying to improve our Site, so these Terms may need to change along with our Site. We reserve the right to change the Terms at any time, but if we do, we will place a notice on our site located at https://constellaintelligence.com, send you an email, and/or notify you by some other means.

If you don’t agree with the new Terms, you are free to reject them; unfortunately, that means you will no longer be able to use the Site. If you use the Site in any way after a change to the Terms is effective, that means you agree to all of the changes.

Except for changes by us as described here, no other amendment or modification of these Terms will be effective unless in writing and signed by both you and us.

What about my privacy?

Constella takes the privacy of its users very seriously. Read the current Constella Privacy Policy.

Children’s Online Privacy Protection Act

The Children’s Online Privacy Protection Act (“COPPA”) requires that online service providers obtain parental consent before they knowingly collect personally identifiable information online from children who are under 13 years of age. We do not knowingly collect or solicit personally identifiable information from children under 13 years of age; if you are a child under 13 years of age, please do not attempt to register for or otherwise use the Site or send us any personal information. If we learn we have collected personal information from a child under 13 years of age, we will delete that information as quickly as possible. If you believe that a child under 13 years of age may have provided us personal information, please contact us at support@constellaintelligence.com.

What are the basics of using the Site?

You represent and warrant that you are an individual of legal age to form a binding contract (or if not, you’ve received your parent’s or guardian’s permission to use the Site and have gotten your parent or guardian to agree to these Terms on your behalf). If you’re agreeing to these Terms on behalf of an organization or entity, you represent and warrant that you are authorized to agree to these Terms on that organization’s or entity’s behalf and bind them to these Terms (in which case, the references to “you” and “your” in these Terms, except for in this sentence, refer to that organization or entity).

You will only use the Site for your own internal, personal, non-commercial use, and not on behalf of or for the benefit of any third party, and only in a manner that complies with all laws that apply to you. If your use of the Site is prohibited by applicable laws, then you aren’t authorized to use the Site. We can’t and won’t be responsible for your using the Site in a way that breaks the law.

What about messaging?

As part of the Site, you may receive communications through the Site, including messages that Constella sends you (for example, via email). 

Are there restrictions in how I can use the Site?

You represent, warrant, and agree that you will not contribute any Content or User Submission (each of those terms is defined below) or otherwise use the Site or interact with the Site in a manner that:

  1. infringes or violates the intellectual property rights or any other rights of anyone else (including Constella);
  2. violates any law or regulation, including, without limitation, any applicable export control laws, privacy laws or any other purpose not reasonably intended by Constella;
  3. is dangerous, harmful, fraudulent, deceptive, threatening, harassing, defamatory, obscene, or otherwise objectionable;
  4. attempts, in any manner, to obtain the password, account, or other security information from any other user;
  5. violates the security of any computer network, or cracks any passwords or security encryption codes;
  6. runs Maillist, Listserv, any form of auto-responder or “spam” on the Site, or any processes that run or are activated while you are not logged into the Site, or that otherwise interfere with the proper working of the Site (including by placing an unreasonable load on the Site’s infrastructure);
  7. “crawls,” “scrapes,” or “spiders” any page, data, or portion of or relating to the Site or Content (through use of manual or automated means);
  8. copies or stores any significant portion of the Content; or
  9. decompiles, reverse engineers, or otherwise attempts to obtain the source code or underlying ideas or information of or relating to the Site.

A violation of any of the foregoing is grounds for termination of your right to use or access the Site.

What are my rights in the Site?

The materials displayed or performed or available on or through the Site, including, but not limited to, text, graphics, data, articles, photos, images, illustrations, and so forth (all of the foregoing, the “Content”) are protected by copyright and/or other intellectual property laws. You promise to abide by all copyright notices, trademark rules, information, and restrictions contained in any Content you access through the Site, and you won’t use, copy, reproduce, modify, translate, publish, broadcast, transmit, distribute, perform, upload, display, license, sell, commercialize or otherwise exploit for any purpose any Content not owned by you, (i) without the prior consent of the owner of that Content or (ii) in a way that violates someone else’s (including Constella’s) rights.

Subject to these Terms, we grant each user of the Site a worldwide, non-exclusive, non-sublicensable, and non-transferable license to use (i.e., to download and display locally) Content solely for purposes of using the Site. Use, reproduction, modification, distribution, or storage of any Content for any purpose other than using the Site is expressly prohibited without prior written permission from us. You understand that Constella owns the Site. You won’t modify, publish, transmit, participate in the transfer or sale of, reproduce (except as expressly provided in this Section), create derivative works based on, or otherwise exploit any of the Site, or any part of it. The Site may allow you to copy or download certain Content, but please remember that even where these functionalities exist, all the restrictions in this section still apply.

What about anything I contribute to the Site – do I have to grant any licenses to Constella or to other users?

User Submissions

Anything you post, upload, share, store, or otherwise provide through the Site is your “User Submission.” Some User Submissions may be viewable by other users. You are solely responsible for all User Submissions you contribute to the Site. You represent that all User Submissions submitted by you are accurate, complete, up-to-date, and in compliance with all applicable laws, rules and regulations.

You agree that you will not post, upload, share, store, or otherwise provide through the Site any User Submissions that: (i) infringe any third party’s copyrights or other rights (e.g., trademark, privacy rights, etc.); (ii) contain sexually explicit content or pornography; (iii) contain hateful, defamatory, or discriminatory content or incite hatred against any individual or group; (iv) exploit minors; (v) depict unlawful acts or violence; (vi) depict animal cruelty or violence towards animals; (vii) promote fraudulent schemes, multi-level marketing (MLM) schemes, get rich quick schemes, online gaming and gambling, cash gifting, work from home businesses, or any other dubious money-making ventures; or (viii) that violate any law.

Licenses

In order to display your User Submissions on the Site, and to allow other users to enjoy them (where applicable), you grant us certain rights in those User Submissions (see below for more information). Please note that all of the following licenses are subject to our Privacy Policy to the extent they relate to User Submissions that are also your personally-identifiable information.

By submitting User Submissions through the Site, you hereby do and shall grant Constella a worldwide, non-exclusive, irrevocable, perpetual, royalty-free, fully paid, sublicensable, and transferable license to translate, use, edit, modify (for technical purposes, for example, making sure your content is viewable on a mobile device as well as a computer), truncate, aggregate, reproduce, distribute, prepare derivative works of, display, perform, and otherwise fully exploit the User Submissions in connection with the Site and our (and our successors’ and assigns’) businesses, including without limitation for promoting and redistributing part or all of the Site (and derivative works thereof) in any media formats and through any media channels (including, without limitation, third party websites and feeds), and including after your termination of your account or the Site. You also hereby do and shall grant each user of the Site a non-exclusive, perpetual license to access your User Submissions through the Site, and to use, edit, modify, reproduce, distribute, prepare derivative works of, display and perform such User Submissions, including after your termination of your account or the Site. For clarity, the foregoing license grants to us and our users do not affect your other ownership or license rights in your User Submissions, including the right to grant additional licenses to your User Submissions, unless otherwise agreed in writing. You represent and warrant that you have all rights to grant such licenses to us without infringement or violation of any third party rights, including without limitation, any privacy rights, publicity rights, copyrights, trademarks, contract rights, or any other intellectual property or proprietary rights.

You may from time to time provide suggestions, comments or other feedback to Constella with respect to the Site or Constella’s products or services (“Feedback”).  Feedback shall not create any confidentiality obligation for Constella notwithstanding anything else.  You hereby grant to Constella a nonexclusive, worldwide, perpetual, irrevocable, transferable, sub-licensable, royalty-free, fully paid-up license to use and exploit the Feedback for any purpose.

Who is responsible for what I see and do on the Site?

Any information or Content publicly posted or privately transmitted through the Site is the sole responsibility of the person from whom such Content originated, and you access all such information and Content at your own risk, and we aren’t liable for any errors or omissions in that information or Content or for any damages or loss you might suffer in connection with it. We cannot control and have no duty to take any action regarding how you may interpret and use the Content or what actions you may take as a result of having been exposed to the Content, and you hereby release us from all liability for you having acquired or not acquired Content through the Site. We can’t guarantee the identity of any users with whom you interact in using the Site and are not responsible for which users gain access to the Site.

You are responsible for all Content you contribute, in any manner, to the Site, and you represent and warrant you have all rights necessary to do so, in the manner in which you contribute it.

The Site may contain links or connections to third-party websites or services that are not owned or controlled by Constella. When you access third-party websites or use third-party services, you accept that there are risks in doing so, and that Constella is not responsible for such risks.

Constella has no control over, and assumes no responsibility for, the content, accuracy, privacy policies, or practices of or opinions expressed in any third-party websites or by any third party that you interact with through the Site. In addition, Constella will not and cannot monitor, verify, censor or edit the content of any third-party site or service. We encourage you to be aware when you leave the Site and to read the terms and conditions and privacy policy of each third-party website or service that you visit or utilize. By using the Site, you release and hold us harmless from any and all liability arising from your use of any third-party website or service.

Your interactions with organizations and/or individuals found on or through the Site, including payment and delivery of goods or services, and any other terms, conditions, warranties or representations associated with such dealings, are solely between you and such organizations and/or individuals. You should make whatever investigation you feel necessary or appropriate before proceeding with any online or offline transaction with any of these third parties. You agree that Constella shall not be responsible or liable for any loss or damage of any sort incurred as the result of any such dealings.

If there is a dispute between participants on the Site, or between users and any third party, you agree that Constella is under no obligation to become involved. In the event that you have a dispute with one or more other users, you release Constella, its directors, officers, employees, agents, and successors from claims, demands, and damages of every kind or nature, known or unknown, suspected or unsuspected, disclosed or undisclosed, arising out of or in any way related to such disputes and/or our Site. You shall and hereby do waive California Civil Code Section 1542 or any similar law of any jurisdiction, which says in substance: “A general release does not extend to claims that the creditor or releasing party does not know or suspect to exist in his or her favor at the time of executing the release and that if known by him or her, would have materially affected his or her settlement with the debtor or released party.”

Will Constella ever change the Site?

We’re always trying to improve our Site, so it may change over time. We may suspend or discontinue any part of the Site, or we may introduce new features or impose limits on certain features or restrict access to parts or all of the Site. We reserve the right to remove any Content from the Site at any time, for any reason (including, but not limited to, if someone alleges you contributed that Content in violation of these Terms), in our sole discretion, and without notice.

Does the Site cost anything?

The Site may be free or we may elect to charge a fee for using portions of the Site. If you are using a free version of the Site, we will notify you before any Site you are then using begins carrying a fee, and if you wish to continue using that portion of the Site, you must pay all applicable fees for that portion of the Site and may be required to agree to additional terms.

What if I want to stop using the Site?

You’re free to do that at any time; please refer to our Privacy Policy, as well as the licenses above, to understand how we treat information you provide to us after you have stopped using our Site.

Constella is also free to terminate (or suspend access to) your use of the Site for any reason in our discretion, including your breach of these Terms. Constella has the sole right to decide whether you are in violation of any of the restrictions set forth in these Terms.

Provisions that, by their nature, should survive termination of these Terms shall survive termination. By way of example, all of the following will survive termination: any obligation you have to indemnify us, any limitations on our liability, any terms regarding ownership or intellectual property rights, and terms regarding disputes between us, including without limitation the arbitration agreement.

What else do I need to know?

Warranty Disclaimer. Constella and its licensors, suppliers, partners, parent, subsidiaries or affiliated entities, and each of their respective officers, directors, members, employees, consultants, contract employees, representatives and agents, and each of their respective successors and assigns (Constella and all such parties together, the “Constella Parties”) make no representations or warranties concerning the Site, including without limitation regarding any Content contained in or accessed through the Site, and the Constella Parties will not be responsible or liable for the accuracy, copyright compliance, legality, or decency of material contained in or accessed through the Site or any claims, actions, suits procedures, costs, expenses, damages or liabilities arising out of use of, or in any way related to your participation in, the Site. The Constella Parties make no representations or warranties regarding suggestions or recommendations of services or products offered or purchased through or in connection with the Site. THE SITE AND CONTENT ARE PROVIDED BY CONSTELLA (AND ITS LICENSORS AND SUPPLIERS) ON AN “AS-IS” BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR THAT USE OF THE SITE WILL BE UNINTERRUPTED OR ERROR-FREE. SOME STATES DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, SO THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU.

Limitation of Liability. TO THE FULLEST EXTENT ALLOWED BY APPLICABLE LAW, UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, TORT, CONTRACT, STRICT LIABILITY, OR OTHERWISE) SHALL ANY OF THE CONSTELLA PARTIES BE LIABLE TO YOU OR TO ANY OTHER PERSON FOR (A) ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES OF ANY KIND, INCLUDING DAMAGES FOR LOST PROFITS, BUSINESS INTERRUPTION, LOSS OF DATA, LOSS OF GOODWILL, WORK STOPPAGE, ACCURACY OF RESULTS, OR COMPUTER FAILURE OR MALFUNCTION, (B) ANY SUBSTITUTE GOODS, SERVICES OR TECHNOLOGY, (C) ANY AMOUNT, IN THE AGGREGATE, IN EXCESS OF ONE-HUNDRED ($100) DOLLARS OR (D) ANY MATTER BEYOND OUR REASONABLE CONTROL. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL OR CERTAIN OTHER DAMAGES, SO THE ABOVE LIMITATION AND EXCLUSIONS MAY NOT APPLY TO YOU.

Indemnity. You agree to indemnify and hold the Constella Parties harmless from and against any and all claims, liabilities, damages (actual and consequential), losses and expenses (including attorneys’ fees) arising from or in any way related to any claims relating to (a) your use of the Site, and (b) your violation of these Terms. In the event of such a claim, suit, or action (“Claim”), we will attempt to provide notice of the Claim to the contact information we have for your account (provided that failure to deliver such notice shall not eliminate or reduce your indemnification obligations hereunder).

Assignment. You may not assign, delegate or transfer these Terms or your rights or obligations hereunder, or any account, in any way (by operation of law or otherwise) without Constella prior written consent. We may transfer, assign, or delegate these Terms and our rights and obligations without consent.

Choice of Law. These Terms are governed by and will be construed under the Federal Arbitration Act, applicable federal law, and the laws of the State of California, without regard to the conflicts of laws provisions thereof.

Arbitration Agreement. Please read the following ARBITRATION AGREEMENT carefully because it requires you to arbitrate certain disputes and claims with Constella and limits the manner in which you can seek relief from Constella. Both you and Constella acknowledge and agree that for the purposes of any dispute arising out of or relating to the subject matter of these Terms, Constella’s officers, directors, employees and independent contractors (“Personnel”) are third-party beneficiaries of these Terms, and that upon your acceptance of these Terms, Personnel will have the right (and will be deemed to have accepted the right) to enforce these Terms against you as the third-party beneficiary hereof.

(a) Arbitration Rules; Applicability of Arbitration Agreement. The parties shall use their best efforts to settle any dispute, claim, question, or disagreement arising out of or relating to the subject matter of these Terms directly through good-faith negotiations, which shall be a precondition to either party initiating arbitration. If such negotiations do not resolve the dispute, it shall be finally settled by binding arbitration in Santa Clara County, California. The arbitration will proceed in the English language, in accordance with the JAMS Streamlined Arbitration Rules and Procedures (the “Rules”) then in effect, by one commercial arbitrator with substantial experience in resolving intellectual property and commercial contract disputes. The arbitrator shall be selected from the appropriate list of JAMS arbitrators in accordance with such Rules. Judgment upon the award rendered by such arbitrator may be entered in any court of competent jurisdiction.

(b) Costs of Arbitration. The Rules will govern payment of all arbitration fees. Constella will pay all arbitration fees for claims less than seventy-five thousand ($75,000) dollars. Constella will not seek its attorneys’ fees and costs in arbitration unless the arbitrator determines that your claim is frivolous.

(c) Small Claims Court; Infringement. Either you or Constella may assert claims, if they qualify, in small claims court in Santa Clara County, California or any United States county where you live or work. Furthermore, notwithstanding the foregoing obligation to arbitrate disputes, each party shall have the right to pursue injunctive or other equitable relief at any time, from any court of competent jurisdiction, to prevent the actual or threatened infringement, misappropriation or violation of a party’s copyrights, trademarks, trade secrets, patents or other intellectual property rights.

(d) Waiver of Jury Trial. YOU AND CONSTELLA WAIVE ANY CONSTITUTIONAL AND STATUTORY RIGHTS TO GO TO COURT AND HAVE A TRIAL IN FRONT OF A JUDGE OR JURY. You and Constella are instead choosing to have claims and disputes resolved by arbitration. Arbitration procedures are typically more limited, more efficient, and less costly than rules applicable in court and are subject to very limited review by a court. In any litigation between you and Constella over whether to vacate or enforce an arbitration award, YOU AND CONSTELLA WAIVE ALL RIGHTS TO A JURY TRIAL, and elect instead to have the dispute be resolved by a judge.

(e) Waiver of Class or Consolidated Actions. ALL CLAIMS AND DISPUTES WITHIN THE SCOPE OF THIS ARBITRATION AGREEMENT MUST BE ARBITRATED OR LITIGATED ON AN INDIVIDUAL BASIS AND NOT ON A CLASS BASIS. CLAIMS OF MORE THAN ONE CUSTOMER OR USER CANNOT BE ARBITRATED OR LITIGATED JOINTLY OR CONSOLIDATED WITH THOSE OF ANY OTHER CUSTOMER OR USER. If however, this waiver of class or consolidated actions is deemed invalid or unenforceable, neither you nor Constella is entitled to arbitration; instead, all claims and disputes will be resolved in a court as set forth in (g) below.

(f) Opt-out. You have the right to opt-out of the provisions of this Section by sending written notice of your decision to opt-out to the following address: Constella Intelligence, Inc., 289 S. San Antonio Road, Suite 110, Los Altos, CA 94022, Attn: General Counsel, postmarked within thirty (30) days of first accepting these Terms. You must include (i) your name and residence address, (ii) the email address and/or telephone number associated with your account, and (iii) a clear statement that you want to opt out of these Terms’ arbitration agreement.

(g) Exclusive Venue. If you send the opt-out notice in (f), and/or in any circumstances where the foregoing arbitration agreement permits either you or Constella to litigate any dispute arising out of or relating to the subject matter of these Terms in court, then the foregoing arbitration agreement will not apply to either party, and both you and Constella agree that any judicial proceeding (other than small claims actions) will be brought in the state or federal courts located in, respectively, Santa Clara County, California, or the federal district in which that county falls.

(h) Severability. If the prohibition against class actions and other claims brought on behalf of third parties contained above is found to be unenforceable, then all of the preceding language in this Arbitration Agreement section will be null and void. This arbitration agreement will survive the termination of your relationship with Constella.

Miscellaneous. You will be responsible for paying, withholding, filing, and reporting all taxes, duties, and other governmental assessments associated with your activity in connection with the Site, provided that the Constella may, in its sole discretion, do any of the foregoing on your behalf or for itself as it sees fit. The failure of either you or us to exercise, in any way, any right herein shall not be deemed a waiver of any further rights hereunder. If any provision of these Terms are found to be unenforceable or invalid, that provision will be limited or eliminated, to the minimum extent necessary, so that these Terms shall otherwise remain in full force and effect and enforceable. You and Constella agree that these Terms are the complete and exclusive statement of the mutual understanding between you and Constella and that these Terms supersede and cancel all previous written and oral agreements, communications, and other understandings relating to the subject matter of these Terms. You hereby acknowledge and agree that you are not an employee, agent, partner, or joint venture of Constella, and you do not have any authority of any kind to bind Constella in any respect whatsoever.

Except as expressly set forth in the section above regarding the arbitration agreement, you and Constella agree there are no third-party beneficiaries intended under these Terms.

Six Steps Protect Corporations From Digital Risk

6 Steps for Digital Risk Protection to Safeguard Your Data

Improve your cybersecurity hygiene and reduce exposure.

Digital risk means compromised credentials or other sensitive data falls into the wrong hands, and it can have serious financial consequences as well as negatively impact your brand reputation.

Protect your employees and organization from digital risk such as credential theft and data leakage that could lead to account takeover, ransomware, and other cyber threats by employing these 6 Steps for digital risk protection:

Prevent identity thieves from impersonating key staff and executives.

Mandate the use of virtual private networks (VPNs), password management applications that automatically change passwords, and multifactor authentication (MFA). Secure, encrypted, remote access to the company’s network reduces the potential for unauthorized access.

Protect corporate brands from online disinformation campaigns.

Continuously monitoring the internet and the Dark Web for organized activity that impersonates or misrepresents your brand. Advance warning alerts protect your corporate reputation from digital risk before it’s too late.

Protect personally identifiable information (PII) for Key Employees and their families.

Proactive employee monitoring uncovers employee compromised credentials for sale on the Dark Web – before phone numbers, locations, and other information can be used to build impersonation profiles.

Minimize ransomware and ATO attacks by securing sensitive employee data and accounts.

Wherever that data might reside. Corporate computers, tablets, and smartphones need standardized security directed by a centralized internal authority. Strongly consider extending protection to personal devices for executives and essential staff.

Strictly segregate corporate and personal devices and accounts.

Avoid using personal laptops or devices for work purposes to ensure that poor digital risk protection & data hygiene outside the office does not put your business at risk.

Mandate cybersecurity awareness training of all employees.

Ongoing training and regular reviews will combat compliance fatigue. Consider ongoing incentives to ensure continued good practices and rapid recognition and reporting for suspicious emails, texts, files, or activity.

Finally, treat this process as a continuous cycle for digital risk protection and reduction rather than a final checklist. Go back to the beginning regularly, starting with a Cyber Exposure Risk Assessment to see if you or your company is at risk.

These steps’ powerful benefits include:

  • Corporate and personal protection for brand equity, finances, credit ratings, and reputation
  • Fewer spam and phishing emails
  • Lower risk of account compromise or credential theft
  • Better control over personal and corporate data usage across the internet

Find out if you have been exposed – FREE.


CHECK YOUR EXPOSURE RISK

Exposure Risk 404

Exposure Risk 404

Error 404

Thank you for your interest in Constella’s Free Exposure Risk results. As Constella is committed to protecting your privacy and data, we only keep your data for two weeks. This link has expired.

Still interested in getting Free Exposure Risk results?

If so, please re-submit your email address and company name here , and we’ll deliver your exposure results in minutes!

Constella Intelligence and Telefónica Tech Announce Partnership

Constella Intelligence and Telefónica Tech Announce Partnership to Increase Digital Protection for Customers

PRESS RELEASE

Both companies announced at the RSA Conference 2022 that they will combine Constella’s data lake with Telefónica Tech’s Cloud, Cybersecurity and Artificial Intelligence services to offer consumers and small and medium-sized businesses the highest level of protection against digital threats.

Los Altos (Calif, EEUU) y Madrid (Spain), 08 June 2022 — Today, Telefónica Tech, Telefónica’s digital business unit, and Constella Intelligence, a leader in digital risk protection and identity threat intelligence, announce within RSA Conference a strategic partnership that will combine Constella’s extensive data lake with Telefonica Tech’s cloud, cyber security and AI services. This collaboration offers Telefónica Tech customers enhanced digital threat protection to consumers and small and medium enterprises (SMEs), in the wake of increased cyberattacks and data breaches resulting from increased exposure and a rapidly transforming digital ecosystem.

Telefónica Tech and Constella take another step forward in their robust relationship and will work together to deliver integrated cyber security support and identity and threat protection, among other services. Telefónica Tech customers will be able to benefit from this alliance, unlocking new capabilities to dive deeper into personal data and identity protection and cyber security.

Constella’s technology will enable unmatched coverage, threat anticipation, and protection through its industry-leading data lake–powered by the most extensive curated breach data collection and social analytics reach on the planet, consisting of over 131 billion attributes and 66 billion compromised identity records spanning 125 countries and 53 languages.

Telefónica Tech’s ability to provide customised cyber security services worldwide will enable it to build and deliver solutions that incorporate early warning of data theft on the internet as part of its protection value proposition. This is a further step in Telefónica Tech’s goal to strengthen its cybersecurity portfolio with “360” protection capabilities covering its customers’ devices, data and identities.

Constella’s most recent research shows how consumers, employees, executives, and brands are at increased risk of cyber hostilities—with new insights highlighting that the price of fraudulent credentials sold in dark marketplaces increased 100% year over year. Meanwhile, 78% of executives at companies within the Dow Jones index have fallen victim to data breaches and cyber infiltration.

A Telefónica study also indicates a growing interest among consumers and the self-employed in identity protection services, with more than 75% of consumers and the self-employed finding them of interest.

“At Telefónica Tech we are one step ahead by offering a unique cybersecurity and cloud value proposition because we understand that there is no digitalisation without cyber security. The alliance with Constella reinforces our security capabilities to offer the highest level of protection to companies, thanks to the knowledge that the integration of their data lake in our technologies will provide us, says María Jesús Almazor, CEO of Cybersecurity and Cloud at Telefónica Tech.

“Our digital world is rapidly changing. We are currently witnessing a profound convergence of individual, business, and geopolitical risk in the face of global crises,” said Constella Intelligence CEO, Kailash Ambwani. “Constella’s partnership with Telefónica Tech will multiply our capabilities and innovation as we confront the emerging challenges of our era.”

Watch the announcement video.


ABOUT CONSTELLA INTELLIGENCE

Constella Intelligence is a global leader in Digital Risk Protection, safeguarding 30M+ global users at some of the world’s largest organizations, including 5 of the top 10 U.S. banks. Our solutions are a unique combination of proprietary data, technology, and human expertise to anticipate, identify, and remediate targeted threats to your people, your brand, and your assets at scale—powered by the most extensive breach and social data collection on the planet from the surface, deep and dark web, with over 131 billion attributes and 66 billion compromised identity records spanning 125 countries and 53 languages.

ABOUT TELEFONICA TECK

Telefónica Tech is the leading company in digital transformation. The company has a wide range of services and integrated technological solutions for Cybersecurity, Cloud, IoT, Big Data, or Blockchain. For more information, please visit: https://telefonicatech.com/