Verkada Privacy Policy

When We Collect Personal Data During Online Interactions

When you:

• Visit our Website
• Request a demo, call, or trial from us
• Register for an offer or event (e.g., webinar, training session, partner/reseller event)
• Schedule a meeting with us
• Write to us via our “Contact Us” online form or communicate with us via email, phone, text message, or social media
• Provide us with reviews or feedback
• Subscribe to our marketing communications, including new product launches and newsletters
• Download materials from our Website (e.g., eBooks)
• Apply for our Verkada Partner Program

What We Collect From Online Interactions

The types of personal data we collect from online interactions include, but are not limited to:

• Your name
• Email address
• Physical address
• Company
• Job title
• Payment information
• Phone number
• IP address
• Online identifiers such as advertising IDs
• Device identifiers such as MAC address
• Device metadata such as operating system type and device type
• Information about your use of the Website, such as the pages you visit on our Website, products you view or search for, your scrolling behavior, the duration of your visits to specific pages, information about interaction with pages
• Information you provide when applying for our Verkada Partner Program, such as training and certification data
• Your communications with us, including any comments you send us

How We Use Personal Data From Online Interactions

We use the personal data we collect from online interactions to provide you with our Website and Products, and to pursue our legitimate interests in developing and growing our business, including:

• To respond to your inquiries, such as for a demo or online materials (e.g., eBooks), by using your name and email address.
• To send you emails about the Products you have requested.
• To send you marketing materials via email, such as information about new product launches, events, training materials, new blog posts, newsletters, special offers, and co-marketing initiatives with our reseller partners (you can opt-out of receiving such marketing communications on our Website or via the unsubscribe link in the relevant email).
• To facilitate your participation in training sessions, webinars, the Verkada Partner Program, or other events by using personal data such as your name, email address, and work location.
• To provide technical support or troubleshooting for the Website.
• To ensure security on our Website and prevent fraud.
• To manage our special offers or provide pricing.
• To invite you to review our Website, Products, or other online content.
• To serve you advertising on other websites, for example, by using cookies and similar technologies (for more details, see our Cookie Policy).
• To generate insights and/or analyses based on artificial intelligence to further support our marketing and acquisition activities.
• To analyze the effectiveness of our advertising campaigns.
• To analyze the use of our Website and help personalize your experience.
• To capture your general location to offer you the Website in specific languages and provide region-specific content.
• To comply with applicable law, where legally required, including to enforce our Terms of Service, protect Verkada and others, or as otherwise permitted.
• To share your personal data with our partners and service providers who work with us as needed (for more details, see the “Disclosure of Personal Data” section below).

When We Collect Personal Data From Product Interactions

We collect personal data from Product Interactions when you:

• Create an account on Verkada Command and provide contact and account information.
• Submit inquiries through Command (e.g., support).
• Interact with our internal resources, such as our Knowledge Base with user content.
• Log into, configure, use, and manage your account, and when you interact with our Products.
• Submit custom alert notifications (e.g., motion notifications, tamper notifications, etc.) generated by our Products.
• Provide information in the Verkada Help Center Support Team chat, which may use automated prompts.

We also collect your personal data when we enter into a contractual relationship with you (or your company) regarding information about our Products (e.g., Non-Disclosure Agreement), or to acquire our Products through our customer management software (e.g., Docusign and Ironclad) (e.g., End User Agreement).

What We Collect From Product Interactions

The types of personal data we collect through Product Interactions include:

• Your name
• Email address
• Username
• Encrypted password
• Your company name
• Your organization’s name (including any short names)
• Phone number
• Region
• IP address
• Usage information (e.g., analytics, metrics, performance, configuration information)

How We Use Personal Data From Product Interactions

We use the personal data we collect from Product Interactions to provide you with our Products (e.g., to receive, process, confirm, ship, and track your orders, to develop and improve them, to manage your Verkada Command account) and for other purposes, such as:

• To authenticate your Command account information using your email address and encrypted password.
• To better understand how users access and use our Products to improve their performance, personalize your experience, and develop new products, features, and functionalities.
• To implement real-time responses to customer inquiries and support use cases.
• To provide technical support and troubleshooting.
• To recommend product updates and offers to you.
• To help secure and monitor our Products.

We also use your personal data when we process or fulfill a transaction or a legal agreement (e.g., our End User Agreement), including invoices and orders.

When We Collect Personal Data From Other Sources

We may collect your personal data when you exchange business contact information with us at events, workshops, or meetings (e.g., business cards), when you register for training or partner certification exams, or when you visit one of our office locations.

We may also collect your personal data through (1) our partners (e.g., resellers); (2) third-party sources, including publicly available sources, such as professional contact pages or company websites and social media pages like LinkedIn; or (3) companies that provide marketing and advertising services to us. Examples of third parties with whom we work include:

• Apollo (see Apollo Privacy Center for information about their privacy practices, including how to opt-out)
• Clay (for more information about their privacy practices, including how to opt-out, see the Clay Privacy Policy)
• Cognism (for more information about their privacy practices, including how to opt-out, see the Cognism Privacy Policy)
• Demandbase (for more information about their privacy practices, including how to opt-out, see the Demandbase Privacy Policy)
• GetEmails, LLC d/b/a R! B2B (for more information about their privacy practices, including how to opt-out, see the Retention Privacy Policy)
• ZoomInfo (for more information about their privacy practices, including how to opt-out, see the ZoomInfo Trust Center)

The types of personal data we collect from other sources include your professional and business contact information (such as name, company name, job title, business address, email address, phone number).

How We Use Personal Data From Other Sources

We use this information for business and commercial purposes, including:

• To deliver, develop, and improve our Products.
• To send you materials we believe may be of interest to you, including news and offers about our Products, as permitted.
• To identify account-related information about companies that visit our Website.
• To identify individual information about companies that visit our Website.

Our Website uses third-party platforms that offer advertising tracking features. If you visit our Website through an advertisement or a third-party platform, the provider may place a code on your browser that helps us understand how you arrived at our page, allowing us to measure the success of our advertising campaigns. For more information, see our Cookie Policy.

We work with social media platforms and search engines, such as LinkedIn, Meta, Reddit, and Google, to provide targeted advertising on their platforms. We do this by: (1) matching our current and prospective customers with individuals who are also users of these platforms; and (2) identifying individuals on these platforms who share characteristics with our current and prospective customers to create audiences for our ads. This audience may include current customers, prospective customers, website visitors, and product users. You can review and update how social media platforms use and share your data for these purposes. Please visit your social media platform’s privacy settings for more information.

Command also uses third-party technologies, like cookies, to measure the performance of our apps and the Command website to help us develop and improve them. Metrics collected by these technologies are not used for advertising purposes.

We may conduct a referral program from time to time. If you participate in this program by making a referral, we will process your personal data for the purpose of administering the program. For more information, see the program’s Terms of Service.

Legal Basis for Processing Personal Data

Our legal basis for processing personal data, as described above, depends on the personal data concerned and the specific context in which we collect it. We may rely on the following legal bases for processing:

We process your personal data on the basis of your consent where appropriate, for example, depending on your location, before cookies are used (see our Cookie Policy). Where we rely on your consent to process your personal data, we will obtain it before we begin processing.

If we are bound by a contract with you, we process your personal data on the basis of necessity for the performance of the contract or pre-contractual steps. For example, to create and provide access to your Command account, to inform you of changes to our services, to fulfill orders, send invoices, and process renewals. If you do not provide the required personal data, we may not be able to fulfill the contract.

We also process personal data on the basis of our legitimate interests. For example, to: understand how you interact with us; provide you with our Website and Products; troubleshoot to secure, develop, and improve our Products and Website; determine your location to provide the Website in specific languages and with any region-specific content; provide you with information you have requested; or respond to your inquiries, such as signing up for an event, or to receive online content (e.g., webinars, whitepapers, product demos). When we rely on legitimate interests as our legal basis for processing your personal data, we have also considered your rights and interests and found that your rights do not override our interests.

In some cases, we are also subject to a legal obligation to process your personal data.

Data Transfer

Verkada has implemented safeguards to ensure adequate data protection where your personal data is transferred outside the EEA, Switzerland, or the United Kingdom, such as through data processing agreements with our third-party service providers and partners, through which we implement the standard contractual clauses for the transfer of personal data as approved by the European Commission, or through other permissible mechanisms. Upon request, we will be happy to provide you with further information.

Your Rights

You have the following data protection rights (depending on the context in which we process your information):

• Access: You have the right to request copies of your personal data from us. Exceptions apply, meaning you may not always receive all the information we process. If you use Verkada Command, you can access your personal data through your Verkada Command account.
• Deletion: You have the right, under certain circumstances, to request that we delete your personal data. You can access, modify, or delete your data, including personal data, through your Verkada Command account. Please contact Verkada Support at support@verkada.com if you have questions about how to delete your account or its associated data.
• Rectification: You have the right to request that we rectify personal data that you believe is inaccurate and to complete information that you believe is incomplete. If you use Verkada Command, you can update your personal data stored in Verkada Command through your Verkada Command account.
• Objection/Restriction of Processing/Portability Requests: Under certain circumstances, you may object to the processing of your personal data, request that we restrict the processing of your personal data, or request the portability of your personal data.
• Opt-Out of Marketing Communications: You have the right at any time to opt-out of marketing communications that we send you. You can do this on our Website.
• Withdrawal of Consent: Similarly, you can withdraw your consent at any time where we have collected and processed your personal data with your consent. The withdrawal of your consent does not affect the lawfulness of any processing we carried out before your withdrawal, nor does it affect the processing of your personal data that takes place on a lawful basis other than your consent.
• Opt-out of Use and Disclosure: If we receive your personal data under the Data Privacy Framework, you have the right to object to certain uses and disclosures of your personal data. In particular, you may object to certain disclosures of your personal data to third parties, unless such disclosure is necessary to provide our services, comply with legal obligations, or is otherwise permitted by applicable law. You may also object if your personal data is used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by you.

You can request the exercise of your data protection rights by submitting a request through our online form or by contacting us at privacy@verkada.com. You also have the right to lodge a complaint with a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. For Europe, please click here, for Switzerland here, and for the United Kingdom, here.

Personal Data We Collect

In the twelve months preceding the effective date of this Privacy Policy, we have collected and disclosed the following categories of personal data:

• Identifiers (such as your name, address, and email address)
• Commercial data (such as transaction data)
• Financial data (such as credit card and other financial account information)
• Internet or other network or device activity (such as IP addresses)
• Professional, employment-related information (such as your current employer or job title)
• General location information (e.g., derived from an IP address)
• Inferences drawn about you (such as when we infer information about your role at your company)
• Audio and visual data (such as when you call customer service or visit our offices)
• Other information that identifies you or can be reasonably associated with you

The categories of sensitive personal data include your account login details and password or other credentials that provide access to your account.

We process the categories of personal data, as identified above, for the purposes described in detail under “When We Collect Personal Data.”

Sources of Personal Data Collected

We collect the categories of personal data, as identified above, from the following sources: (1) directly from you; (2) through your use of the Products and Website; and (3) third parties (e.g., other users) and non-affiliated parties (e.g., lead generation providers).

We describe our information disclosure practices in the “Disclosure of Personal Information” section above.

“Sale” and “Sharing” of Personal Data

The CCPA imposes certain obligations on businesses that “sell” or “share” personal data. Where we use “sell” or “share” (or their variants) in quotation marks, we are referring to those terms as specifically defined in the CCPA.

We may use analytics services and online advertising services from third-party providers, which may result in “sharing” online identifiers and other identifiers (e.g., cookie data, IP addresses, device identifiers, general location data, usage data, email addresses) with analytics partners to help us analyze and understand the use of the Website and our Products, and to advertise our Products on other websites. In some cases, such practices may constitute a “sale” of personal data under the CCPA. If you, or your authorized representative, wish to opt-out of such “sharing” or “selling” of your data for these purposes, you may do so by clicking your privacy choices in the footer of the Website. To opt-out of “sharing” or “selling” your personal data that is not based on cookies or other tracking technologies, please submit a request through our online form. For more information, see our Cookie Policy. For clarity, if you have consented to receive text messages from us, we do not share that consent with unaffiliated third parties for their own use unless you have consented to that disclosure.

Please note that we also honor and comply with opt-out preference signals sent via Global Privacy Control. Any opt-out preferences you exercise through these methods will apply only to the specific device or browser on which they are exercised. For more information on how to use Global Privacy Control, see www.globalprivacycontrol.org.

We do not “sell” or “share” personal data of individuals under 16 years of age knowingly.

Do Not Track Disclosure

We do not respond to browser-initiated Do Not Track signals, as the internet industry is still working on Do Not Track standards, implementations, and solutions. Please note that Do Not Track is a different privacy mechanism than the Global Privacy Control browser choice we refer to above.

Storage of Your Personal Data

Please see the “Data Retention” section below.

CCPA Rights

If you are a California resident, you may have certain data protection rights. California law may require us to:

• Provide you with the categories of your personal data that we have collected or disclosed about you; the categories of sources of such data; the business or commercial purpose of the “sale” or “sharing” of your personal data; the categories of third parties to whom we have disclosed, “sold,” or “shared” personal data; and the categories of personal data that we “sell” or “share.”
• Provide you with access to and/or copies of certain data that we hold about you.
• Delete certain data that we possess about you.
• Correct inaccurate personal data that we hold about you.

You may also have the right to receive information about the financial incentives that we offer to you, if any, and the right not to be discriminated against for exercising your rights (as set forth in applicable law). Certain data may be exempt from these rights under applicable law. We may also need certain types of data to provide you with our Products, and if you ask us to delete it, you may no longer be able to access or use it. If you wish to exercise any of these rights, please submit a request through our online form or email us at privacy@verkada.com. Such requests are subject to our ability to reasonably verify your identity, to the extent Verkada is permitted or required to do so under applicable law. In these instances, you will be asked to verify your identity before we fulfill your request. To do so, you must provide the data identified in the web form or follow our other instructions. You may also designate an authorized agent to make such a request on your behalf. Depending on the nature of the request, you may need to provide written authorization or a signed power of attorney for the agent to act on your behalf. You may still need to verify your identity directly with us.

The CCPA also permits you to limit the use or disclosure of your “sensitive personal data” (as defined in the CCPA) if your sensitive personal data is used for certain purposes. Please note that we do not use or disclose sensitive personal data in a manner that would trigger a right to opt-out.

For more information about how we handle personal data in connection with job applications, please see the Applicant Privacy Policy.

Rights and Choices for Australian Residents

Subject to certain exceptions, under the Privacy Act and the Spam Act 2003 (Cth), you have the right:

• To request access to your personal data.
• To ask us to update or correct personal data if it is inaccurate, incomplete, or out-of-date.
• To opt-out of receiving direct marketing communications from us.

To exercise any of the rights mentioned above, you can submit a request through our online form or contact us at privacy@verkada.com.

You also have the right not to identify yourself or to use a pseudonym when communicating with us, unless we are required by Australian law to respond to individuals who have identified themselves, or it is impracticable for us to respond if you have not identified yourself.

Storage of Your Personal Data

Please refer to the “Data Retention” section below.

Data Transfers Outside of Australia

We may disclose your personal data to third parties located outside of Australia. The countries in which these third parties are likely to be located will depend on the circumstances. Some of these companies include:

• Companies within our corporate group located in the United States (USA), Canada, selected countries in the European Union, and Switzerland, the United Kingdom, Mexico, Taiwan, Japan, South Korea, and Singapore, or that conduct business there; and
• Our data hosting providers and other service providers located in the USA, the EU, and the United Kingdom.

We will take reasonable steps to ensure that personal data disclosed to third parties outside of Australia is not stored, used, or disclosed by recipients in a manner that is inconsistent with the APPs.

Complaints

If you believe that we have not addressed your concerns, in addition to the contact options for complaints listed below, you may lodge a complaint with the Office of the Australian Information Commissioner (the body responsible for privacy in Australia). All complaints must be in writing to the Director of Compliance, GPO Box 5218, Sydney NSW 2001. For more information, please visit the OAIC website or call 1300 363 992.

Rights and Choices for Canadian Residents

Subject to exceptions set out in applicable privacy laws, individuals residing in Canada have the right:

• To request access to their personal data held in our custody and control.
• To request information about the use and disclosure of their personal data.
• To request the update, correction, or amendment of inaccuracies in the personal data that we hold or control.

Individuals in Canada also have the right to withdraw their consent to the use and disclosure of their personal data, subject to statutory and contractual restrictions and reasonable notice.

If you wish to exercise these rights, or if you have questions or complaints about this Privacy Policy or our privacy practices, please refer to the “How to Contact Us” section below. We may collect certain personal data to verify your identity before responding to your request.

For more information about your choices (including regarding cookies and interest-based advertising), see “Disclosure of Personal Data” above and “Opting Out of Marketing Communications” below.

Privacy Policies and Practices

We are committed to protecting your personal data and have implemented policies and practices that govern our handling of personal data, including, but not limited to:

• Procedures for timely and effective response to individuals’ requests and complaints regarding the handling of personal data.
• Policies and procedures for protecting personal data, including security safeguards to protect personal data in our custody and control from loss or theft, as well as from unauthorized access, use, or disclosure.
• The appointment of a Data Protection Officer responsible for overseeing Verkada’s compliance with applicable data protection laws.
• Practices regarding data protection training and awareness for our personnel with access to personal data.

Storage of Your Personal Data

Please refer to the “Data Retention” section below.

Data Location

As outlined in the “Where Your Personal Information is Stored and Processed” section below, we and our service providers may access, store, and otherwise process personal data outside of Canada (and particularly Quebec), including Australia, the USA, selected countries in the European Union, and Switzerland, the United Kingdom, Mexico, Taiwan, Japan, South Korea, and Singapore. We and our service providers may disclose your personal data when required or permitted by applicable law or legal process, which may include lawful access by foreign courts, law enforcement agencies, or other government authorities in the countries where we or our service providers operate.

For information about our practices regarding the use of service providers outside of Canada, please contact our Data Protection Officer at privacy@verkada.com.

How We Share Your Personal Information and International Data Transfers

We share certain personal data with other Verkada group companies and trusted service providers who process this data under binding agreements and only when a valid legal basis exists, as described in “Legal Basis for Processing Personal Data.” These other Verkada group companies and service providers may be located in Australia, Canada, selected countries in the European Union, the United Kingdom, the USA, Japan, Mexico, Singapore, South Korea, Switzerland, and Taiwan. Examples of service providers include:

• Amazon Web Services, Inc. (U.S., AUS, and EU) – for cloud hosting, data storage, and infrastructure management.
• Intercom (USA) – for managing support tickets and communicating with customer service.
• Google Analytics (U.S.) – for monitoring website performance and usage.
• Outreach (USA) – for providing communications and updates.
• Advertising partners, such as those listed under “Other Sources” (U.S.) – for providing targeted advertising, creating audiences, and measuring campaign effectiveness.

We may also share personal data with Verkada group companies and affiliates to facilitate shared services, global operations, and internal business coordination.

These third parties may process various types of personal data, including contact information, communications, service usage data, and other information, as described under “When We Collect Personal Data.”

Storage of Your Personal Data

Please refer to the “Data Retention” section below.

Rights and Choices for Residents in the Republic of Korea

When we collect your personal data from sources other than yourself (e.g., from business partners, social media platforms, or publicly available sources), you have the right to request information about the source of collection, the purpose of processing, and your right to suspend processing or withdraw consent. For information about international data transfers, see “How We Share Your Personal Information and International Data Transfers” above.

If you require further clarification on this Privacy Policy or wish to exercise your rights regarding your personal data, please refer to the “How to Contact Us” section below.

Complaints

Our domestic representative under the Korea Personal Information Protection Act is our Chief Privacy Officer (for more information, see “How to Contact Us”). Individuals residing in Korea may contact the following institutions to resolve disputes or consult on violations of personal data protection:

• Personal Information Infringement Report Center: (No area code) 118
• Personal Information Dispute Mediation Committee: (No area code) 1833-6972
• Supreme Prosecutors’ Office Cybercrime Investigation Division: (No area code) 1301
• National Police Agency Cyber Investigation Bureau: (No area code) 182

Opting Out of Marketing Communications

You may opt out of marketing communications that we send you at any time. You can do this via the opt-out link or instructions included in each email, or by visiting our Website and following the instructions provided there. To opt out of other forms of marketing (e.g., postal marketing), please contact us at privacy@verkada.com. Please note that it may take several business days for us to process opt-out requests, and we will need to retain your personal data on a suppression list to honor this opt-out request.

If you opt out of receiving marketing emails or promotional offers, we will continue to send you service-based emails as requested, or to manage your account, as well as emails to fulfill a transaction.