Zscaler Privacy Policy

Last Updated: September 1, 2016


This Privacy Policy (“Policy”) explains how information is collected, used and disclosed by Zscaler, Inc. (“Zscaler” or “We” or “Us"), and applies to information we collect when you use or access our online website at www.zscaler.com (the “Website”), products or services (collectively, the “Products”), or when you otherwise interact with us. We respect the privacy rights of users and recognize the importance of protecting your information. If you use the Products as part of an entity or organization that has a contract with Zscaler, the terms of that organization’s contract for the Products may restrict our collection or use of your information more than what is described in this Policy.

Zscaler has self-certified to the EU-U.S. Privacy Shield Framework regarding the collection, use and retention of personal data transferred from the European Union to the United States. Please click here to view our Privacy Shield Policy. References to “Policy” include the Privacy Shield Policy.

Changes to This Policy

We may change this Policy from time to time. If we make any changes, we will notify you by revising the “Last Updated” date at the top of this Policy. If there are material changes to this Policy, we will notify you more directly by email or posting a notice on our Website prior to the change(s) becoming effective. Your use of the Website or any Products after the posting of such change(s) constitutes your consent to such change(s). We encourage you to review our Policy whenever you use or access the Website or the Products to stay informed about our information privacy practices and the ways you can help protect your privacy. 

What Is Covered in this Policy? 

This Policy contains information on how we process certain categories of data relating to individual persons.

  • If you are a visitor to the Website, please see the section "Website Privacy" below for a comprehensive description of our data processing practices with respect to your data.
  • If you are an end user of the Products (“End User”), please see the section "End User Privacy" below for information on our data processing practices with respect to your data.
  • If you are a resident of any European Union Member State, please also see our Privacy Shield Policy for a comprehensive description of our data processing practices with respect to data about you in reference to the EU-U.S. Privacy Shield Framework. We refer to data relating to you as an identifiable individual as "EU Personal Data."

Website Privacy

The paragraphs in this section describe how we use and disseminate information collected about visitors of the Website. It does not cover any other data processing activities.

If You Don't Volunteer Any Personal Data, We Won't Collect Any through the Website

We use cookies and various traffic tracking technologies to monitor the use of our Website. We collect such data related to IP addresses but do not link it to any personally identifiable information (such as names and email addresses) that you may voluntarily submit to us through other means (except as described below, in "Agents and Service Providers"). 

Your Use of the Website Implies Consent

Your use of the Website signifies your acceptance of this Policy. If you do not agree or are not comfortable with anything described in this Policy, your sole remedies are to either not access the Website or to discontinue your use of the Website.

Use of Information 

We generally use information collected on our Website for the following purposes: to fulfill your requests for information on Products and to send you direct marketing information related to the Products. 

Agents and Service Providers

We may engage data processing agents and/or service providers (collectively “Third Parties”) to assist us in processing  information that visitors of the Website may volunteer through the Website, as well as electronic messages and traffic data that is linked to IP addresses. Such Third Parties process data only on our behalf and are contractually obligated to refrain from using such data for their own purposes. 

When a visitor visits our Website and submits a web form to us or clicks on a particular link in a marketing email from us, we maintain a record of certain information about their visit including the pages viewed on our Website, the time of the visit, the order of pages accessed and the amount of time such visitor spent at each page. We use this information to better tailor our Website and Products to our visitors.

Use of Cookies

A cookie is a small text file containing information that a web browser transfers to its computer's hard disk for record-keeping purposes.

On the Website, we may use cookies to analyze our site traffic patterns, but, except as otherwise described herein, we link cookies only to IP addresses and not any personally identifiable information (such as names or email addresses) about visitors of the Website. For example, we currently use Third Parties (e.g. Google Analytics) to analyze traffic to the Website. Other than as mentioned above, such Third Parties do not have a database of individual profiles for each visitor connected to personally identifiable information. The Third Parties use cookies to track non-personally identifiable information, and link cookies only to IP addresses and aggregate data about the traffic to the Website. 

Most web browsers automatically accept cookies. Please consult your web browser's manual or online help tool if you want information on restricting or disabling the web browser's handling of cookies. If you disable cookies, you can still view the Website, but some features may not be available (such as offers regarding Products).

Volunteered Information Collected on the Website

Visitors of the Website may contact us in a variety of ways, including, without limitation, by completing the web forms described below. Contact information, such as name, address, email addresses and/or phone number, is typically provided when using these methods. This information is used to provide information regarding the Products that are requested by the visitor of the Website (e.g. to respond to your questions regarding Products or to send you a newsletter or white paper about the Products). 

Visitors of the Website may sign up to receive various information or services from us, including the following: (i) free trials or evaluations of our Products, (ii) white papers, (iii) product demonstrations, and/or (iv) webinars regarding the Products.

We may send promotional emails to visitors of the Website who have sent us such web forms. We may provide your information from these web forms to certain authorized resellers of our Products to communicate information to you about our Products.

We also allow visitors of the Website to contact us by email with questions, comments or requests. The information collected from these emails is used to reply to such questions, comments, or requests. At times, we file a visitor's comments, so that we can improve the Website in the future.

Disclosure to Third Parties

In the course of our normal business activities, we do not share personally identifiable information about visitors of the Website with any independent third parties, other than with our agents, service providers and authorized resellers as described in the preceding paragraphs "Agents and Service Providers" and "Volunteered Information Collected on the Website." In particular, we are not in the business of selling, renting or loaning personally identifiable information to independent third parties.

Nevertheless, we may have to disclose information to third parties when required by law or under the good-faith belief that such disclosure is necessary in order to (i) conform to applicable law, (ii) comply with a legal process served on us, or (iii) to protect the property, interests, or personal safety of our agents, employees, customers or the public. Under such circumstances, we may be prohibited by law, court order or other legal process from providing notice of the disclosure, and we reserve the right to not provide such notice in our sole discretion.

If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, we will provide notice before your personal information is transferred to a third party and becomes subject to a different privacy policy.

Your Rights to Your Personal Information

You may access and receive information about the personal information we maintain about you from the Website, update inaccuracies in your personal information, and have the information blocked or deleted, as appropriate. You may also object to our processing of your personal information collected from the Website. Please note that you may not be able to benefit from all features of the Website if you request the deletion of your personal information or object or withdraw your consent to such processing.

If you would like to verify the information we have received from you or make corrections to it, you may contact us directly at privacy@zscaler.com.

Opting Out

If you have provided personal information to Zscaler and later change your mind, you may contact us to opt out of receiving such communications and have your information removed from our distribution lists by contacting us at privacy@zscaler.com or following the unsubscribe instructions in our communications.

Links to Other Websites

The Website may contain links to other websites. We are not responsible for the privacy practices of any websites other than our own. This Policy applies only to information collected by us on the Website, and not any other third party websites.

End User Privacy

The paragraphs in this section “End User Privacy” provide information on how we use and process information collected about End Users of the Products. It does not cover any other data processing activities.

Zscaler is a “data processor” which processes traffic on behalf of its customer which is the “data controller”. Customers contract with Zscaler to deliver internet security services.

The term “data controller” is defined in European Union (EU) privacy legislation as the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. The term “data processor” is defined as a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller.

The “data controller” retains full responsibility for the data with regards to the individual(s) concerned. 

EU-U.S. Privacy Shield and U.S.-Swiss Safe Harbor Programs

Zscaler is a participant in the U.S.-EU Privacy Shield Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Zscaler has certified that it complies with the U.S.-Swiss Safe Harbor Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. Zscaler’s commitment to the Privacy Shield Principles is described in its Privacy Shield Policy. 

All legislation referred to herein requires that the relationship between a data controller and a data processor is covered by a contract before outsourcing related to the processing of personal data takes place. The purpose of the contract is to protect the interests of the data controller, who is the entity that determines the purposes and means of processing, and who retains full responsibility for the data with regards to the individuals concerned. The contract thus specifies the processing to be carried out and any measures necessary to ensure that the data is kept secure.

Zscaler Obligations 

Zscaler’s obligations may vary according to the jurisdiction of our customer and their area of business. The typical obligations to ensure compliance with the most common data privacy legislation are as follows:  

  • to comply with current EU/US data transfer principles, EU data protection legislation or other similar national legislation as a data processor; 
  • to ensure that the data is only used for the purpose of providing our internet security service and any other purposes that are authorized and/or requested by our customer; and 
  • to keep personal data confidential.

Customer Obligations

To ensure that we process personal data in accordance with relevant privacy regulations, we will only offer our services pursuant to a contract which defines the obligations of Zscaler and our customer according to applicable privacy legislation. We will always require our customers to comply with relevant privacy legislation as the data controller. Zscaler does not control the sharing of personal information related to our Products; rather, this is governed by our customer (i.e. the data controller), in accordance with the customer’s privacy policy and applicable privacy legislation.

Who Should End Users Contact Regarding Privacy?

If you are an End User of the Products, you should contact our customer (usually your employer) for any information related to information held about you and the privacy policy which governs the relationship between you and our customer.

Privacy Safeguards by Zscaler

Zscaler implements reasonable and appropriate physical, administrative and technical safeguards to help us protect your personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction. For example, we encrypt certain sensitive personal information when we transmit such information over the Internet. We also limit access to personal data and confidential information on our systems to only those employees with a specific need to access this information.


Children’s Personal Information

Zscaler does not knowingly collect any personal information from children under the age of 13. If you are under the age of 13, please do not submit any personal information through our Website or Products. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through our Website or Products without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us through our Website or Products, please contact us, and we will use commercially reasonable efforts to delete that information. Subscribers are responsible for establishing policies for and compliance with applicable laws for the collection of personal information in connection with the use of our Website or Products.

How Can You Contact Us? 

If you have questions or concerns regarding this Policy, please feel free to contact us by email at privacy@zscaler.com or write to us at:

Zscaler, Inc.

Attn: Legal Department
110 Rose Orchard Way
San Jose, CA 95134, USA