Privacy Policy

Privacy Policy

Last Updated: April 6th, 2021

Welcome to Tall Poppy (“Tall Poppy“, “we“, “us“, or “our“). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this Privacy Policy (“Policy“), or our practices with regards to your personal information, please contact us at privacy [at] This Policy in combination with our Cookie Policy, Terms of Use (the “Terms“) and/or any other agreement with us to which you may be subject forms a legal agreement between you (“you,” or “your“, refers to you or any party or entity that you represent) and Tall Poppy (including its corporate affiliates, subsidiaries, and divisions, as may change from time to time) with respect to your use of our Services (as defined below). Capitalized terms used, but not otherwise defined herein have the meanings ascribed to them in the Terms.


In this day and age, online threats and the harm that results are far too prevalent and wide-reaching. Company employees and service providers are often the target of some third party’s malicious acts, which can cause a great deal of damage with relatively minimal effort. Tall Poppy helps to minimize such threats and malicious acts by providing security awareness training delivered in person and/or via the Tall Poppy Site (“Trainings“) that helps employees and service providers stay ahead of the online threats that could harm them (“Threats“), while also providing security incident response services (“Response Services“) to those already harmed by such Threats, in an effort to mitigate the negative effects of security incidents (“Incidents“). We refer to the Trainings and Response Services jointly in this Policy as the “Services“.

Often, we are engaged by companies to provide our Services to company employees and service providers. As such, we collect, manage, and use a wide range of information, both personal and non-personal, as further described herein. We take your privacy very seriously—in fact, your privacy is our business. In this Policy, we describe how we collect, manage, and use your information. In this Policy, we also provide you with information concerning the rights you have over the information that we collect, manage and use. We hope that you take some time to read through this Policy carefully, as it is important. If there are any terms in this Policy that you do not agree with, please discontinue use of our Site and Services.

Please read this Policy carefully as it will help you make informed decisions about sharing your personal information with us.  

Information That You Provide To Us And That We Discover About You

We collect personal information that you provide to us, and that any authorized third parties or other sources (such as your employer or the subscriber providing you access to our Site and Services) provide to us. The personal information that we collect from you depends on the context of your interactions with and use of the Site and Services. The personal information we collect may include the following:

Information Automatically Collected

We automatically collect certain information when you visit, use or navigate our Site. This information does not reveal your specific identity (like your name or contact information), but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Site and other technical information.  This information is primarily needed to maintain the security and operation of our Site, to provide the Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies. You can find out more about this in our Cookie Policy.


We use personal information that we collect for a variety of purposes described below. We process your personal information for business purposes in reliance on our legitimate business interests (“Business Purposes“), in order to enter into or perform a contract with you (“Contractual“), with your consent (“Consent“), and/or for compliance with our legal obligations (“Legal Reasons“). We indicate the specific processing grounds we rely on next to each purpose listed below. We use the information we collect or receive:


We only share and disclose your information in the following situations:


Our servers are located in the United States. If you are accessing our Site or utilizing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information. Your information may be shared in many different countries. If you are a resident in the European Economic Area, then some countries to which your data is transferred may not have data protection or other laws as comprehensive as those in your country. We will however take all necessary measures to protect your personal information in accordance with this Policy and applicable law.


The Site may contain advertisements from third parties or links to third party content that are not affiliated with us and which may link to other websites, online services or mobile applications. We cannot guarantee the safety and privacy of data you provide to any third parties. Any data collected by third parties is not covered by this Policy. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services or applications that may be linked to or from the Site. You should review the policies of such third parties and contact them directly to respond to your questions.


Given the nature of the Services we provide, we may keep your personal information for up to 2 years past the termination of your account or your use of the Services; we may keep your personal information longer if required by law (such as tax, accounting or other legal requirements).  When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.


We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Site is at your own risk. You should only access the Site within a secure environment.


We do not knowingly solicit data from or market to children under 18 years of age.  By using the Site, you represent that you are at least 18.  If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.  If you become aware of any data we have collected from children under the age of 18, please contact us at privacy [at]


In some regions (like the European Economic Area), you have certain rights under applicable data protection laws.  These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.

If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here.

Account Information

You may at any time review or change the information in your account or terminate your account by contacting us using the contact information provided below. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms and/or comply with legal requirements.

Cookies And Similar Technologies

You can find out more about how we use cookies and similar tracking technologies in our Cookie Policy.

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Site. To opt-out of interest-based advertising by advertisers on our Site visit

Opting Out Of Email Marketing

In the event that we decide to utilize email to market the Site and Services, you can unsubscribe from our email marketing list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the details provided below. You will then be removed from the email marketing list. However, we will still need to send you Site and Service-related emails that are necessary for the administration and use of your account.


We may update this Policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Policy frequently to be informed of how we are protecting your information.


If you have questions or comments about this Policy, email privacy [at]

or by postal mail to:

Tall Poppy Security, Inc.
Leigh Honeywell
2261 Market Street #4283
San Francisco CA 94114
United States