Imprivata Privacy Policy

Imprivata Privacy Policy

Last updated: December 30, 2025

This Privacy Policy (“Privacy Policy”) applies to Imprivata, Inc., Ground Control, Inc., FairWarning, LLC, SecureLink, Inc., and Verosint, Inc. which have all been integrated into Imprivata, Inc.

What does this Policy cover?

Imprivata respects your privacy and is committed to protecting your information and complying with all applicable privacy laws in the conduct of its business. Privacy laws in the United States, European Economic Area (EEA), and other locations may govern the proper use, processing, disclosure, storage, and protection of Personal Data. This Privacy Policy describes Imprivata's practices regarding the use and disclosure of Personal Data that may be collected through its marketing activities and website located at www.imprivata.com or other websites that link to this Privacy Policy (“Sites”) and in connection with the products and services Imprivata provides (“Service Offerings”).

This Privacy Policy explains:

  • What information Imprivata collects and why Imprivata collects it.
  • How Imprivata uses that information.
  • The categories of third parties to which Imprivata may send that information.
  • International transfers of data
  • The ways in which you can exercise your data subject rights, including how to access and update information.
  • How Imprivata uses cookies, and how to control and delete them.

If you are a user of a Service Offering and would like information on how Imprivata processes Personal Data in connection with its Service Offerings, please see the Imprivata End User Privacy Notice.

What type of information does Imprivata collect and why?

Our primary goal in collecting information is to provide you with a friendly, customized, and efficient experience. Imprivata collects the following types of information:

  • Personal Data that directly or indirectly identifies you. This Personal Data may include name, title, company name, job function, expertise, postal address, telephone number, email address, browser, device information (including IP address and operating system), information collected through cookies and other similar technologies, and call recordings. If you submit any Personal Data relating to other people to Imprivata or to its service providers in connection with the Sites, you represent that you have the authority to do so and to permit Imprivata to use the information in accordance with this Privacy Policy.
  • Other Information. "Other Information" is any information that does not and cannot be used to reveal your identity or that of another individual, such as information which has been fully and permanently anonymized and aggregated. Imprivata uses this information to facilitate its operation of the Sites and for other purposes described below.
  • Sensitive Data. Certain jurisdictions have enacted laws with different requirements regarding the processing of Sensitive Personal Data. “Sensitive Personal Data” includes special categories of personal data identified by European and other data privacy laws. Imprivata generally does not require Sensitive Personal Data when using the Sites or Service Offerings. In the cases where Imprivata does collect Sensitive Personal Data, for example when conducting recruiting activities or in connection with providing certain Service Offerings to its customers, it will seek to do so in accordance with applicable data privacy laws. Do not provide Imprivata with unsolicited Sensitive Personal Data.

Children’s Data

Imprivata does not knowingly collect Personal Data from children under the age of 18. If you are under the age of 18, please do not provide any information to Imprivata. If Imprivata becomes aware that it has collected Personal Data from a child under the age of 18, Imprivata will make commercially reasonable efforts to delete such information from its systems.

How does Imprivata collect and use information?

Imprivata and its service providers collect and use Personal Data and Other Information in a variety of ways, including:

  • Through the Sites:

    Imprivata collects information through the Sites, e.g., when you request a demo, register for a webinar, contact Imprivata, subscribe to its digital communications, download content (e.g., whitepapers, analyst reports, etc.), and register to use its Sites. Imprivata will use your Personal Data to respond to your request and send you marketing communications, including regarding its Service Offerings, and measure its marketing campaigns.

  • Offline:

    Imprivata collects information from you offline, such as when you attend one of its events or its booth at trade shows and exhibits, during phone calls with sales or customer support representatives, or when you contact an Imprivata representative. Imprivata uses your Personal Data to respond to your request and send you marketing communications, including regarding its Service Offerings. Phone (or video conference) calls may be recorded for quality, training, and administration purposes. You may at your sole election have the opportunity to participate in product demonstrations at Imprivata event and trade show booths. Some product demonstrations may collect biometric information, and if so, Imprivata will process your biometric information in compliance with appliable law for purposes of demonstrating the product. Additional notices may be provided at the product demonstration booth. Please read and review any such notices, providing any consent requested at your election, and follow any instructions provided at the booth.

  • From Other Sources:

    To enhance its ability to provide relevant marketing, offers, and Service Offerings to you via communication channels such as email campaigns, Imprivata obtains information about you from other sources, such as public and third-party databases, joint marketing partners, social media platforms, and other third parties.

  • Through Your Browser or Device

    Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, device type (computer, tablet, smartphone, etc.), screen resolution, operating system name and version, language, Internet browser type and version, and the name and version of the Sites you are using (“Site Analytics”). Your Internet Protocol (IP) Address is a number that is automatically assigned to the device that you are using by your Internet Service Provider (ISP). An IP Address may be identified and logged automatically in Imprivata's server log files whenever you access the Sites, along with the time and or length of the visit and the page(s) that you visited. Collecting IP Addresses is standard practice and is done automatically by many websites, applications, and other services. Imprivata uses Site Analytics and IP Addresses to calculate usage levels of the Sites and Service Offerings, help diagnose problems with its servers (including those used in connection with the Sites and Service Offerings), administer and secure the Sites and Service Offerings, and for monitoring the regions from which you navigate to its Sites and Service Offerings. If you use a mobile device to access its Sites or Service Offerings, Imprivata may receive information about the nonspecific location of your device. In some cases, even if you are not using a mobile device, information about your general location may be discernible from your device’s IP address or the URLs Imprivata receives.

  • As a Customer:

    Imprivata collects information such as your nonspecific location, use of Imprivata Service Offerings, and your preferred means of communication when you voluntarily provide it in Imprivata’s subscription center or otherwise. Unless combined with Personal Data, this information does not personally identify you or any other user of the Sites.

    As a user of Service Offerings, Imprivata may also collect additional information from you as set forth in the End User Privacy Notice, including device and usage data as related to Imprivata’s mobile applications (“Apps”). Imprivata may also retain any messages you send to Imprivata through the Service Offerings and may collect content and information you provide through logs. Imprivata uses such Personal Data to provide, secure, administer, and improve the Sites, Service Offerings, and Apps, and when you correspond with Imprivata for information or support.

    Please see the Imprivata End User Privacy Notice for more details.

  • Through Feedback:

    Imprivata may, from time to time, contact you to request your voluntary feedback on the Sites and Service Offerings through surveys, beta agreements, and research studies. Imprivata uses this information to analyze and improve its Sites and Service Offerings.

  • Through Cookies and Other Similar Technologies:

    Details about the purpose and use of cookies can be found in Section 11 of this Privacy Policy.

  • Through Aggregation:

    Aggregated Personal Data does not personally identify you or any other user of the Sites. Imprivata may use such data without restriction, for example, to calculate the engagement of its marketing content by region.

  • Other Uses

    Imprivata may use Personal Data above for other purposes, including to:

    • Prevent and detect fraud and abuse
    • Prepare for, and engage in, dispute resolution proceedings (including alternative dispute resolution) or administrative or court proceedings
    • Comply with and enforce applicable legal requirements, industry standards, and Imprivata policies and terms

Will Imprivata disclose any of the information it receives?

Imprivata may disclose Personal Data to third party data processors retained or contracted by Imprivata, such as business partners and subcontractors, including, without limitation, affiliates, vendors, service providers and suppliers. Imprivata may disclose certain Personal Data with third parties who conduct marketing studies and data analytics, including those that provide tools or code which facilitates Imprivata’s review and management of its Sites and Service Offerings, such as Google Analytics or similar services from other providers. Details on how Imprivata discloses Personal Data is described below:

  • Subsidiaries and Affiliates:

    Imprivata discloses Personal Data to its subsidiaries and affiliates for the purposes described in this Privacy Policy.

  • Agents and Service providers: 

    Imprivata contracts with other companies and people to perform tasks on its behalf and may need to disclose your information with them to provide products or services to you or to Imprivata. Examples may include: data analytics and data processing providers, such as to remove repetitive information from customer lists and better understand and utilize data; marketing providers, such as to assist with marketing campaigns and management of promotional activities, including online and in-person events; payment processing providers to assist with billing or processing credit card payments; technology, platform, and data processing providers, such as to host and provide its Sites and Service Offerings; support providers, such as to assist with providing customer service or technical support; workforce productivity providers, such as to provide personnel with software solutions and platforms to help manage their work and communications with each other and customers; information security providers, such as to help secure and backup its systems, Sites, and Service Offerings; fraud-prevention and security-related providers such as “know your customer” and website security providers; and audit, consulting, and legal advisors to help manage its operations. Imprivata may also provide your Personal Data to agents who will use it to verify aggregate usage data that Imprivata provides to its partners. In all cases where Imprivata discloses your information with such agents, Imprivata requires the agent to agree to applicable data privacy and information security terms consistent with our technical and organizational measures.

  • Imprivata custom portal and social media pages:

    Personal Data may also be disclosed by you to other Imprivata users, or to the public, through the Sites, on message boards, chat, profile pages, and other features of Service Offerings to which you are able to post information and materials (including, without limitation, the Imprivata Support and Learning Center and the Social Media Pages). This information can appear in public ways, such as through search engines or other publicly available platforms and can be "crawled," indexed, or searched by third parties. Please do not post any information that you do not want to reveal to the public at large.

  • Business Transfers:

    In some cases, Imprivata may choose to buy or sell assets or businesses. In these types of transactions, customer information, including Personal Data, is typically one of the business assets that is transferred. Moreover, if Imprivata, or substantially all of its assets, were acquired, customer information (including Personal Data) would be one of the assets that is transferred.

  • Profiling and Automated Decision-making:

    Imprivata combines data obtained by the methods described in Section 3 to help it determine what Service Offerings might be of interest to you when you might be ready to make a purchase based on your interaction with Imprivata’s and certain third-party websites, emails, and content. Imprivata marketing and sales personnel are involved in this process, and no automated decisions are made that would result in legal effects or similarly significantly affect an individual.

  • Protection of Imprivata and others:

    Imprivata may release Personal Data when Imprivata believes in good faith that release is necessary to comply with an applicable law; enforce or apply its conditions of use and other agreements; or protect the rights, property, or safety of Imprivata, its employees, its users, or others. This includes disclosing information as necessary and appropriate to government agencies and tax and fraud prevention agencies.

  • With your consent:

    Except as set forth above, you will be notified when Imprivata intends to disclose your Personal Data with third parties to obtain any additional consent that may be required.

  • Business partners:

    Imprivata may disclose your Personal Data with channel partners such as resellers, distributors, and referral partners, and other business partners in connection with Imprivata’s sales operations and provision of Service Offerings. These third parties use Personal Data to provide information about Imprivata Service Offerings, complete customer transactions for Service Offerings, and provide and support Service Offerings.

Will Imprivata sell my information?

Imprivata does not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, by electronic, or other means the Personal Data it collects from you to another business or third party for monetary or other valuable consideration.

How will Imprivata communicate with me?

Service Email: As someone with an active account, Imprivata may send you service-related email messages, which are not promotional in nature, on occasions and when it is necessary.

Customer Service: Based upon the information you provide it, Imprivata will communicate with you in response to your inquiries, to provide the Service Offerings you request, and to manage your account and information processed by Imprivata. Imprivata may communicate with you by email, through an online help forum, or by telephone.

Newsletters and Promotions: If you register for its newsletters, whitepapers, and/or other educational or promotional content, or otherwise indicate your interest in its Service Offerings, Imprivata will follow up via email and telephone with recommendations for its Service Offerings based on your likely interests. You can unsubscribe or opt/out of any or all email marketing you may receive at any time.

Is information about me protected and secure?

Imprivata considers information security to be a top priority and is committed to protecting the security of your Personal Data. Imprivata does not collect more information than is necessary and implements policies, systems, applications, and procedures to secure Personal Data and to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information, in particular, where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Unfortunately, the transmission of information via the internet is not completely secure. Although Imprivata uses measures to protect your Personal Data, it cannot guarantee the security of your information transmitted to the Sites, Service Offerings, or otherwise to Imprivata. Any transmission of Personal Data is at your own risk.

International transfers

Your Personal Data may be stored and processed in any country where Imprivata has facilities or in which Imprivata engages service providers, and by using the Sites or disclosing information to Imprivata you consent to the transfer of information to countries outside of your country of residence, which could have different data protection rules than those of your country or the country in which you were located when you initially provided the information. Where required, Imprivata puts in place a solution to ensure that Personal Data transferred outside of the EEA is subject to adequate protection.

Certain laws require a legal basis to process Personal Data. Imprivata’s legal bases under such laws for processing Personal Data are:

  • Necessary for Performance of a Contract: Imprivata may need to process your Personal Data to enter into a contract with you or an organization you are affiliated with as a user.
  • Consent: Where you have provided your explicit consent for Imprivata to process your Personal Data, such as marketing activities.
  • Legitimate Interest: Imprivata may need to process your Personal Data where it has a legitimate interest in doing so, such as (1) to communicate with you in response to your requests, questions, inquiries, and submissions; (2) to conduct advertising, marketing and promotional activities in connection with operating its business; (3) for research and development, operation, security and optimization of Sites and Services Offerings and to operate its business, including conducting audit, accounting, financial, and business transfer activities; and (4) for fraud prevention and know-your-customer obligations.
  • Comply with Legal Obligations: Where Imprivata is required to comply with laws or legal obligations.

Imprivata complies with the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”). Imprivata is committed to subjecting all Personal Data received from European Union (EU) member countries, the United Kingdom, and Switzerland, respectively, in reliance on each Data Privacy Framework, to the Data Privacy Framework’s applicable Principles. To learn more about the Data Privacy Frameworks, and to view Imprivata's certification, visit the U.S. Department of Commerce’s Data Privacy Framework website: https://www.dataprivacyframework.gov/. Click here to access Imprivata’s Data Privacy Framework Policy.

Imprivata is responsible for the processing of Personal Data it receives under the Data Privacy Framework and subsequently transfers to a third party acting as an agent on its behalf. Imprivata complies with the Data Privacy Framework Principles for all onward transfers of Personal Data from the EU, the United Kingdom, and Switzerland, including the onward transfer liability provisions.

With respect to Personal Data received or transferred pursuant to the Data Privacy Framework, Imprivata is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

What are my rights as a data subject?

Depending on applicable law, you may have rights regarding the processing of Personal Data. Such rights may include:

  • The right to access your Personal Data, including the categories of Personal Data, the categories of sources of Personal Data, the business or commercial purpose for collecting and disclosing your Personal Data, and the specific pieces of Personal Data we collected about you.
  • The right to know whether your Personal Data is sold or shared (as such terms are specifically defined in applicable law), or disclosed and to whom.
  • The right to opt out of sale or sharing of your Personal Data. We do not sell or share Personal Data (as such terms are specifically defined in applicable law).
  • The right to request that Imprivata delete some or all the Personal Data Imprivata collected about you.
  • The right against discrimination or retaliation and right to equal service and price, even if you exercise your privacy rights.
  • The right to ask us to transmit your Personal Data that Imprivata collected about you directly to you or to another provider (where technically feasible).
  • The right to request that Imprivata correct or rectify any of the Personal Data that Imprivata collected about you.
  • The right to withdraw your consent to the processing of your Personal Data, where applicable.
  • The right to request that Imprivata restrict or limit some or all of the processing of your Personal Data, including sensitive Personal Data.
  • The right to lodge a complaint regarding Imprivata's collection, sharing, and processing of Personal Data with competent authorities in the proper jurisdiction.
  • The right to not have to identify yourself, or of using a pseudonym in certain circumstances.
  • The right to stop receiving unwarranted direct marketing.
  • The right against automated decision making.

How can I exercise my rights?

If you would like to exercise any of your data subject rights, submit a consumer request to privacycommittee@imprivata.com. Imprivata will need to verify your identity in order to process any requests and, depending on the request, will need your name, email address, and phone number to do so. When you submit a request, do not send us, directly or indirectly, any Sensitive Personal Data (e.g., social security numbers or other national or state identifiers, health information, biometric data, financial account numbers, or payment card information). If we are unable to verify your identity, we may deny your request. You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly. Imprivata responds to requests within the timeframes required by law, which may be 30-45 days or more, depending on the applicable law. If a request requires additional time to be processed, Imprivata will notify you in writing. Certain exceptions apply in the law to Imprivata’s requirement to fulfill requests. If your request is denied, Imprivata will provide you with the reasons for such a denial. Depending on applicable law, you may have the right to appeal our decision to deny your request. To do so, please contact us as set forth below and describe the reasons for your appeal.

You can opt-out of receiving marketing messages from Imprivata by unsubscribing through the unsubscribe or opt-out link in an email, or by unsubscribing via the Imprivata Subscription Center: https://security.imprivata.com/email-subscription-center.html. If you need additional assistance, you may reach out to privacycommittee@imprivata.com. Imprivata will never discriminate against you for exercising your rights as a consumer.

Cookies

When you visit an Imprivata Site, it may store or retrieve information on your browser, mostly in the form of cookies. A cookie is a small piece of data sent from a website or application and stored on your computer or device by your web browser. This information might be about you, your preferences, your device, and your web traffic. Cookies are primarily used to make the site work as you expect it to. The information does not usually directly identify you but is intended to give you a more personalized web experience. Imprivata's Sites collect cookies and may use cookies for reasons including, but not limited to: analyze web traffic using an analytics tool such as Google Analytics, test content on the Sites; store information about your preferences; and recognize when you return to the Sites. You can choose not to allow some types of cookies by utilizing the cookie tool accessible by clicking the icon on the bottom left of your browser. The settings you choose may prevent you from taking full advantage of the Sites or the Sites may not function as intended. For more information, please refer to the Imprivata cookie policy.

To learn more about the data Google collects and how it uses your data, and to opt out of certain Google browser Interest-Based Advertising, please visit the Google Ad Center. To opt-out of Google Analytics, please visit Google's opt-out page.

Data Retention

Imprivata retains the Personal Data Imprivata collects where Imprivata has an ongoing legitimate business need to do so (for example to comply with applicable legal, tax or accounting requirements). The period for which Imprivata retains Personal Data is based on factors such as the type of information collected (i.e., its sensitivity), the intended purposes or use, legal requirements, the potential risk of harm from unauthorized use or disclosure of the information, the resolution of any pending or threatened disputes, and enforcement of Imprivata’s agreements. When Imprivata has no ongoing legitimate business need to process your Personal Data, Imprivata will either delete or aggregate it or, if this is not possible due to practical or legal requirements, then Imprivata will securely store your Personal Data. If you would like to request Imprivata no longer use your information to provide you with Service Offerings, contact privacycommittee@imprivata.com.

Disclosures Required by Certain US States

Certain US states require businesses that collect Personal Data to make specific disclosures regarding their data processing operations. More details regarding Imprivata’s Personal Data processing are contained throughout this Privacy Policy, such as Imprivata’s sources of Personal Data and your rights regarding the Personal Data it collects about you. Please see below for the categories of Personal Data Imprivata has collected and the categories of recipients to whom it disclosed Personal Data in the 12 months preceding the date this Privacy Policy was last updated. The below categories of Personal Data have been or may be disclosed to third parties in accordance with the Section titled “Will Imprivata disclose any of the information it receives?”

  • Identifiers, such as contact data and electronic IDs
  • Commercial information, such as transaction details
  • Biometric information
  • Internet and electronic network activity information, such as described above in the section titled Cookies
  • Audio and visual information, such as phone or video call recordings
  • Professional information, such as job title and role
  • Inferences drawn the above to understand your preferences

Conditions of Use

If you decide to visit the Imprivata Site or through the other sources as specified above, your visit and any possible dispute over privacy is subject to this Privacy Policy and Imprivata's Terms of Use, including limitations on damages, arbitration of disputes, and application of Massachusetts law and/or other domestic and international applicable laws.

The Sites are not intended for anyone under the age of 18 years. If you are younger than 18, you may not register with or use the Sites.

Third party sites

The Site may permit you to link to other websites on the Internet, and other websites may contain links to the Imprivata Sites. These other websites are not under Imprivata's control, and such links do not constitute an endorsement by Imprivata of those other websites or the services offered through them. The privacy and security practices of websites linked to or from the Imprivata Sites are not covered by this Privacy Policy and may differ from those of Imprivata. Imprivata encourages you to read the privacy statement of any website you may visit because Imprivata is not responsible for other websites' content, policies, or privacy or security practices.

Changes to this Privacy Policy

Imprivata will review this Privacy Policy annually and may amend it where necessary. Use of information Imprivata currently collects is subject to the Privacy Policy in effect at the time such information is used. If Imprivata makes changes to this Privacy Policy, Imprivata will notify you by posting the revised notice on its Site or, if such changes are material, sending you an email if and as may be required by law, so you are always aware of what information Imprivata collects, how Imprivata uses it, and under what circumstances if any, it is disclosed.

Questions

Your privacy is important to us. If you have any questions, concerns, or would like to submit a Data Subject Request or complaint regarding data privacy, please email privacycommittee@imprivata.com.

Individuals and the data protection supervisory authorities in the EU may also contact its EU representative according to Art. 27 GDPR:

Imprivata GmbH, Hans-Böckler-Str. 12, 40764 Langenfeld, Germany
eurepresentative@imprivata.com

IAPP silver member badge