Privacy - Application Security Standards

Privacy Policy

Effective Date: May 10, 2026

Application Security Standards ("Site") (https://appsecuritystandards.org) is an independent editorial publication covering application security, software supply chain security, secure software development, and related cybersecurity topics.

The Site publishes reporting, analysis, reference materials, educational content, industry resources, and vendor-related information intended for security practitioners, engineering leaders, compliance teams, technology decision-makers, and software buyers evaluating application security tools and services.

The Site also operates a curated vendor directory featuring companies that provide application security and software supply chain security products and services.

Application Security Standards is operated by Accessibility.com, LLC.

Accessibility.com, LLC 100 SE 2nd St., Suite 2000, PMB 110 Miami, FL 33131

This Privacy Policy explains how we collect, use, disclose, store, and protect information when you access or use the Site, create an account, subscribe to communications, request information or resources, interact with vendors, or otherwise engage with the Site and its services.

By using the Site, you acknowledge the practices described in this Privacy Policy.

Privacy Summary

This summary provides a high-level overview of how the Site handles information. It does not replace the full Privacy Policy below.

We collect information you voluntarily submit through newsletter signups, account creation, vendor request forms, and other interactions with the Site.
When you request a vendor resource through the Site (such as a whitepaper, webinar, buyer's guide, demo, or consultation), we share your information with the specific vendor associated with that request and may receive compensation in connection with such requests. Under the California Consumer Privacy Act and similar state laws, this may be considered a "sale" or "sharing" of personal information. You may opt out — see Your Privacy Rights and California Privacy Rights below.
We do not share vendor-request information with unrelated vendors solely because you used the Site.
We do not transfer personal information to consumer data brokers or general-purpose marketing-list providers.
Newsletter subscriptions are managed separately from vendor-resource requests unless explicitly stated otherwise at the point of submission.
The Site uses cookies, analytics technologies, and related tools to support functionality, measure engagement, improve performance, and understand how users interact with the Site.
Users may contact us regarding privacy-related requests using the contact information provided at the end of this Privacy Policy.

Notice at Collection (California Residents)

This notice provides California residents with the disclosures required by Section 1798.100(b) of the California Consumer Privacy Act.

Categories of personal information collected: identifiers (name, email, phone, company), commercial information (job title, inquiry details, vendor interaction history), internet or other electronic network activity (browsing behavior on the Site, engagement metrics, IP address, device information), and inferences drawn from such information.

Purposes for collection and use: operating the Site, fulfilling vendor resource requests, sending newsletters, processing accounts and subscriptions, analytics and improvement, security and fraud prevention, and the additional purposes described in Section 3 below.

Sale or sharing: When you request a vendor resource, your information may be sold or shared with the specific vendor associated with that request, as described in Sections 9 and 15. You have the right to opt out of such sale or sharing.

Retention: Information is retained as described in Section 11.

Sensitive personal information: We do not knowingly collect "sensitive personal information" as defined under the CCPA.

Full policy: For complete information, please review the Privacy Policy below.

Scope of This Privacy Policy
Information We Collect
How We Use Information
Vendor Resources and Information Requests
Newsletter Communications
Cookies, Analytics, and Tracking Technologies
Accounts and Authentication
Payment Processing and Vendor Subscriptions
How Information Is Shared
Service Providers and Infrastructure
Data Retention
Data Security
International Data Transfers
Your Privacy Rights
California Privacy Rights
European Privacy Rights
Children's Privacy
Third-Party Links and Services
Changes to This Privacy Policy
Contact Information

1. Scope of This Privacy Policy

This Privacy Policy applies to visitors to the Site, newsletter subscribers, users who create accounts, individuals who request information, resources, or vendor communications, vendor representatives, individuals who communicate with us electronically, and participants in webinars, events, surveys, or promotions.

This Privacy Policy does not apply to third-party websites, third-party vendor websites or services, third-party applications not controlled by us, or external resources linked from the Site.

Vendors and third parties featured on the Site may maintain separate privacy practices and policies. We encourage users to review those policies before sharing information directly with those organizations.

2. Information We Collect

A. Information You Provide Directly

We collect information you voluntarily provide when you subscribe to newsletters, create an account, request a whitepaper, case study, webinar, buyer's guide, demo, consultation, or other resource, contact a vendor through the Site, submit inquiries or communications, claim or manage a vendor listing, or contact us directly.

Information collected may include name, work email address, company name, job title, phone number, business information, inquiry details, account information, communications and messages, vendor listing information, and billing information.

Payment card information is processed directly by Stripe and is not stored on our servers.

B. Information Collected Automatically

When you access or use the Site, we automatically collect technical and usage-related information, including IP address, browser type, operating system, device information, referral URLs, pages viewed, clicks and engagement activity, session duration, scroll activity, approximate geographic information, analytics identifiers, cookies and similar technologies, and campaign and attribution information.

We also collect session identifiers, hashed identifiers, performance and diagnostic information, and interaction and engagement metrics.

C. Vendor Directory Information

The Site contains vendor profiles and related business information submitted by vendors or compiled from publicly available business sources.

Vendor-related information may include company descriptions, product and service details, logos and branding, social media links, public contact information, websites, marketing materials, educational resources, and event information.

Vendor profile information may be publicly visible on the Site.

3. How We Use Information

We use information for purposes including:

Operating and maintaining the Site
Publishing editorial and educational content
Providing access to requested resources
Facilitating vendor communications requested by users
Operating the vendor directory
Authenticating users and managing accounts
Processing subscriptions and payments
Responding to inquiries and support requests
Sending newsletters and updates
Improving Site functionality and user experience
Analytics and performance measurement
Fraud prevention and security
Enforcing policies and agreements
Complying with legal obligations
Internal business operations and research

4. Vendor Resources and Information Requests

The Site may offer access to whitepapers, research reports, webinars, buyer's guides, case studies, product demonstrations, educational materials, sponsored resources, consultation requests, and other professional or industry-related content.

When you voluntarily submit a form requesting one of these resources or requesting contact from a vendor:

Your information is shared with the specific vendor associated with that request.
The vendor may contact you regarding the requested resource, product, service, event, or related business offerings.
Your information is not shared with unrelated vendors solely because you used the Site.
Your information is not transferred to general marketing-list providers or consumer data brokers.
Newsletter subscriptions are managed separately unless explicitly stated otherwise at the point of submission.

We may receive compensation from vendors in connection with these requests, including through lead-generation arrangements, sponsorships, or vendor subscriptions. Under the California Consumer Privacy Act and similar state laws, this sharing of personal information may be considered a "sale" or "sharing" of personal information. California residents and residents of other applicable states may opt out of such sale or sharing using the controls described in Section 15.

Information shared with vendors may include name, work email, company name, job title, phone number, inquiry details, qualification responses, and business-related information submitted through the form.

Users should understand that vendors receiving information through these interactions may maintain separate privacy practices and may contact users directly regarding the requested materials or services.

The Site displays consent language at the point of submission explaining that information submitted through vendor-related forms is shared with the relevant vendor for follow-up communications.

5. Newsletter Communications

The Site offers editorial newsletters and email updates, including the AppSec Brief newsletter.

When you subscribe to a newsletter:

Your information is used to deliver the requested newsletter and related editorial communications.
Newsletter subscription information is not automatically shared with vendors.
You may unsubscribe at any time using the unsubscribe links included in emails.

We monitor newsletter engagement metrics such as opens, clicks, delivery status, unsubscribe activity, and bounce information.

Certain transactional or account-related communications may still be sent even if marketing or newsletter communications are disabled.

6. Cookies, Analytics, and Tracking Technologies

The Site uses cookies, analytics technologies, session tools, attribution technologies, and similar tracking mechanisms to support Site functionality, security, performance measurement, editorial insights, and user experience improvements.

These technologies are used to:

Maintain sessions and account functionality
Understand how users interact with the Site
Measure content engagement and performance
Improve navigation and usability
Support security and fraud-prevention measures
Understand referral and marketing performance
Analyze vendor and resource interactions
Support operational reporting and analytics

The Site uses first-party cookies, session storage technologies, analytics identifiers, attribution identifiers, tracking pixels, tag-management technologies, and browser storage technologies.

Technologies and providers used in connection with the Site include Google Tag Manager, Google Analytics, Microsoft Clarity, Stripe, Cloudflare Turnstile, and other infrastructure, analytics, and measurement providers.

Information collected through these technologies may include IP address, browser and device information, pages viewed, clicks and interactions, referral URLs, approximate geographic information, session activity, campaign and attribution information, and engagement and performance metrics.

The Site also uses attribution and analytics technologies to understand how users discover and interact with editorial content, vendor resources, webinars, whitepapers, research materials, and related Site features.

Some analytics and advertising-related technologies use cookies or identifiers that remain active for varying periods of time depending on their purpose and configuration.

Users may control cookie preferences through the Cookie Settings link in the Site footer. We honor Global Privacy Control (GPC) browser signals as a valid opt-out request where applicable.

Most web browsers allow users to control cookies and similar technologies through browser settings. Users may also be able to manage certain third-party advertising and analytics preferences directly through applicable provider settings or industry opt-out tools.

Disabling certain cookies or technologies may affect portions of the Site or limit functionality.

7. Accounts and Authentication

Certain areas of the Site allow users to create accounts in order to manage vendor listings, access account-related features, manage subscriptions, access saved or restricted content, and interact with Site services and resources.

Account registration may require users to provide certain information, including name, email address, company information, authentication credentials, and account preferences.

The Site uses third-party authentication and identity-management providers to support account security and authentication processes.

Users are responsible for maintaining the confidentiality of account credentials, restricting unauthorized access to their accounts, ensuring information provided is accurate and current, and activities conducted through their accounts.

We reserve the right to suspend, restrict, or terminate accounts or access to the Site at our discretion, including in connection with suspected fraud or abuse, violations of applicable agreements or policies, security concerns, unlawful activity, or operational or administrative reasons.

8. Payment Processing and Vendor Subscriptions

Certain vendor-related services, directory features, sponsorship opportunities, and subscription offerings require payment.

Payments and subscription billing are processed through third-party payment processors, including Stripe.

We do not store complete payment card information on our servers.

Payment processors may independently collect and process billing information, payment details, transaction records, fraud-prevention information, and payment authentication information.

Vendor subscriptions may renew automatically unless canceled in accordance with applicable subscription terms.

Additional billing, cancellation, renewal, and subscription terms may be governed by separate vendor agreements or service terms.

Use of third-party payment services is subject to the applicable payment provider's own terms and privacy policies.

9. How Information Is Shared

We share information in the following circumstances.

A. Vendor Requests and Sponsored Resources

When users voluntarily request information, download resources, register for vendor-sponsored events, request demonstrations, or otherwise engage with vendor-related content through the Site, information submitted through those forms is shared with the specific vendor associated with that interaction.

This may include name, work email, company information, job title, phone number, inquiry details, qualification responses, and business-related information voluntarily submitted by the user.

The purpose of this sharing is to fulfill the user's request, provide access to requested resources or events, and allow the vendor to respond directly regarding the requested materials, products, or services.

We do not share this information with unrelated vendors solely because a user interacted with the Site. We do not transfer personal information to consumer data brokers or general-purpose marketing-list providers.

We may receive compensation from vendors in connection with lead-generation activities, sponsored resources, vendor subscriptions, and similar arrangements. Under the California Consumer Privacy Act and similar state laws, the sharing of personal information described in this section may be considered a "sale" or "sharing" of personal information. California residents and residents of other applicable states may opt out of such sale or sharing using the controls described in Section 15.

B. Service Providers and Operational Partners

We share information with third-party providers that support the operation of the Site and related services, including providers related to hosting and infrastructure, analytics and performance measurement, authentication and security, payment processing, email delivery and communications, cloud storage, customer support, fraud prevention, and business operations and administration.

These providers process information on our behalf subject to contractual, operational, or legal safeguards.

C. Legal, Security, and Business Transfers

We may disclose information:

To comply with legal obligations or lawful requests
To enforce agreements or policies
To investigate fraud, abuse, or security issues
To protect the rights, safety, or security of users, vendors, or the Site
In connection with a merger, acquisition, financing, restructuring, sale of assets, or similar business transaction

D. Aggregated and De-Identified Information

We may use, analyze, publish, or share aggregated, statistical, or de-identified information that does not reasonably identify individual users.

This information may be used for research, analytics, editorial insights, industry reporting, benchmarking, operational analysis, and business and marketing purposes.

10. Service Providers and Infrastructure

The Site relies on third-party service providers, infrastructure providers, and operational partners to support functionality, security, communications, analytics, payments, content delivery, and related business operations.

These providers may assist with hosting and infrastructure, content delivery, analytics and measurement, authentication and account management, payment processing, cloud storage, email delivery, webinar and event operations, security and fraud prevention, customer communications, and business operations and administration.

Providers used in connection with the Site may include Cloudflare, Stripe, Google, Microsoft, Mailgun, and other analytics, communications, infrastructure, and operational service providers.

These providers process information on our behalf in connection with the services they provide to us.

Some providers may process information in jurisdictions outside your country or region.

11. Data Retention

We retain information for varying periods depending on the nature of the information, operational and business requirements, legal obligations, security and fraud-prevention needs, dispute resolution, enforcement of agreements, and technical and backup requirements.

Information associated with accounts, communications, vendor interactions, subscriptions, analytics, and operational records may be retained for periods reasonably necessary to support the operation and integrity of the Site and related services.

We may retain certain information after account closure, unsubscribe requests, or other user actions where reasonably necessary to comply with legal obligations, resolve disputes, maintain security records, prevent fraud or abuse, enforce agreements, preserve business and operational records, or maintain suppression or opt-out records.

Newsletter subscription information is generally retained until a user unsubscribes. Vendor inquiry and resource-request records may be retained for operational, legal, analytics, fraud-prevention, and business recordkeeping purposes. Analytics and technical logs are retained in accordance with applicable provider configurations and operational requirements.

12. Data Security

We implement administrative, technical, and organizational safeguards designed to help protect information and support the security and integrity of the Site.

Security measures may include encryption in transit, authentication and access controls, infrastructure and network protections, anti-spam and abuse-prevention measures, monitoring and logging systems, role-based access controls, vendor and provider security controls, and fraud-detection and security-review processes.

We also use security-related technologies and providers intended to support account security, authentication, spam prevention, infrastructure reliability, traffic management, and operational monitoring.

Despite these efforts, no method of transmission, storage, or electronic processing is completely secure, and we cannot guarantee absolute security.

Users are responsible for maintaining the confidentiality and security of their own devices, accounts, credentials, and communications.

13. International Data Transfers

The Site and its service providers may process, transfer, and store information in jurisdictions outside your country, state, or region.

These jurisdictions may have data-protection laws that differ from those in your location.

By using the Site or submitting information through the Site, you acknowledge that information may be transferred to and processed in jurisdictions where we or our service providers operate.

We use third-party providers and infrastructure partners that operate internationally in connection with hosting, analytics, authentication, communications, payment processing, cloud storage, operational support, and content services.

Where applicable, we may rely on contractual protections, operational safeguards, or other legally recognized transfer mechanisms intended to support cross-border data transfers.

14. Your Privacy Rights

Depending on your jurisdiction and applicable law, you may have rights relating to your personal information, including rights to:

Request access to information we maintain about you
Request correction of inaccurate information
Request deletion of certain information
Request portability of certain information
Object to or restrict certain processing activities
Withdraw consent where processing is based on consent
Opt out of the sale or sharing of personal information where applicable
Manage marketing or communication preferences

Requests may be submitted using the contact information provided below.

To help protect privacy and security, we may request verification of identity before responding to certain requests.

Certain information may be retained where permitted or required for legal compliance, fraud prevention, security purposes, operational integrity, enforcement of agreements, or recordkeeping obligations.

We may decline requests where permitted by applicable law.

We aim to respond to verified privacy-related requests within the timeframes required by applicable law.

15. California Privacy Rights

California residents may have rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including rights relating to:

Access to certain personal information
Correction of inaccurate information
Deletion of certain personal information
Portability of certain information
Information regarding categories of information collected, disclosed, or processed
Opt out of the sale or sharing of personal information
Limit the use of sensitive personal information (where applicable)
Non-discrimination for exercising privacy rights

California residents may also have rights relating to certain advertising, analytics, or information-sharing activities under applicable law.

Sale and Sharing of Personal Information

Under CCPA, the following activities may constitute a "sale" or "sharing" of personal information:

Sharing user-submitted information with vendors in connection with vendor resource requests, demos, consultations, or sponsored content where the vendor has paid for placement, sponsorship, or lead-generation services.
Use of certain advertising and analytics technologies that share information with third parties for cross-context behavioral advertising purposes.

Categories of personal information that may be sold or shared in this manner include identifiers (name, email, work contact information), commercial information (company, role, inquiry details), and internet activity (limited engagement metrics associated with the request).

Categories of recipients include the specific vendor associated with each request and providers of analytics, attribution, and advertising-related services.

California residents have the right to opt out of the sale or sharing of their personal information. To exercise this right, use the Your Privacy Choices link in the Site footer, or contact us at [email protected].

We honor Global Privacy Control (GPC) browser signals as a valid opt-out request from California residents in accordance with applicable regulations.

The Site does not transfer personal information to consumer data brokers or general-purpose marketing-list providers.

In the preceding 12 months, we may have sold or shared the categories of personal information described above with the categories of recipients described above for the business purposes described in this Privacy Policy.

Requests may be submitted using the contact information provided below.

16. European Privacy Rights

Individuals located in the European Economic Area, United Kingdom, or similar jurisdictions may have rights under applicable data-protection laws, including the General Data Protection Regulation ("GDPR").

Depending on applicable law, individuals may have rights relating to access, correction, deletion, portability, restriction, objection, and withdrawal of consent.

Where required by applicable law, we process information based on one or more legal grounds, including consent, contractual necessity, legitimate interests, legal obligations, protection of rights and security, and other lawful bases.

Requests relating to privacy rights may be submitted using the contact information provided below.

17. Children's Privacy

The Site is intended for individuals who are at least 18 years old.

The Site is not directed toward children, and we do not knowingly collect personal information from individuals under 18 years of age.

If we become aware that information has been submitted by a child in violation of applicable law, we may take steps to delete that information.

18. Third-Party Links and Services

The Site may contain links to third-party websites, vendor pages, resources, webinars, downloads, products, services, and external platforms.

These third parties operate independently from the Site and may maintain separate privacy policies, security practices, data-collection practices, and terms and conditions.

We are not responsible for the content, availability, security, or privacy practices of third-party websites or services.

Users interact with third-party services, vendors, and external resources at their own discretion and subject to the applicable third party's terms and policies.

19. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect operational changes, legal or regulatory developments, technology updates, security practices, business or service changes, or changes to Site functionality or offerings.

Changes become effective upon posting unless otherwise stated.

The Effective Date at the top of this Privacy Policy indicates when the current version became effective.

Continued use of the Site after changes are posted constitutes acknowledgment of the revised Privacy Policy.

We encourage users to review this Privacy Policy periodically.

20. Contact Information

Questions, requests, or privacy-related inquiries may be directed to:

Application Security Standards https://appsecuritystandards.org

Privacy Requests: [email protected]
General Inquiries: [email protected]
Editorial Inquiries: [email protected]
Vendor Inquiries: [email protected]

Application Security Standards is operated by: