top of page

Privacy Policy

Welcome to goMISP (“we”, “us”, “our”, “goMISP”). We operate the website https://www.gomisp.com (the “Site”) and provide managed MISP (Malware Information Sharing Platform) services (the “Services”). We are committed to protecting and respecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you access or use our Site or Services.
 

1. Data Controller

goMISP is operated by WALLSEC GmbH (Industriestraße 44, 69190 Walldorf, Germany).
If you have questions about this policy or our practices, please contact us at datenschutz@wallsec.de.

​

2. Scope of This Policy

This Privacy Policy applies to:

  • Visitors to the Site (e.g. when you browse, contact us, request a quote, make a purchase).

  • Customers and users of the Services (e.g. your organization’s users of your hosted MISP instance).

  • Prospective clients, leads, and any individuals whose data we process in relation to sales, support, or operations.

This Policy does not cover data processing by third parties (other than as described below) or data handled in other systems not operated by us, unless otherwise stated.

​

3. What Personal Data We Collect

We may collect and process the following categories of personal data:
Contact and identity data - such as name, job title, organisation, email address, telephone number, and address. This information is typically collected when you contact us, register, or request a quote.

Account credentials and login data - including username, password, and multi-factor authentication data, used for customer accounts.

Usage and service data - such as logs, IP addresses, device identifiers, browser type, operating system, timestamps, usage statistics, API calls, and feature usage information.

Billing and payment data - including billing address, VAT number, and payment method details (which are handled via our payment provider).

Support and communication data - covering communications you send to us (via email, chat, or helpdesk tickets), as well as support logs and feedback.

Marketing data - including preferences, consent status, records of communications you receive from us, and marketing engagement data (such as email opens and clicks).

We endeavour to collect only the minimum data necessary for our operations.
 

4. How We Use Your Personal Data / What We Use It For​

​​We process your personal data for the following purposes and legal bases:​

Purpose

Legal Basis

Legitimate Interests

Providing and operating the Services

Performance of contract

Managing your account, authentication and access

Performance of contract

Billing, invoicing, payments

Performance of contract

Customer support and helpdesk

Performance of contract / legitimate interests

We need to respond to support requests, maintain quality

Communication relating to the Services (updates, changes, notices)

Performance of contract / legal obligation

Marketing, newsletters and promotional materials

Consent (where required) / legitimate interests

Where permitted by law, we may send you marketing communications, unless you opt-out

Analytics and performance optimization

Legitimate interests

To monitor, improve, secure, and audit our systems and Site

Fraud prevention, legal compliance, audits

Legal obligation / legitimate interests

To prevent misuse, comply with laws, defend or establish legal claims

Integration & automation with third-party tools

Performance of contract / legitimate interests

If you integrate our Services with your systems (SIEMs, SOARs, etc.), we may exchange data as needed

We will not process your personal data for purposes incompatible with the ones listed above unless we obtain your consent or are otherwise legally permitted.

​

5. Sharing, Disclosure & Third Parties

We work with trusted third-party service providers (“processors”) to host, analyze, and improve our website and services.
Each provider processes personal data strictly on our behalf and under data protection agreements consistent with the GDPR.

Below is a list of our main processors, their purpose, and a link to their respective privacy policies:​

Provider

Purpose

Region/Safeguards

Privacy Policy

Microsoft Azure (Microsoft Ireland Operations Ltd.)

Cloud infrastructure and hosting for MISP instances and related services

EU (Primary) / Worldwide — Standard Contractual Clauses (SCCs); ISO 27001 and SOC 2 certified

Google Analytics (Google LLC)

Website usage analytics, anonymized traffic insights

EU / USA — Standard Contractual Clauses (SCCs), IP anonymization enabled

Google Maps (Google LLC)

Embedded maps and geolocation display

EU / USA — SCCs; data shared only when maps are viewed

Google Ads (Google LLC)

Advertising performance, remarketing, and conversion tracking (only with consent)

EU / USA — SCCs

LinkedIn (LinkedIn Ireland Unlimited Company)

Marketing, analytics, and recruitment activities

EU / USA — SCCs

BlueSky (Bluesky Social PBC)

Optional social media integration and embedded community feeds

EU / USA — Standard Contractual Clauses (SCCs), IP anonymization enabled

WIX (Wix.com Ltd.)

Website hosting, CMS platform, and infrastructure services

EU / Israel — Adequacy Decision (Israel) and SCCs

Atlassian (Atlassian Pty Ltd.)

Internal project management and support (e.g., Jira, Confluence)

EU / Australia / USA — SCCs; ISO 27001 certified

Consentik

Cookie consent management, storage of consent logs

EU — GDPR-compliant; stores only minimal cookie preference data

All processors are evaluated for compliance with data protection laws, and appropriate contractual safeguards (such as EU Standard Contractual Clauses) are in place.

We may also work with additional processors for functions like secure email delivery, billing, or customer support. A current list of processors is available on request.

​

6. International & Cross-Border Data Transfers 

Some of the third-party services listed above are located or store data outside the European Economic Area (EEA).
Whenever personal data is transferred internationally, we ensure appropriate safeguards are applied, such as:

  • EU Standard Contractual Clauses (SCCs) adopted by the European Commission,

  • Adequacy decisions (e.g., Israel), or

  • Additional technical measures such as encryption and pseudonymization.

We continuously review our partners to ensure compliance with EU data protection standards.

​

7. Data Retention & Deletion

  • We retain personal data only for as long as required to fulfil the purposes for which it was collected, including for legal, accounting, or reporting obligations or defense of legal claims.

  • Where applicable, we anonymize or delete data when it is no longer needed.

  • For customer accounts, upon termination, we may delete or anonymize personal data after a defined retention period (e.g. 12 months or as per contractual terms), unless required to keep it longer by law.
    ​

8. Security Measures

We take technical and organizational measures to protect personal data, including:

  • Encryption in transit (TLS) and at rest where applicable.

  • Network security, firewalling, intrusion detection and prevention.

  • Access controls, role-based access, least privilege.

  • Regular vulnerability assessments, penetration testing, audits.

  • Backup and recovery procedures to protect against data loss.

  • Multi-factor authentication (MFA) for administrative access.

  • Secure logging, monitoring, and incident response processes.

Nevertheless, no system is perfectly secure; in the event of a data breach, we will notify affected users and authorities as required by applicable law.

​

9. Your Rights & Choices

Depending on your jurisdiction (e.g., GDPR in the EU), you may have rights regarding your personal data. These can include:

  • Right to access — request a copy of the personal data we hold about you.

  • Right to rectification — request correction of inaccurate or incomplete data.

  • Right to erasure (“right to be forgotten”) — request deletion of your personal data, subject to lawful exceptions.

  • Right to restrict processing — ask us to limit how we use your data.

  • Right to object — object to certain processing (e.g. marketing, profiling).

  • Right to data portability — receive your data in a structured, commonly used, machine-readable format and transmit it elsewhere.

  • Right to withdraw consent — where processing is based on consent, you can withdraw at any time.

  • Right to lodge complaints — e.g. with relevant data protection authorities.
     

To exercise any rights, please contact us at contact@gomisp.com. We may ask you to verify your identity.

​

10. Cookies & Tracking Technologies

What are cookies?

A cookie is a small data file that is placed on your device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

Cookies set by the website owner (in this case, WALLSEC GmbH) are called "first party cookies". Cookies set by parties other than the website owner are called "third party cookies". Third party cookies enable third party features or functionality to be provided on or through the website (e.g. like advertising, interactive content and analytics). The parties that set these third party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.

Our website uses cookies and similar technologies managed through Consentik, our consent-management platform.
These tools help us comply with GDPR and ePrivacy requirements by recording and respecting your cookie preferences.

Depending on your consent, we may use:

  • Essential cookies — Required for the website to function (e.g., session management, security, Consentik settings).

  • Analytics cookies (Google Analytics) — To collect anonymized statistics about site usage.

  • Functional cookies (WIX, Google Maps) — For interactive features and enhanced usability.

  • Marketing cookies (Google Ads, LinkedIn) — To deliver personalized ads and measure campaign performance.

  • Social & community cookies (BlueSky) — To support embedded social features, if used.

When required by law (e.g. EU), we will present a cookie consent banner allowing you to accept, reject or configure non-essential cookies.

You may disable or delete cookies via your browser settings, though some features of the Site may cease to function properly.

​

11. Minors

Our Services and Site are not directed at minors (e.g. under 16). We do not knowingly collect personal data from minors. If we learn that we have inadvertently collected personal data of a minor, we will take steps to delete it.

​

12. Changes to This Policy

We may update this Privacy Policy from time to time (e.g. in response to new laws or changes to our practices). We will post the revised policy on the Site with a new effective date, and where required, provide notice (e.g. via email for registered users). We encourage you to review this page periodically.

​

13. Contact & Complaints

goMISP
Email: contact@gomisp.com
Industriestraße 44, 69190 Walldorf, Germany

bottom of page