Your Privacy

At SailPoint Technologies, Inc. ("SailPoint"), we are committed to respecting your Privacy. We recognize that when you choose to provide us with information about yourself, you trust us to act in a responsible manner and to protect and safely manage any personally identifiable information ("Personal Information") that you share with us.

Personal Information means any information that may be used to identify an individual, including, but not limited to, a first and last name, a physical address and an email address or other contact information, whether at work or at home. In general, you can visit SailPoint's Web pages without telling us who you are or revealing any Personal Information about yourself.

If you choose to provide us with your Personal Information on the Web, we may transfer that Information within SailPoint or to SailPoint's third-party service providers, across borders and from your country or jurisdiction to other countries or jurisdictions around the world.

SailPoint strives to comply with all applicable laws around the globe that are designed to protect your privacy. Although legal requirements may vary from country to country, SailPoint intends to adhere to the principles set forth in this Online Privacy Policy even if, in connection with the above, we transfer your Personal Information from your country to countries that may not require an "adequate" level of protection for your Personal Information. In other words, our goal is to provide protection for your Personal Information no matter where that Personal Information is collected, transferred, or retained.

Where the information originates from a country in the European Union, SailPoint agrees to comply with all the provisions of the U.S.-EU Safe Harbor Framework and makes an affirmative commitment to adhere to the U.S.-EU Safe Harbor Principles, which can be found at http://export.gov/safeharbor. Where the information originates from Switzerland, SailPoint agrees to comply with all the provisions of the U.S.-Swiss Safe Harbor Framework and makes an affirmative commitment to adhere to the U.S.-Swiss Safe Harbor Principles, which can also be found at http://export.gov/safeharbor.

Cookies and Other Tracking Technologies

From time to time, some of our Web pages may utilize "cookies" and other tracking technologies. A "cookie" is a small text file that may be used, for example, to collect information about Web site activity. Some cookies and other technologies may serve to recall Personal Information previously indicated by a Web user. Most browsers allow you to control cookies, including whether or not to accept them and how to remove them.

You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser, but please note that if you choose to erase or block your cookies, you will need to re-enter your original information (i.e., user name, password or general contact info) to gain access to certain parts of the Web site.

Tracking technologies may record information such as Internet domain and host names; Internet protocol (IP) addresses; browser software and operating system types; clickstream patterns; and dates and times that our site is accessed. Our use of cookies and other tracking technologies allows us to improve our Web site and your Web experience. We may also analyze information that does not contain Personal Information for trends and statistics.

Privacy Principles

SailPoint's Online Privacy Policy consists of the following principles:

Notice

Where SailPoint collects Personal Information on the web, we intend to post a purpose statement that explains why Personal Information will be collected and whether we plan to share such Personal Information outside of SailPoint or those working on SailPoint's behalf. SailPoint does not intend to transfer Personal Information without your consent to third parties who are not bound to act on SailPoint's behalf unless such transfer is legally required.

Choice

You may choose whether or not to provide Personal Information to SailPoint. The notice we intend to provide where SailPoint collects Personal Information on the Web should help you to make this choice. If you choose not to provide the Personal Information we request, you can still visit most of SailPoint's Web site pages, but you may be unable to access certain options, offers, and services that involve our interaction with you.

If you chose to have a relationship with SailPoint, such as a contractual or other business relationship or partnership, we will naturally continue to contact you in connection with that business relationship.

Security

Wherever your Personal Information may be held within SailPoint or on its behalf, we intend to take reasonable and appropriate steps to protect the Personal Information that you share with us from unauthorized access or disclosure. SailPoint trains its employees on our privacy policy guidelines and makes our privacy policy available to our business partners. In addition, SailPoint and its business partners enter into confidentiality agreements which require that care and precautions be taken to prevent loss, misuse, or disclosure of your personal information.

Access/Accuracy

To the extent that you do provide us with Personal Information, SailPoint wishes to maintain accurate Personal Information. Where we collect Personal Information from you on the Web, our goal is to provide a means of contacting SailPoint should you need to update or correct that Information. If for any reason those means are unavailable or inaccessible, you may send updates and corrections about your Personal Information to privacy@sailpoint.com and we will make reasonable efforts to incorporate the changes in your Personal Information that we hold as soon as practicable.

Third Party Services

Third parties provide certain services available on SailPoint.com on SailPoint's behalf. SailPoint may provide information, including Personal Information, that SailPoint collects on the Web to third-party service providers to help us deliver programs, products, information, and services. Service providers are also an important means by which SailPoint maintains its Web site and mailing lists. SailPoint will take reasonable steps to ensure that these third-party service providers are obligated to protect Personal Information on SailPoint's behalf.

SailPoint does not intend to transfer Personal Information without your consent to third parties who are not bound to act on SailPoint's behalf unless such transfer is legally required. Similarly, it is against SailPoint's policy to sell Personal Information collected online without consent.

Inquiries and Suggestions

If you require any further information or if you have any questions or concerns about our privacy policies and procedures, please contact us at:

SailPoint Technologies, Inc.
c/o Privacy Manager
11305 Four Points Drive, Building 2, Suite 100
Austin, Texas 78726
USA
email: privacy@sailpoint.com

We will investigate all the concerns we receive and take appropriate measures to ensure that our practices are as stated in this Privacy Statement.

Safe Harbor Data Privacy Policy

SailPoint is a global corporation and has developed global data practices designed to assure personal information is appropriately protected. Not only do we strive to collect, use and disclose personal information in a manner consistent with the laws of the countries in which we do business, but we also aim to uphold the highest ethical standards in our business practices. This Safe Harbor Data Privacy Policy outlines our general policy and practices for implementing both the U.S.-EU and the U.S.-Swiss Safe Harbor Frameworks. If there is any conflict between this policy and the Safe Harbor Principles, the Safe Harbor Principles will govern.

This notice applies to all personal information we handle, including on-line (except as noted below), off-line, and manually processed data. For purposes of this notice, "personal information" means data that: (i) is transferred from the European Union or Switzerland to the United States; (ii) is recorded in any form; and (iii) is about, or pertains to, a specific individual who is identified in, or is identifiable from, the data. "Sensitive information" is a subcategory of personal information. Sensitive information is defined as personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or the sex life of the individual. Sensitive information also includes personal information received from a third party where the third party treats and identifies it as sensitive.

Safe Harbor

The U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework (the "Safe Harbor Principles") were developed by the U.S. Department of Commerce, in consultation with the European Commission and the Swiss Federal Data Protection and Information Commissioner, industry, and non-governmental organizations, to enable U.S. companies to satisfy requirements under the EU Directive on Data Protection and the Swiss Federal Act on Data Protection (FADP) for adequate protection of personal information transferred from the EU or Switzerland to the U.S. SailPoint's privacy practices are self-certified with the United States Department of Commerce Safe Harbor Program. SailPoint has chosen to cooperate with the European Union Data Protection Authorities for unresolved privacy complaints. For more information about Safe Harbor or to access SailPoint's certification statement, go to http://export.gov/safeharbor.

Privacy Principles

The following privacy principles are based on the Safe Harbor Principles.

Notice and Choice

To the extent permitted by the Safe Harbor Principles, SailPoint reserves the right to process personal information in the course of providing professional services to our clients without the knowledge of individuals involved. Where we collect personal information directly from individuals in the EU or Switzerland, we inform them about the types of personal information we collect from them, the purposes for which we collect and use it, and the types of non-agent third parties to which we disclose that information. We also inform those individuals about the choices and means, if any, we offer individuals for limiting the use or disclosure of their information.

Disclosures and Transfers

SailPoint will not disclose an individual's personal information to third parties, except when one or more of the following conditions is true:

• We have the individual's permission to make the disclosure;
• The disclosure is required by law or professional standards;
• The disclosure is reasonably related to the sale or disposition of all or part of our business;
• The information in question is publicly available;
• The disclosure is reasonably necessary for the establishment or defense of legal claims; or
• The disclosure is to another SailPoint entity or to persons or entities providing services on our or the individual's behalf (each a "transferee"), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question:
  • is subject to law providing an adequate level of privacy protection;
  • has agreed in writing to provide an adequate level of privacy protection; or
  • subscribes to the Safe Harbor Principles.

Permitted transfers of information, either to third parties or within SailPoint, include the transfer of data from one jurisdiction to another, including transfers to and from the United States of America. Because privacy laws vary from one jurisdiction to another, personal information may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the information originated.

Data Security

To prevent unauthorized access or disclosure, maintain data accuracy, and ensure the appropriate use and confidentiality of information, either for its own purposes or on behalf of our clients, SailPoint has appropriate physical, electronic, and managerial procedures to safeguard and secure the information we process. However, we cannot guarantee the security of information on or transmitted via the Internet.

Data Integrity

SailPoint processes personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for such purposes, we take reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.

Access and Correction

If an individual becomes aware that information we maintain about that individual is inaccurate, or if an individual would like to update or review his or her information, the individual may contact us using the contact information below. We will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate. The individual will need to provide sufficient identifying information, such as name, address, birth date, and social security number. We may request additional identifying information as a security precaution. In addition, we may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive in the circumstances, or as otherwise permitted by the Safe Harbor Principles.

Enforcement and Dispute Resolution

SailPoint utilizes a self-assessment program to monitor our compliance to the Safe Harbor Principles and to address questions and concerns regarding our compliance. This program will include a statement, at least once a year, signed by our authorized representative, verifying our adherence to the Safe Harbor Principles. We encourage interested persons to raise any concerns with us using the contact information below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy.

With respect to any complaints relating to this policy that cannot be resolved through our internal processes, we have agreed to participate in the dispute resolution procedures of the panel established by the European Union Data Protection Authorities to resolve disputes pursuant to the Safe Harbor Principles. In the event that we or such authorities determine that we did not comply with this policy, we will take appropriate steps to address any adverse effects and to promote future compliance.

Any person who we determine is in violation of our privacy policies will be subject to disciplinary procedures.

Amendment

We may amend this policy from time to time by posting a revised policy on this Web site, or a similar Web site that replaces this Web site. If we amend the policy, the new policy will apply to personal information previously collected only insofar as the rights of the individual affected are not reduced. So long as we profess to adhere to the Safe Harbor Principles, we will not amend this policy in a manner inconsistent with the Safe Harbor Principles.

Contact Information

If you require any further information or if you have any questions or concerns about our Safe Harbor policies, procedures, or certification, please contact us at:

SailPoint Technologies, Inc.
c/o Safe Harbor Privacy Manager
11305 Four Points Drive, Building 2, Suite 100
Austin, Texas 78726
USA
email: safeharbor@sailpoint.com