LockPath is committed to providing excellent service for its Keylight GRC Platform. LockPath respects your right to privacy and your desire to control personal data that you share with LockPath. As such, LockPath has created this Privacy Policy to inform you about its privacy practices. To view LockPath’s Privacy Policy, please visit: https://lockpath.com/privacy/  This privacy policy covers all customer, pilot, demo and test instances hosted at https://*.keylightgrc.com/. Additionally, LockPath’s corporate site www.LockPath.com is covered by this privacy policy.

LockPath is eligible to participate and adheres to the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Frameworks with respect to personal data that it receives in the course of providing LockPath services. Information and website links about LockPath’s participation in the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework can be found below.

Keylight may contain links to other external web sites. LockPath is not responsible for the privacy, content or security practices of third-party sites.



Personal Information

What we collect, how we use it and how it is shared.

There are four ways in which you may consent to provide personal information to us.

  1. Email request for information – LockPath uses links throughout its web sites that provide you a way to ask questions via email, request information, register for events or webinars and request support / assistance. You may also be offered the opportunity to have one of our representatives contact you to provide information. LockPath may request personal information from you, such as your name, phone number and email address to help us track and satisfy your request. LockPath may share your personal information with third parties, such as vendors providing supporting technology or tools in order for LockPath to provide the services above and as described in this privacy policy. LockPath does not sell your information to third parties.
  2. Web Forms – LockPath uses web forms throughout its web sites that provide you with a way to seek additional information. As part of this, LockPath may request personal information from you such as your name, phone number and email address to help us track and satisfy your request.
  3. Use of the LockPath Platform – When purchasing, evaluating or using a subscription to Keylight, certain personal information will be requested such as your name, address, phone number and email address. The LockPath platform may require certain personal information such as your name and email address. This information is used by the platform to send alerts / notifications to you. LockPath does not perform onward transfer of this personal information to third parties. Should there be future onward transfer to third parties of data of EU or Swiss individuals received by LockPath and pursuant to the EU-US Privacy Shield and Swiss-US Privacy Shield, LockPath is potentially liable, unless of course LockPath proves we are not responsible for the event giving rise to the damage. You will be notified of onward transfer of your personal information to third parties by email and/or public notice on this site.
  4. Employment – For persons interested in working at LockPath, certain information may be requested such as a resume, name, address, phone number, email address and other employment related information. LockPath may use this information for the purpose of employment consideration. LockPath never collects any personal data revealing racial or ethnic origin, religious beliefs, health/medical conditions, political opinions or sexual orientation.


Site Analytics

When you visit LockPath web sites, various systems collect personal information and statistical or non-personally identifiable information (non-PII) about your visit, including IP Address, pages visited, origin of visitor domains, and types of browsers used. To the extent permitted by applicable law, LockPath reserves the right to combine non-PII with personal information that you have actively submitted.



A cookie is a piece of information that our web sites send to your browser, which then stores this information on your system. Cookies are used to remember information about you and your preferences.

KeylightGRC Cookies
The Keylight GRC Platform uses cookies to track authenticated sessions. When you login to Keylight, a temporary session cookie is written to your machine that enables us to track your session / interaction with Keylight. Keylight may also use persistent cookies for tracking single-sign-on preferences such as LDAP or SAML authentication or language preferences.

LockPath.com Cookies
LockPath uses Google Analytics to track page visits on www.LockPath.com, which makes use of permanent cookies. Additionally, LockPath uses temporary persistent cookies to track requests for downloads. By using cookies, users are able to retrieve additional information without needing to provide their information multiple times.


Web Beacons

LockPath uses some third-party services for web / email marketing purposes that may make use of web beacons. This capability helps LockPath send email in a format that users can read and allows LockPath to determine the aggregate number of emails opened. The web beacon does not collect any personal information.


Testimonials & Endorsements

LockPath displays personal testimonials and endorsements of happy customers on its site. With your consent, LockPath may post your testimonial with your name. If you wish to update or delete your testimonial, you may do so by contacting the LockPath Privacy Contact as described below.



LockPath may request information from customers via surveys. Participation in these surveys is 100% voluntary. Survey information will be used for improving our customer service and products. The feedback LockPath collects is aggregated and we do not track individual responses unless the respondent chooses to be identified.


LockPath Blogs

If you use a blog on our web site, you should be aware that any personal information you submit can be read, collected or used by other users of these blogs. LockPath is not responsible for personal information that you choose to submit in these blogs. You are also responsible for adhering to the Terms of Use set forth on the relevant blog site. To request removal of your personal information from our blog, please contact the LockPath Privacy Contact as described below. In some cases LockPath may not be able to remove your information. In the event that LockPath cannot remove your information you will be contacted with an explanation.



LockPath uses reasonable physical, electronic, and administrative safeguards to protect your personal information from misuse, unauthorized access, disclosure, alteration, loss, or destruction. LockPath exercises the same rigorous security solutions, practices and standards to protect all data collected and maintained by LockPath, regardless of the source.


Changes to this Policy

This policy may be updated periodically to reflect changes to LockPath’s privacy and information security practices. If LockPath makes any material changes, you will be notified by email and/or a public notice on this site prior to the changes becoming effective.



LockPath EU-US and Swiss-US Privacy Shield Frameworks

LockPath complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. LockPath has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www. Privacyshield.gov/ LockPath is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

In Compliance with the EU-US and Swiss-US Privacy Shield Principles, LockPath commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact LockPath via the information below and LockPath will respond within 45 days of the inquiry or complaint.

LockPath, Inc.
Melanie Ekeland
6240 Sprint Parkway, Suite 100
Overland Park, KS 66211
(913) 601-4800

LockPath has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.


Scope of Notice

This notice does not apply to employees of LockPath. This notice applies to persons residing in the European Union (EU) or Switzerland (Swiss) whose data LockPath may receive from its customers, suppliers or other businesses in the EU or Switzerland.


Types of EU or Swiss Data

LockPath collects data and performs processing services primarily for businesses and rarely, if ever, for consumers. As a result, LockPath mostly receives business information from the EU or Switzerland. Occasionally LockPath may receive contact information related to individual representatives of businesses with whom LockPath is dealing, including names, addresses, work phone numbers, work email addresses, etc.



LockPath collects and uses EU or Swiss data for purposes of providing data processing services to its customers, communicating with corporate partners about business matters, processing data on behalf of customers, transmitting marketing emails, and performing various marketing activities.



LockPath does not sell EU or Swiss data to third parties. . LockPath may disclose your personal information as required by law, such as to comply with a subpoena or similar legal process or government request. LockPath may also be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. LockPath may also disclose your personal information if LockPath, Inc. is involved in a merger, acquisition or sale of all or a portion of its assets. You will be notified by email and/or a notice on our web site of any change in ownership or uses of your personal information.


Opt Out

All marketing emails from LockPath contain opt out language / features to make it easy for people to unsubscribe from future mailings.


Access, Review and Choice

EU or Swiss persons whose EU or Swiss data LockPath holds may request confirmation of and/or access to their personal information, and also have the opportunity to update, correct or delete some or all of the EU or Swiss data, including the ability to opt out of sharing their personal information with third parties. To submit such requests, please contact the LockPath Privacy Contact as described below. LockPath reserves the right to authenticate a person’s identity, to charge an adequate fee for providing access, and to deny requests except as required by the Privacy Shield Principles.


Data integrity

LockPath takes reasonable steps to ensure that your personal information is limited to that which is relevant for the purposes of processing and is accurate, complete, and current by using the most recent information provided to us.



To view our certification page, please visit https://www.Privacyshield.gov. LockPath is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).


Contact Information

If you have questions about LockPath’s Privacy Policies / Program, please contact the LockPath Privacy Contact at:

LockPath, Inc.
Melanie Ekeland
6240 Sprint Parkway, Suite 100
Overland Park, KS 66211
(913) 601-4800