Privacy

Privacy Policy

Effective Date: July 1, 2026

Recast Software, Inc. and its affiliates, including Liquit Software B.V. (collectively, “Recast,” “we,” “us,” or “our”), provide endpoint management, endpoint analytics, privilege management, application management, and end-user workspace software and related services (collectively, the “Software”).

“You,” “your,” or “user” refers to an individual associated with a customer organization (“Customer”) who accesses or uses the Software. This Privacy Statement explains how we collect, use, disclose, and safeguard Personal Information when you access or use the Software. For purposes of this Privacy Statement, “Customer Data,” means any data, which may include limited Personal Information, as further defined in Section 2, that is provided to, collected by, or processed within the Software by or on behalf of the Customer.

Your use of the Software is subject to Recast’s applicable Terms of Service, End User License Agreement, and any other agreements between Recast and you or your organization (collectively, the “Terms”). This Privacy Statement is intended to supplement those Terms and describes how Personal Information is collected, used, and protected in connection with the Software.

We may disclose Personal Information where required by law or where we believe in good faith that such action is necessary to comply with legal obligations, enforce our rights, or protect the safety of our users, customers, or the public.

1. SCOPE AND ROLES (CONTROLLER VS. PROCESSOR)

Depending on the context, Recast may act as either:

  • Controller: When we determine the purposes and means of processing Personal Information (e.g., website visitors, marketing interactions, and account creation).
  • Processor: When we process Personal Information on behalf of our customers in connection with the Software.

Where Recast acts as a processor, such processing is governed by applicable agreements with the customer, including any Data Processing Addendum (DPA) or similar contractual provisions.

2. PERSONAL INFORMATION WE COLLECT

We may collect Personal Information in connection with your use of the Software. “Personal Information” means any information relating to an identified or identifiable individual, including indirect identifiers such as device identifiers or IP addresses.

We collect Personal Information in the following ways:

Information you Provide

  • Name, email address, and phone number
  • Company name and job title
  • Account credentials and login information
  • Billing and payment information (processed by third parties)
  • Communications and support inquiries

Automatically Collected Data

  • IP address, browser type, and device information
  • Site activity, pages viewed, and referring URLs
  • Usage metrics and system interactions

Software Telemetry and Operational Data

Certain products collect operational and telemetry data to support functionality, security, and performance, including:

  • System configuration (e.g., operating system and software version)
  • Error logs and diagnostic data
  • Feature usage and performance metrics

We may also collect pseudonymized identifiers (e.g., hashed values of device, username, or domain) for license validation, security, and product functionality.

Sensitive Data

Recast is not designed to process or store “Sensitive Personal Information” or “Sensitive Personal Data,” and we do not expect or intend customers or users to submit such data to the Software.

For purposes of this Privacy Statement, “Sensitive Personal Information” or “Sensitive Personal Data,” as defined under Article 9 of GDPR, (collectively, “Sensitive Data”) means:

  • Government-issued identification numbers
  • Financial account or payment information
  • Health or medical information
  • Biometric identifiers
  • Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, or trade union membership
  • Any other data subject to heightened legal or regulatory protections

Customers should not submit Sensitive Data unless expressly agreed to in writing with Recast and subject to appropriate safeguards.

Identity and Access Data (Enterprise Integrations)

If enabled by customers, integrations (e.g., Microsoft Entra ID or LDAP) may include:

  • User identifiers (e.g., user principal name)
  • Profile attributes (e.g., name, email, job title)
  • Group membership and directory metadata

Customers control the configuration and scope of such data.

Customer Data (Processor Context)

Customers may upload or control data processed through the Software. Recast processes such data solely on the customer’s instructions and in accordance with applicable agreements.

Use of Personal Information

We use Personal Information to:

  • Provide, operate, and maintain the Software
  • Process transactions and manage accounts
  • Respond to inquiries and provide support
  • Improve product functionality, performance, and reliability
  • Ensure security, prevent fraud, and protect systems
  • Send communications, including marketing (with opt-out options)
  • Comply with legal obligations

Where applicable under data protection laws such as the GDPR, we process Personal Information based on one or more legal bases, including performance of a contract, legitimate interests, consent (where required), and compliance with legal obligations, as further described in this Privacy Statement.

3. TELEMETRY, OPERATIONAL DATA, AND CUSTOMER CONTROLS

As described in Section 2 (Personal Information We Collect), certain Software collects operational and telemetry data to support functionality, security, and performance.

Required Operational Data

Certain data is necessary for:

  • License activation and validation
  • Core product functionality

This data may include pseudonymized identifiers and operational event data and may not be configurable or disabled within the Software.

Optional Analytics Telemetry

Some products offer optional analytics telemetry, which:

  • May be configurable or disabled by customers
  • Is used to improve product performance, reliability, and usability

Optional Features

Some features (e.g., reporting or advanced analytics functionality):

  • May be disabled by default
  • May be enabled by customer administrators
  • May require additional data processing when enabled

Customer configurations and administrative controls may affect available functionality within the Software.

Aggregate, Deidentified, Analytical, and Pseudonymized Data

We may process data in the following forms:

  • Aggregate Data means information combined so that no individual can be identified.
  • Deidentified Data means data cannot reasonably be used to identify an individual.
  • Analytical Data means data used to understand usage, performance, and improvement of the Software
  • Pseudonymized Data* means the Processing of Personal Information where Personal Information can no longer be attributed to a specific person without additional information.

* Pseudonymized data may still qualify as personal data if it can be linked back to an individual using additional information. In such cases, applicable data protection laws continue to apply.

We use these data types to:

  • Improve and enhance the Software
  • Develop new features and functionality
  • Monitor performance and reliability
4. ARTIFICIAL INTELLIGENCE AND AUTOMATED PROCESSING

Recast may use artificial intelligence or machine learning technologies in connection with the Software to support functionality, security, and performance, as well as to improve the Software.

Recast does not use Customer Data or Personal Information processed on behalf of customers to train or fine-tune artificial intelligence or machine learning models, except as authorized by the Customer and in accordance with applicable agreements and law.

Recast does not use artificial intelligence to make automated decisions that produce legal or similarly significant effects about individuals in connection with the Software without appropriate human oversight and, where required, consent.

Any use of artificial intelligence by Recast is subject to applicable confidentiality, security, and data protection obligations and is designed to comply with applicable laws. Recast may use artificial intelligence tools for internal business operations (including administrative, operational, support, security, billing, invoicing, collections, and communication purposes), provided that such use is subject to reasonable administrative, technical, and organizational safeguards and is consistent with the restrictions as set forth above.

5. SHARING OF PERSONAL INFORMATION

We do not sell Personal Information or share Personal Information for cross-context behavioral advertising purposes.

Service Providers and Sub-processors

We use vetted third-party service providers (sub-processors) to support the delivery of the Software, including for hosting, infrastructure, customer support, communications, analytics, and business operations.

These sub-processors process Personal Information only on our documented instructions and are subject to contractual obligations, including appropriate data protection and confidentiality requirements consistent with applicable data protection laws.

A current list of our sub-processors, including their purpose and processing location, is available at:
https://trust.recastsoftware.com/

We maintain and update this list as part of our ongoing compliance and vendor management processes.

Legal and Compliance Disclosures

We may disclose Personal Information where required to do so by law or where we reasonably believe such action is necessary to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to lawful requests by public authorities, including to meet national security or law enforcement requirements
  • Enforce our agreements or protect our legal rights
  • Protect the safety, security, and integrity of our Software, customers, users, or the public

Business Transfers

We may disclose or transfer Personal Information in connection with, or during negotiations of, any merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets.

6. INTERNATIONAL DATA TRANSFERS

Recast operates globally and may process Personal Information in multiple countries, including the United States and the European Economic Area (“EEA”), the United Kingdom, and Switzerland.

Where required under applicable data protection laws, we implement appropriate safeguards for the transfer of Personal Information across borders, including:

  • Standard Contractual Clauses (“SCCs”)
  • The EU-U.S. Data Privacy Framework and applicable extensions
  • Other lawful transfer mechanisms

Certain Software, including specific Recast offerings, may be configured to host and process data within designated regions (e.g., European data center environments), depending on the customer’s deployment and configuration.

Data transfers are conducted in accordance with applicable data protection laws.

7. DATA RETENTION

We retain Personal Information only for as long as necessary to fulfill the purposes described in this Privacy Statement, including to provide the Software, comply with our legal obligations, resolve disputes, and enforce our agreements.

Retention periods may vary depending on:

  • The nature of the data
  • The applicable product or Software configuration
  • Customer instructions (where we act as a processor)
  • Legal and regulatory requirements

When Personal Information is no longer required, we take reasonable steps to delete or deidentify it in accordance with applicable laws and our internal data retention policies.

8. COOKIES, ANALYTICS, AND MARKETING

Recast uses cookies and similar technologies to operate the Software, improve functionality, analyze usage, and support marketing activities.

Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Enable core functionality and site performance
  • Personalize user experience
  • Analyze usage and improve our Software
  • Support advertising and marketing activities

You can control or disable cookies through your browser settings. However, if you choose to disable cookies, certain features of the Software may not function properly.

Analytics

We use analytics tools, such as Google Analytics, to better understand how users interact with our Software. These tools may collect information such as:

  • Pages visited
  • Time spent on pages
  • Device and browser information
  • IP address and general location data

You can learn more about Google Analytics and opt out by visiting:
https://tools.google.com/dlpage/gaoptout

Advertising and Retargeting

We may use third-party advertising and remarketing Software (such as Google Ads) to display advertisements on third-party websites to users who have previously visited our site.

These Software use cookies and similar technologies to deliver advertisements based on prior interactions with the Software.

You can manage your advertising preferences through tools such as:
https://www.google.com/settings/ads

Email Communications

We may send administrative, Software-related, and marketing communications. Marketing communications may include newsletters, product updates, and promotional messages.

Where permitted by applicable law, we may track email engagement (such as opens and clicks) using technologies such as pixel tags or web beacons to improve communication effectiveness.

You may opt out of marketing communications at any time by using the unsubscribe link included in the email.

Third-Party Websites and Software

The Software may include links to third-party websites or integrations. These third parties may have their own privacy policies and data collection practices. Recast is not responsible for the privacy practices of third-party Software.

9. SECURITY AND COMPLIANCE

Security

Recast treats the security of customer data and Personal Information with the utmost importance. We implement and maintain technical and organizational measures designed to protect Personal Information against unauthorized access, disclosure, alteration, and destruction.

Our security program includes governance practices, policies, and procedures designed to identify and manage risks, including:

  • Data classification and handling standards
  • Security awareness and training programs
  • Risk assessments and vulnerability management
  • Ongoing monitoring and improvement of security controls

Recast maintains an information security program aligned with recognized industry standards. We maintain controls designed to support secure product development, infrastructure operations, and data protection practices, and we undergo regular independent assessments, including annual SOC 2 Type II examinations. Where applicable, our controls are informed by internationally recognized frameworks such as ISO/IEC 27001.

Recast maintains incident response procedures designed to detect, respond to, and remediate security incidents.

Access Controls

Recast maintains access controls designed to ensure that only personnel with a legitimate business need and appropriate authorization may access internal systems and Personal Information.

Access control measures include:

  • Limiting access to authorized personnel with a demonstrable need to access systems or data
  • Enforcing least privilege principles to minimize unnecessary access
  • Role-based access controls and authentication safeguards
  • Logging and monitoring access to systems and administrative actions
  • Maintaining audit trails that record activity, including date, time, and authorized personnel
  • Enforcing password complexity and secure authentication practices
  • Secure storage of credentials using industry-standard hashing methods
  • Conducting periodic access reviews to ensure permissions remain appropriate
  • Promptly revoking access when roles change or upon personnel separation

Authorized personnel may perform system administration activities necessary to configure, maintain, and support the Software.

Technical and Organizational Safeguards

We implement appropriate safeguards, including:

  • Encryption of data in transit and, where appropriate, at rest
  • Access controls and authentication mechanisms
  • System monitoring, logging, and alerting
  • Secure infrastructure and environment management

While we take reasonable steps to protect Personal Information, no system or method of transmission over the Internet can be guaranteed to be completely secure.

Handling of Personal Information and Sensitive Data

Recast is not designed to process or store Sensitive Data, and we do not expect or intend for customers or users to submit such data to the Software.

We apply data minimization principles and require that customers limit the Personal Information submitted to the Software to only what is necessary for their intended use. Customers are responsible for determining the nature of the data they input into the Software and for ensuring such use complies with applicable laws.

Customers should not submit, upload, or otherwise make available Sensitive Data within the Software unless expressly agreed to in writing with Recast and subject to appropriate safeguards.

To the extent Personal Information is processed within the Software, such data is treated as confidential and handled in accordance with applicable data protection laws, contractual obligations, and Recast security standards.

Customer Responsibilities

Customers are responsible for:

  • Configuring their use of the Software in accordance with their internal policies and applicable laws
  • Managing user access and permissions within their environment
  • Ensuring that any Personal Information submitted to the Software is appropriate for the intended use and compliant with applicable legal requirements
  • Implementing controls to prevent the upload or use of Sensitive Data where not permitted

EU-U.S. Data Privacy Framework (DPF)

Recast complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”), as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of Personal Information transferred from the European Economic Area (“EEA”), the United Kingdom, and Switzerland to the United States.

Recast has certified to the U.S. Department of Commerce that it adheres to the Data Privacy Framework Principles (“DPF Principles”). If there is any conflict between the terms in this Privacy Statement and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework program and to view our certification, please visit: https://www.dataprivacyframework.gov/

In compliance with the DPF Principles, Recast commits to resolve complaints about our collection or use of Personal Information transferred to the United States. Individuals in the EEA, UK, and Switzerland with inquiries or complaints regarding our handling of Personal Information should first contact Recast using the contact information provided in this Privacy Statement.

Recast commits to cooperate with and comply with the advice of:

  • The EU data protection authorities (DPAs),
  • The UK Information Commissioner’s Office (ICO) and, as applicable, the UK panel for the Data Privacy Framework, and
  • The Swiss Federal Data Protection and Information Commissioner (FDPIC), with regard to unresolved complaints concerning Personal Information transferred under the Data Privacy Framework.

Under certain circumstances, individuals may have the option to invoke binding arbitration to resolve complaints that are not resolved through other Data Privacy Framework mechanisms.

Recast remains responsible for the processing of Personal Information it receives under the Data Privacy Framework and subsequently transfers to third parties acting as agents on its behalf. Recast complies with the Data Privacy Framework Principles for all onward transfers of Personal Information, including the onward transfer liability provisions.

Recast is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).

10. YOUR PRIVACY RIGHTS

This section supplements the information contained in this Privacy Statement and describes your rights under applicable data protection laws, including the General Data Protection Regulation (“GDPR”), the California Privacy Rights Act (“CPRA”), and other applicable U.S. state privacy laws.

These rights may apply to individuals located in the EEA, the UK, and Switzerland, as well as residents of California and other jurisdictions with applicable privacy laws.

Your Rights

Depending on your location and the data protection laws associated (GDPR, CPRA, etc.), you may have the following rights, subject to applicable exceptions:

  • Right of Access / Know
    To request access to the Personal Information we hold about you, including information about how we collect, process, use and disclose it.
  • Right to Correct / Rectification
    To request correction of inaccurate or incomplete Personal Information that we maintain about you.
  • Right to Delete / Erasure (“Right to be Forgotten”)
    To request deletion of your Personal Information, subject to certain legal and contractual restrictions.
  • Right to Restrict Processing
    To request that we restrict the processing of your Personal Information under certain circumstances.
  • Right to Data Portability
    To receive your Personal Information in a structured, commonly used, and machine-readable format and to transmit that data to another controller where technically feasible.
  • Right to Object to Processing
    To object to the processing of your Personal Information where such processing is based on our legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent
    If we rely on your consent to process Personal Information, you may have the right to withdraw that consent at any time.
  • Right to Limit Use of Sensitive Personal Information
     You have the right to request that we limit the use and disclosure of certain sensitive Personal Information, where applicable.
  • Right to Opt-Out of Sale or Sharing
     To request to opt out of the sale or sharing of your Personal Information. Recast does not sell Personal Information or share Personal Information for behavioral advertising purposes.
  • Right to Non-Discrimination
     We will not discriminate against you for exercising your privacy rights.

B2B Context and Customer Relationship

Recast primarily provides Services to organizations (our “Customers”). In many cases, we may process Personal Information on behalf of a Customer as a Data Processor.

If you are an employee, contractor, or end user of one of our Customers:

  • Your organization is typically the Controller of your Personal Information.
  • Recast processes Personal Information in accordance with our agreements with that organization.

As a result:

  • You should direct privacy requests (including access, correction, and deletion requests) to your organization first.
  • We will assist our Customers in responding to such requests, as required under applicable law and our contractual obligations.

In certain circumstances, including where data is hosted or controlled by the Customer (such as self-hosted deployments or customer-configured environments), Recast may not have direct access to or control over the Personal Information needed to fulfill your request.

Exercising Your Rights

To exercise your rights, you may submit a request by contacting us at: [email protected]

Where appropriate, we will:

  • Work directly with you, or
  • Redirect your request to your organization and support them in responding

We may need to verify your identity before processing your request and may require additional information to do so.

Children’s Privacy

Our Software is not intended for individuals under 13. We do not knowingly collect data from children.

11. CHANGES TO THIS PRIVACY STATEMENT AND CONTACT INFORMATION

Updates to This Privacy Statement

We may update this Privacy Statement from time to time. The most recent version is indicated by the “Last Updated” date at the bottom of this Privacy Statement. We encourage you to review this Privacy Statement periodically.

Contact Information

Recast Software, Inc.

40 S. 7th Street, Suite 212, PMB 207
Minneapolis, MN 55402
United States

Liquit Software B.V.

LIQUIT B.V.
Rijnzathe 12, 3454 PV Utrecht
The Netherlands

Chamber of Commerce No.: 64055787

Privacy & Data Subject Requests (All Regions)

For all privacy-related inquiries or to exercise your rights:

Email: [email protected]

12. TRUST CENTER AND ADDITIONAL INFORMATION

Additional information about our security, privacy, and compliance practices is available at: https://trust.recastsoftware.com/

Last Updated: July 1, 2026