Last updated: May 12, 2025
IONIX.IO Ltd and its related companies (”IONIX,” “company,” “we,” “us,” or “our”) respect the privacy of our users (“User(s),” “you,” “data subject(s),” or “Visitor(s)”) and our customers (“Customer(s)”). We are committed to safeguarding your personal data, which you share with us through our website located at https://www.ionix.io/ (the “Site” or “Website”) and our web application, IONIX platform (the “Software” or “App”). Together, the Site, Software, and any related services we offer are referred to as the “Services.”
Our Privacy Policy (the “Policy” or “Privacy Policy”) outlines the data collection and processing practices used in connection with our Services. This Policy aims to provide transparency regarding the types of personal information we collect and how we use it. By accessing our Site, using our Software, or utilizing our Services, you acknowledge and agree to the data practices described in this Policy.
IONIX specializes in cybersecurity, offering a comprehensive Threat Exposure Management platform designed to identify, prioritize, and remediate risks across an organization’s attack surface, including cloud environments, infrastructure dependencies, and digital supply chains. While the company primarily generates simulations to model potential vulnerabilities and generally does not directly process Personally Identifiable Information (PII), this analysis highlights potential risks to PII. These risks include exposure through asset discovery processes, third-party integrations, misconfigurations in digital supply chains, PII processing via IONIX digital assets, and other scenarios. This gap analysis evaluates IONIX’s adherence to global privacy and data protection regulations, particularly the EU General Data Protection Regulation (GDPR) and key U.S. state privacy laws. It emphasizes the need to address situations where indirect interactions with PII could pose compliance challenges or security risks.
Please note that if you access a third-party website through a link provided in our Services, we encourage you to review their privacy policies before submitting any personal information. By visiting our Site or registering for our Services, you consent to our collection and use of your information in accordance with this Privacy Policy.
Preliminary Notes
Please read this policy and make sure you fully understand our practices in relation to your personal information before you access or use the Site or our Services. If you have read this Privacy Policy and remain opposed to our practices, you must immediately leave this Site and discontinue all use of the Services.
Binding Agreement – This Privacy Policy constitutes an integral part of our Terms and Conditions (“Terms”)
Content – Our Site and Services do not contain inappropriate content. Nevertheless, we use appropriate technical and organizational measures to ensure the protection and retention of data subjects.
IONIX provides this Privacy Policy, which will be updated from time to time to inform you of our policies and procedures regarding the collection, use, and disclosure of personal information we receive when you use the Site and our Services.
Changes and updates to this Privacy Policy – We reserve the right to modify or update this Privacy Policy, to reflect changes in our Services or data processing practices or to conform to a regulatory requirement. Such changes will be effective immediately upon the display of the revised Privacy Policy. The last revision date will be reflected in the “Last Updated” heading. If we make material changes to this Privacy Policy, we will do our best to notify you by email or through a notice on our Site.
We created this Privacy Policy to emphasize our commitment to protecting your privacy. Using our Site and Services may require you to provide certain Personal Data (as defined below), but only if you choose to do so voluntarily. Some features of our Site and Services, such as accessing our Platform, may require registration and submission of Personal Data, as detailed in this Policy. We will retain and handle the Personal Data you provide in accordance with this Privacy Policy.
This Privacy Policy has been developed in accordance with the EU & UK General Data Protection Regulation (GDPR), US state-specific privacy laws, and other applicable privacy regulations. Depending on your country of residence, additional rules may apply to your personal data (referred to below as “Applicable Privacy Laws“).
If you would like to learn more about IONIX’s region-specific processing of personal data, please refer to the relevant notices below for individuals in different regions.
Please read the Privacy Policy carefully to ensure you understand it and agree with its terms before using the Site and the Services. You have no legal requirement to provide us with your Personal Data. We collect, process, and retain your Personal Information only if you choose to access and engage with our Site and/or our Services and in accordance with this privacy policy. You can always avoid providing us with certain Personal Data; however, you acknowledge that it may prevent us from providing you with certain Services or from using our Site. If you do not agree with any of the terms provided in this Privacy Policy, and the choices we provide do not mitigate your concerns, please do not access or use our Services and avoid accessing and using our Site.
Definitions
For the purposes of this Privacy Policy:
“Adequate Country“means a country or territory recognized by the European Commission or by the United Kingdom (as applicable) under the Data Protection Laws as providing adequate protection for Personal Data;
“Applicable Privacy Laws” means any applicable privacy or other law relevant to our operations, including the General Data Protection Regulation (EU) 2016/679 (GDPR); European Union Member State laws, Switzerland, the United Kingdom, rules, and guidelines implementing or supplementing the GDPR, as amended from time to time and to the extent applicable to our Company’s operation and our Services; the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), Cal. Civ. Code §§ 1798.100 et seq.; and additional US state-specific privacy laws, including but not limited to the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), the Texas Data Privacy and Security Act (TDPSA), and other similar state laws enacted or amended in the future; the Israeli Privacy Protection Law, 5741-1981, including any amendments and regulations enacted thereunder, such as the Privacy Protection Regulations (Transfer of Data to Databases Abroad), 5761-2001, and the Privacy Protection Regulations (Data Security), 5777-2017, as well as any applicable guidelines, standards, and instructions published by the Israeli Privacy Protection Authority (ILITA), in effect from time to time, relating to data protection and privacy.
Minor refers to a data subject underage (under 16 years or less depending on the legal jurisdiction applicable), whose processing of his/her personal data is only lawful if parental or guardian consent has been obtained.
Data Controller refers to any natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data and establishes the necessary controls for such processing.
Data Processor refers to any natural or legal person, public authority, agency, or other body (excluding employees of the Data Controller) that processes Personal Data on behalf of the Data Controller.
Data Subject refers to an identified or identifiable individual to whom the Personal Data relates.
Data Subject Consent refers to the Data Subject’s approval or agreement for an activity to take place, having considered the benefits and risks of the activity. For consent to be valid, the Data Subject needs to be informed, have the capacity and knowledge to decide, and to have given their consent voluntarily.
Personal Data (or Personal Information) refers to information about a living individual, which means that they can be identified (a) from that data, or (b) from that data and any other information capable of being associated with, or reasonably linked to, a particular person, now or in the future, as provided in this Privacy Policy.
“Non-personal data” means information that does not personally identify you and does not reveal your specific identity as an individual, such as anonymized information.
Processing refers to any operation that is performed upon or applied to personal data, whether undertaken manually or by automated means, including its acquisition, organization, storage, retrieval, consultation, amendment, availability, disclosure, erasure, or destruction.
Subprocessor shall mean any entity appointed by us or by one of our sub-processors, to Process Personal Data on our behalf or on behalf of that sub-processor, excluding any employee of our sub-processor or of any such appointed person but including any contractor or affiliate of the foregoing.
The terms “Controller“, “Processor“, “Sub-Processor”, “Data Subject“, “Personal Data“, “Processing” (and/or “Process“), “Personal Data Breach“, “Union“, “Member State” and “Special Categories of Personal Data” shall have the meanings given in the GDPR and related EU data protection laws.
The terms “Business“, “Business Purpose“, “Consumer“, “Service Provider“, “Third Party” and “Contractor” shall have the same meanings as defined in the (CCPA), as amended.
To the extent that CCPA applies, the term “Controller” shall also mean “Business“, and “Processor” shall also mean “Service Provider“, “Contractor” or “Third Party“, as the context requires.
This Policy was originally written in English. If you are reading a translation and it conflicts with the English version, please note that the English language version prevails.
Roles and Responsibilities
Data Processor: Concerning IONIX core operations, IONIX acts as the Data Processor when delivering services through its Software. In this capacity, IONIX processes Personal Data on behalf of its Customers, following their instructions and as governed by applicable data processing agreements.
Data Controller: In accordance with the Applicable Privacy Laws, IONIX serves as the Data Controller for the processing of Personal Data collected through the Site, as well as through other B2C interactions, including but not limited to account registration, Customer inquiries, subscription services and more.
Our main registered office is:
Derech Menahem Begin 156, Tel-Aviv, Israel 6492108.
To Whom Does This Privacy Policy Apply?
This Privacy Policy applies to Personal Data we collect online and offline and applies in the following situations:
When Does This Privacy Policy Apply?
This Privacy Policy applies to Personal Data about you that we collect, use, or otherwise process regarding your relationship with us as a Visitor of our Site or a User of our Services.
Data You Share with Us Directly
Submitting information to us is optional in certain cases and required in others, depending on the Service you choose to use or access. This category includes one or more of the following data categories:
Data We Collect When You Use Our Services
This category covers the ways we enhance your experience and improve the performance of our Services.
When you access our Site and software or use our Services, we may process information related to your activities, device, and visit. This processing enables us to deliver, maintain, and enhance the Services, analyze usage patterns, develop new features and updates, provide effective support, and ensure the security and integrity of our platforms.
Data we collect from third parties
This category refers to data we may receive from third parties concerning the Services we provide to you.
Cookies
At IONIX, we use cookies and other tracking technologies to enhance user experience and improve our Services through the Site or Software. Cookies are small data files that are transferred to your device via your web browser, allowing our systems to recognize your browser and capture certain information.
Cookies may be collected by us or by third-party vendors, to collect cookies to analyze how you interact with and use our Site and Software. The information collected by these cookies includes your IP address, time of visit, whether you are a return visitor, any referring Site or Software, URL, referrer, device and browser characteristics, and timestamp.
The data collected by these cookies is transmitted to and stored by the third-party vendors and is subject to their respective privacy policies.
We also utilize other tracking technologies, such as flash cookies, embedded scripts, eTags, and web beacons, to collect and store information about your visit. This includes details such as your browser type, operating system, mobile device information, and clickstream data. Cookies are used to facilitate your site usage without requiring you to re-enter your login information, customize and enhance your website experience, monitor website usage, manage the Site, and improve our products and services. These cookies may be session cookies, which expire once you close your browser, or persistent cookies, which remain on your device until deleted. The information collected by these cookies may be used to analyze trends, gather insights into visitor movements, diagnose potential server problems, investigate actual or potential security incidents, and ensure the Site’s proper functionality. Additionally, we may utilize third-party analytics tools to assist us in measuring traffic and usage trends for the service and gaining a better understanding of our users’ demographics.
Managing Your Cookie Preferences
IONIX’s Cookie Collection
We provide several options for you to manage your cookie preferences effectively:
Third-Party Cookie Collection
We work with trusted third-party providers that may place cookies on your device to collect data when you visit our website. These cookies support essential functionality, analytics, and marketing performance.
Below is how some of these third-party tools are used and how you can manage or opt out of them:
If you wish to learn more about how we collect and use cookies, please refer to our Cookie Policy.
How We Use Personal Data (Purposes of Processing)?
Personal Data is used to provide and operate the Site, Services, and Software; monitor, analyze, and improve their usage and functionalities; personalize and enhance our offerings, including surfacing features and promotions from partners; provide customer assistance and technical support; send service announcements, notices, and promotional messages in compliance with Applicable Privacy Laws; enforce our Terms, policies, and contractual arrangements; prevent misuse of the Site, Services, or Software; comply with legal requirements, court orders, or warrants; address legal disputes; understand user needs on an aggregated or individualized basis to develop and improve offerings; communicate with you, including obtaining feedback; and disclose data to third-party vendors, service providers, or contractors performing functions on our behalf, as authorized by you.
The Legal Basis for Personal Data Use
IONIX processes Personal Data in accordance with applicable legal bases, which depend on the specific context and purpose of the processing.
Use of the Site: Personal Data collected in connection with your use of our Site is processed based on your consent, where such consent is required by law.
Use of the Software: When you use our Software, the processing of your Personal Data is governed by the terms of the contract associated with your use of the Software.
B2B Services: For our B2B services, we process Personal Data as part of our engagements with Customers. This processing may rely on legitimate interests, where such interests are applicable and balanced, or other relevant legal bases.
Data Processor Obligations: When providing our Services to Customers, we process Personal Data in our capacity as a Data Processor. This is carried out in accordance with the Data Processing Agreements (DPA(s)) established with the respective Data Controller, as required by Applicable Privacy Laws.
In all cases, IONIX processes your Personal Data only when a valid legal basis exists. The legal basis for processing is determined by the specific purpose for which the data was collected and used.
Sharing Personal Data with Third Parties:
We do not sell, rent, or lease your Personal Data. We may share your Personal Data with service providers and other third parties to the extent necessary to fulfill our Services, but not for marketing purposes. Additionally, to provide, operate, maintain, and improve our Site and Services, and to offer additional products and features, we utilize third-party services. These services include payment processors, feedback features, support tools, operational tools, analytics, statistical tools, and more. The specific categories of these services are as follows:
We recognize that the protection of Personal Data is a fundamental right, and we are committed to respecting the privacy rights of all individuals, regardless of their location. Certain privacy rights apply universally and are upheld by IONIX as a global standard:
To exercise any of these rights, please contact us at: privacy at ionix.io . We are committed to responding to all valid requests in accordance with Applicable Privacy Laws and our internal policies. Note that the implementation of these rights may vary based on your jurisdiction and the nature of your relationship with us.
If you reside in the EEA or the US, please refer below to “Region-Specific Processing of Personal Data” for additional rights specific to your location
We take the protection of both Personal Data and non-personal data seriously and implement a range of industry-standard technologies, processes, and organizational measures to safeguard information against loss, theft, unauthorized access, misuse, or damage. IONIX maintains SOC 2 compliance, reflecting our commitment to best practices in information security management. Data is encrypted in transit and at rest, and access to systems is governed by strict role-based controls. While we take robust measures to secure our Site and Software, no system can be entirely immune from vulnerabilities, unauthorized access, or other forms of misuse. Nevertheless, we continuously monitor our systems, conduct periodic penetration tests and security audits, and implement technical and organizational improvements to enhance our resilience. In the event of a data breach, IONIX will notify affected individuals and relevant supervisory authorities without undue delay, as required under applicable laws. Such notification will include information about the nature of the breach, the categories of data involved, and recommended actions to mitigate potential risks. We are committed to handling such incidents with transparency, urgency, and full regulatory compliance.
Retention Of Your Personal Data
As detailed above, we retain different types of data for varying periods based on legal, operational, and regulatory requirements. Personal Data is retained only for as long as necessary and determined to fulfill the purposes for which it was collected, including supporting our business operations and services. These purposes may include data storage, documentation, cybersecurity management, legal proceedings, and compliance with tax or other regulatory requirements.
Aggregated or anonymized Non-Personal Data may be stored indefinitely, as it no longer identifies any individual and is used for analytical and operational purposes.
As long as you continue using our services, we will retain your information as described in this Policy unless we specify different retention periods, establish alternative terms in a DPA, or are required by law to delete it. If you exercise your right to request deletion under Applicable Privacy Laws, we will delete your data to the extent required, while retaining only what is necessary to comply with legal obligations.
If you exercise your right to request deletion under Applicable Privacy Laws, we will delete your data to the extent required, while retaining only what is necessary to comply with legal obligations.
Transfer Of Your Personal Data
Your information, including Personal Data, may be processed at IONIX’s operating offices and in other locations where the parties involved in the processing are situated. This means your data may be transferred to, and stored on, servers located outside your state, province, country, or other governmental jurisdiction, where data protection laws may differ from those in your jurisdiction.
By consenting to this Privacy Policy and submitting your information, you agree to such data transfers. IONIX takes appropriate steps to ensure that your Personal Data is handled securely and in accordance with this Privacy Policy.
Where required, we rely on safeguards such as the European Commission’s SCCs to lawfully transfer Personal Data across borders and protect it in line with applicable privacy laws.
IONIX’s Region-Specific Processing of Personal Data
Depending on your country of residency, and on the type of your use of our Site (Visitor or a User), Software (User), or Services, certain rights concerning your Personal Data may apply to you.
If you are located in the EEA including the UK, you have certain rights with respect to your Personal Data, including:
Please contact us at:privacy at ionix.io with your detailed request and sufficient information to allow us to verify you and your request, and we will process your verifiable request within the timeframe indicated in the applicable regulation. Note that when handling these requests, we may require additional information from you to verify your identity.
When you ask us to exercise any of your rights under this Policy and the Applicable Privacy Laws, we may need to ask you to provide us with certain credentials to make sure that you are who you claim you are, to avoid phishing and/or disclosure to you of Personal Data related to others. We may redact from the data which we will make available to you, any Personal Data related to others, if applicable.
Transfer of Data Outside of Your Territory
If you are a resident of the EEA (including the UK), your data may be transferred outside the EEA, to third parties who can assist us in our Services. We may process your Personal Data in any country in which we do business. If we transfer the Personal Data of an EU resident outside of the EU, we shall comply with Applicable Privacy Laws in relation to such transfer and according to our commitment under DPA with our Customers.
We are subject to the provisions of the GDPR that protect your Personal Data. We ensure that appropriate measures are in place to maintain a comparable level of security for your Personal Data. Each data transfer outside the EEA will comply with the SCC unless the data is shared with a country that has been deemed to have an adequate level of data protection. In the event of data transfer to the US, we verify whether the third party is registered in the DPF program at: https://www.dataprivacyframework.gov/
In any case, our transfer, storage, and handling of your Personal Data will continue to be governed by this Privacy Policy and according to our commitment under the DPA with the Data Controller.
We recognize the importance of your privacy and are committed to complying with Applicable Privacy Laws across the United States. This section informs US residents, including those in California and other states with privacy laws, of their rights regarding the processing of their Personal Information and how to exercise those rights.
We comply with the Children’s Online Privacy Protection Act (COPPA) and do not knowingly collect personal information from children under 13 without verifiable parental consent.
A Notice for California Residents
We hereby inform Visitors and Users that are California residents, of the following rights (by virtue of the CCPA) with respect to the Processing of your Personal Data:
To learn more about the categories of Personal Data we collect, its sources, purposes, and the service providers we share it with, refer to the relevant sections above.
We do not sell Personal Data for business or commercial purposes, but we may share Personal Information or aggregated information with a third party for a business purpose. When we do so, we enter a contract that describes the purpose and requires the recipient to keep that personal information confidential and not use it for any purpose other than what is described in the agreement.
If you wish to exercise your rights concerning our third party’s disclosure aspects, please refer to the “Exercising Your Rights” section below.
Consumer Rights:
The CCPA grants California consumers specific rights in connection with the Personal Data collected by businesses, as described below:
Under the California Online Privacy Protection Act (CalOPPA), our service does not currently respond to Do Not Track (DNT) signals. However, we recognize and honor Global Privacy Control (GPC) signals, allowing you to indicate your preference to opt out of the sale or sharing of Personal Data. Please note that third-party operators integrated with our service may collect information about your browsing activities. To manage your tracking preferences, you can enable a GPC signal or adjust the settings on your web browser or mobile device to notify websites and apps of your preferences. For detailed instructions on configuring these settings, refer to the help documentation provided by your browser or device.
Exercising Your Rights:
To exercise any of the CCPA rights above, don’t hesitate to contact us via email at We will fulfill your request within 45 days of receiving your request (If we require an extension, we will notify you within the initial 45 days, explaining the reasons and providing an estimated completion date). Some of these rights may be subject to limitations and qualifications, such as where fulfilling the request would conflict with federal, state, or local law, regulatory inquiries, subpoenas, or our ability to defend against legal claims. We will verify your request using your email address and the information associated with your account if you have one.
Note that we cannot respond to your request if we cannot verify your identity and confirm the Personal Data related to you. Making a verifiable consumer request does not require you to create an account with us. If you wish to use an authorized agent to submit a request to opt-out on your behalf, you must provide the authorized agent with written permission signed by you. We may deny a request from an authorized agent if the agent cannot provide us with your signed authorization demonstrating that they have been authorized to act on your behalf.
If you do not wish for our online third-party partners or us (such as advertising networks) to sell or share your Personal Information with others, please click on the “Do Not Sell or Share My Personal Information” link to contact us with questions or to exercise your right to opt-out.
US State-Specific Residents
If you are a resident of any state with privacy laws, including but not limited to Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Florida, Montana, Iowa, Indiana, Tennessee, or Delaware, you are entitled to specific privacy rights regarding your personal information under your state’s respective data privacy laws. These laws grant you rights to access, correct, delete, and obtain your personal data, subject to certain exceptions. Please review the following information to understand your privacy rights and how to exercise them.
Scope of Applicability:
The respective privacy laws apply to natural persons acting in an individual or household context. These laws generally do not extend to individuals acting in a commercial or employment context unless explicitly noted otherwise. If you are a resident of one of these states, you can make requests regarding your Personal Information, and we will honor such requests as required by the law in your state. In cases where we are unable to comply with your request, in whole or in part, we will provide you with an explanation of our reasons.
Consumer Rights Across Applicable States
You may exercise the following rights concerning your Personal Information:
How to Exercise Your Rights
To exercise any of your privacy rights as a resident of Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Florida, Montana, Iowa, Indiana, Tennessee, or Delaware, please contact us at. We will fulfill your request within the timeline prescribed by the Applicable Privacy Laws. Please note the following:
A Notice for Individuals Residing in Israel:
This privacy notice applies to individuals residing in Israel and outlines how IONIX processes personal data in compliance with the Israeli Privacy Laws (as detailed under Applicable Privacy Laws).
Your Rights Regarding Personal Data
To exercise these rights, please contact us at privacy at ionix.io. We will respond to your request as required under Israeli law. To ensure security and privacy, we may require verification of your identity.
IONIX may share personal data with trusted third parties to provide services or comply with legal requirements. If personal data is transferred outside Israel, we ensure that adequate safeguards are in place to protect your data, in accordance with applicable laws.
IONIX is committed to processing and protecting personal data responsibly and in accordance with legal obligations. Robust security measures are implemented to safeguard your data against unauthorized access, misuse, or disclosure
Non-Discrimination Policy
We will not discriminate against you for exercising your privacy rights under Applicable Privacy Laws. For example, we will not deny you services, charge you a different price, or provide a different quality of services for exercising your rights.
If you have any concerns relating to this Policy, please contact us and we will make good-faith efforts to address your concerns. We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from us, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, we will provide you with the contact information for that regulator.
Links To Other Websites
Our Service may contain links to other websites that are not operated by Us. If you click on a third-party link, you will be directed to that third-party’s site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
Contact Us
For further information about this Policy or if you have any concerns relating to the handling of your personal data, please contact us at:privacy at ionix.io
We commit to making good-faith efforts to address your inquiries. If you are not satisfied with the response you receive, you have the option to escalate your concerns to the applicable privacy regulator in your jurisdiction. Upon request, we will provide you with contact information for that regulator.
©2025 IONIX. All rights reserved.