About Juniper

Navigation
Juniper ATP Cloud Privacy Policy Supplement

This notice is provided as a supplement to the Juniper Privacy Policy. In order to understand the personal information processing practices relevant for a particular Juniper Product, you should read both the Juniper Privacy Policy and any applicable Juniper Product supplement. Any terms not defined in this Supplement are defined in the Juniper Privacy Policy. In the event of a conflict between the terms of this Supplement and the Juniper Privacy Policy, this Supplement shall control to the extent of the conflict.

This Juniper ATP Cloud Privacy Policy Supplement describes our practices with respect to how personal information is processed by Juniper in connection with the provision of the Juniper ATP Cloud (formerly known as Sky™ Advanced Threat Prevention Service). For information on ATP Cloud, please visit our ATP Cloud Website.

Personal Information Processed

ATP Cloud processes several types of files as set forth below depending in part on a customer’s configuration. Juniper ATP Cloud limits the amount of personal information collected to what is necessary to provide the service and can further limit the type of data collected by configuring the service’s features based on customer preference. To the extent the below files contain personal information, such information may be incidentally processed as part of ATP Cloud’s threat analysis processing.

Executables
ATP Cloud processes executable files which do not ordinarily contain personal information in the form they are analyzed by ATP Cloud. Examples of executables include any file that has headers indicating it is a Windows/DOS executable, a COFF executable, an ELF executable, or the EICAR virus test file, and any file name ending in "bin", "exe", "com", "elf", "prx", "ex", or “ex_” that isn’t clearly some other file type.

Documents
ATP Cloud may process files that do not fall into the above Executables category to determine if the file is malicious. Such files may include documents, spreadsheets, .pdfs, and archives, which may contain personal information.

Metadata
ATP Cloud may process the following metadata of inspected Executables and Documents as part of its threat analysis processing, which may include personal information:

  • Account activity (e.g., number of log-ins, actions taken including but not limited to applications purchased or canceled, and IP address)
  • Client Host
  • Client IP Address
  • File Name
  • Username (if User Firewall is turned on)
  • Vendor or creator
  • Date/Time Submitted
  • URL
  • Device Name

TLS Session Enablement Packets
If a customer enables analysis of Encrypted Traffic, ATP Cloud processes TLS session enablement packets, also known as connection packets, which are exchanged when a session is first created. Packets exchanged after the session is established are not analyzed. The types of information analyzed in these initial packets include IP address of the system that initiated the connection, the destination IP address, and connection metadata like ciphers, hostname requested, and encryption parameters.

Email Data
ATP Cloud may process the following email data (through either SMTP or IMAP) if the customer configures ATP Cloud to quarantine emails:

  • Sender
  • Recipient
  • Subject
  • Message Content
  • Attachments

Purposes of Processing Personal Information

Juniper ATP Cloud analyzes the files, packets, and other information set forth above to generate a threat score used by customers to dynamically protect their network and take corrective or preventative action, where such analysis may include incidental and temporary processing of personal information contained within or related to such files, packets, or other information.

Retention of Personal Information

Any file (which may incidentally contain personal information) processed in connection with the provision of Juniper ATP Cloud will be discarded promptly to the extent it is not necessary for detecting and protecting systems from malware, providing customers with valuable information in understanding threats to their network, and taking corrective or preventative action. Any personal information not discarded promptly will be retained as needed to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements, and customers may in some cases be able to configure retention periods for certain types of files.

Changes to this Supplement

We may update this Supplement from time to time to reflect any changes in our ATP Cloud personal information processing practices.

Other

Your use of the ATP Cloud is subject to the Juniper End User License Agreement (and, if relevant, the related Software Specific License Addendum) and Terms of Use, or to the extent applicable, as otherwise agreed by the parties in writing.


Updated August 2020