What categories of personal information does Akeyless collect under the CCPA?

Akeyless collects the following categories of personal information as defined by the CCPA: Identifiers (real name, unique personal identifier, online identifier, IP address, email address), Commercial Information (records of products or services purchased, excluding payment information), Internet or Other Similar Network Activity (browsing history, interactions with website/application/ads), and Geolocation Data (approximate location from IP address). Other categories, such as biometric or sensitive personal information, are not collected. See the CCPA Privacy Notice for details.

How does Akeyless use the personal information it collects?

Akeyless uses personal information to fulfill service requests, provide customer support, monitor and improve services, conduct marketing, analyze service usage, respond to law enforcement, and other uses as detailed in the Privacy Policy. Personal information is not used for materially different or incompatible purposes without prior notice.

Does Akeyless sell or share my personal information?

Akeyless does not sell personal information for payment. For retargeting and analytics, Akeyless may share online identifiers and behavior information with marketing vendors using cookies or tracking technologies, as defined by the CCPA. Opt-out options are available via the Cookie Declaration and website footer.

How can I exercise my rights under the CCPA with Akeyless?

California residents can exercise their CCPA rights by submitting a Data Subject Request (DSR) using the form available on the Akeyless website. Rights include knowing what personal information is collected, deletion, correction, opting out of sharing/selling, limiting use of sensitive information, and data portability. Some actions, like unsubscribing from emails or deleting/correcting account information, can be done directly via account settings or email links.

How long does Akeyless retain personal information?

Akeyless retains personal information as long as necessary for the stated purposes, in accordance with applicable laws, or until an individual opts out. Retention may be extended for legal, regulatory, tax, or accounting requirements, or if litigation is anticipated. Information may be deleted or amended at Akeyless's discretion when no longer needed.

How does Akeyless respond to Do Not Track browser settings?

Akeyless does not respond to Do Not Track browser settings, as there is no commonly accepted response for these signals. For more information, visit www.donottrack.us.

Is Akeyless's platform intended for children under age 16?

No, Akeyless's services are not intended for use by children under age 16, and the company does not knowingly collect or maintain information about anyone under 16. If you believe a child has shared information, contact privacy@akeyless.io.

How can I contact Akeyless regarding privacy or CCPA matters?

You can contact Akeyless by email at privacy@akeyless.io, or by mail at: Akeyless Security Ltd., Zeev Jabotinsky St 7, 33 Floor, Ramat Gan, 5252007, Israel; Akeyless Security Inc., 122 Grand St, New York, NY 10013, United States.

What security and compliance certifications does Akeyless hold?

Akeyless is certified for ISO 27001, FIPS 140-2, CSA STAR, PCI DSS, and SOC 2 Type II. These certifications demonstrate Akeyless's commitment to robust security and regulatory compliance. For more details, visit the Trust Center.

How does Akeyless protect customer data?

Akeyless uses patented encryption technologies to secure data in transit and at rest. The platform enforces Zero Trust Access with granular permissions and Just-in-Time access, minimizing standing privileges and reducing access risks. Audit and reporting tools are provided to track every secret and ensure compliance. For more information, visit the Trust Center.

What are the key features of the Akeyless platform?

Akeyless offers Vaultless Architecture, Universal Identity (solving the Secret Zero Problem), Zero Trust Access, automated credential rotation, centralized secrets management, cloud-native SaaS deployment, and out-of-the-box integrations with AWS IAM, Azure AD, Jenkins, Kubernetes, and more. These features enable secure, scalable, and efficient secrets management across hybrid and multi-cloud environments.

Does Akeyless provide an API?

Yes, Akeyless provides a comprehensive API for its platform. API documentation and guides are available at docs.akeyless.io/docs. API Keys are supported for secure authentication for both human and machine identities.

Where can I find technical documentation for Akeyless?

Akeyless offers extensive technical documentation, including platform overviews, password management, Kubernetes secrets management, AWS integration, PKI-as-a-Service, and more. Access these resources at docs.akeyless.io and tutorials.akeyless.io/docs.

What customer support options are available with Akeyless?

Akeyless provides 24/7 customer support via ticket submission, email, and Slack channel. Proactive assistance, technical documentation, and escalation procedures are also available.

How long does it take to implement Akeyless, and how easy is it to get started?

Akeyless can be deployed in just a few days due to its SaaS-native architecture, requiring no infrastructure management. For specific use cases, such as OpenShift deployment, setup can be completed in less than 2.5 minutes. Self-guided product tours, platform demos, tutorials, and 24/7 support are available to help users get started quickly.

What training and technical support does Akeyless offer for onboarding?

Akeyless provides self-guided product tours, platform demos, tutorials, and comprehensive technical documentation. 24/7 support and Slack channel access are available for troubleshooting and guidance.

Who can benefit from using Akeyless?

Akeyless is designed for IT security professionals, DevOps engineers, compliance officers, and platform engineers across industries such as technology, finance, retail, manufacturing, and cloud infrastructure. Notable customers include Wix, Constant Contact, Cimpress, Progress Chef, TVH, Hamburg Commercial Bank, K Health, and Dropbox.

What business impact can customers expect from using Akeyless?

Customers can expect enhanced security, operational efficiency, cost savings (up to 70% reduction in maintenance and provisioning time), scalability for multi-cloud environments, regulatory compliance, and improved employee productivity. For example, Progress saved 70% of maintenance time, and Constant Contact scaled securely in multi-cloud environments.

Can you share specific case studies or customer success stories?

Yes. Constant Contact scaled in a multi-cloud, multi-team environment. Cimpress transitioned from Hashi Vault to Akeyless for enhanced security and seamless integration. Progress saved 70% of maintenance and provisioning time. Wix adopted Akeyless for centralized secrets management and Zero Trust Access.

How does Akeyless compare to HashiCorp Vault?

Akeyless offers a vaultless, cloud-native SaaS platform, reducing infrastructure complexity and operational costs compared to HashiCorp Vault's self-hosted model. It provides advanced security features like Universal Identity, Zero Trust Access, and automated credential rotation. For a detailed comparison, visit Akeyless vs HashiCorp Vault.

How does Akeyless compare to AWS Secrets Manager?

Akeyless supports hybrid and multi-cloud environments, offers out-of-the-box integrations, and provides advanced features like Universal Identity and Zero Trust Access. It also delivers significant cost savings with a pay-as-you-go model. For more, see Akeyless vs AWS Secrets Manager.

How does Akeyless compare to CyberArk Conjur?

Akeyless unifies secrets, access, certificates, and keys into a single SaaS platform, eliminating the need for multiple tools. It offers advanced security measures, Zero Trust Access, and vaultless architecture for reduced complexity and cost. For more, see Akeyless vs CyberArk.

What feedback have customers shared about the ease of use of Akeyless?

Customers consistently praise Akeyless for its ease of use and seamless integration. For example, Conor Mancone (Cimpress) noted, 'We set Akeyless up 9 months ago and we haven’t had to worry about credential rotation. All of our software that’s running, it just works — we haven’t really had to think about it since then. It’s been a really smooth, really easy process.' Shai Ganny (Wix) said, 'The simplicity of Akeyless has enhanced our operations and given us the confidence to move forward securely.'

When was this page last updated?

This page wast last updated on 12/12/2025 .

CCPA Privacy Notice

Last Modifided: February 9, 2026

This CCPA Privacy Notice (“CCPA Notice”) constitutes an integral part of Akeyless Security Ltd. Privacy Policy. Accordingly, terms used however not defined, shall have the same meaning as defined in Akeyless’s Privacy Policy, or as defined in applies pursuant with the California Consumer Privacy Act of 2018 as amended and revised by the California Privacy Rights Act of 2020 effective January 1, 2023 (collectively “CCPA”). When we refer to “Personal Data” in Akeyless’s Privacy Policy, it is equivalent to “Personal Information” as defined under the CCPA.

If you are California resident that is either a Customer, Authorized Users and Prospect (“Consumers” or “you”) this CCPA Notice applies to your rights and disclosures concerning our processing of Personal Information. It describes how Akeyless Ltd.. and its affiliates (“Akeyless”, “Company”, “we” or “us”) collect, use, disclose and share Personal Information of Consumers.

This CCPA Notice applies to Consumers’ Personal Information, that we collect directly or indirectly through our Services, in connection with providing our Services, or through our marketing and sales activities. This CCPA Notice does not apply to Personal Information made available through Customer Data processed that we process as a “Service Provider”, which is governed by our Data Processing Addendum and other applicable contractual provisions. Personal Information relating to candidates and employees who are California residents is governed by internal company policies, as well as our Candidates Privacy Notice.

PART I: A COMPREHENSIVE DESCRIPTION OF THE INFORMATION PRACTICES:

(A) CATEGORIES OF PERSONAL INFORMATION WE COLLECT AND DISCLOSURE OF PERSONAL INFORMATION FOR BUSINESS PURPOSE

We collect Personal Information which is defined under the CCPA as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device, all as detailed in the table below.

Personal Information further includes Sensitive Personal Information (“SPI”) as detailed in the table below.

Personal Information does not include: publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; De-identified or aggregated consumer information; Information excluded from the CCPA’s scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.

We may disclose your Personal Information to contractors or service providers for a business purpose, as defined under the CCPA (“Business Purpose”). When we disclose Personal Information for a Business Purpose, we enter into a contract that describes the purpose and requires the recipient to keep that Personal Information confidential and not use it for any purpose except performing the contract. We further restrict the contractor and service provider from selling or sharing your Personal Information

Service Providers: For purposes of this CCPA Notice, service providers include, among others, advertising networks, data analytics providers, social media networks, security and fraud prevention providers, payment processors, CRM systems, cloud computing vendors, customer support providers, and marketing service providers.

Within the past twelve (12) months, Akeyless has collected the categories of Personal Information listed below and has shared them for a Business Purpose with the categories of recipients identified in the table below:

Categories of Personal Information	Collected	Categories of third-party recipients to whom we disclose Personal Information for Business Purpose
A. Identifiers.	Yes. For example, real name, unique personal identifier, online identifier, Internet Protocol address and email address.	• Service providers. • Advertisers and Social Networks. • Affiliated Companies. • Legal Authorities.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	Yes. For example: name, telephone number, bank account and other payment information (for B2B).	• Service Providers (Salesforce, CRM, hosting providers, cloud and SaaS providers).
D. Commercial information.	Yes. For example, the purchase of Akeyless’ services, however not the payment information.	• Service providers.
F. Internet or other similar network activity.	Yes. For example: Prospect’s interaction with our website and Authorized Users’ (as defined in the Privacy Policy) interaction with the Services.	• Service providers. • Advertisers and Social Networks. • Affiliated Companies. • Legal Authorities.
G. Geolocation data.	Yes. For example, approximate geolocation derived from IP address.	• Service providers. • Advertisers and Social Networks. • Affiliated Companies. • Legal Authorities.
H. Sensory data.	Yes. For example, audio as part of call recordings with our sales representatives.	• Service providers.

(B) CATEGORIES OF SOURCES OF PERSONAL INFORMATION

Depending on the nature of your interaction with us, we may collect Personal Information as follows:

Information you provide to us directly – for example, when you register and create an account or correspond with us.
Information we receive from third parties – for example, through data enrichment partners or if you access the Services through a third-party connection or log-in, such as your GitHub or Google account. In such cases, third party may share certain information about your use of their service to us.
Information we receive automatically – we will collect your online Identifiers and marketing data including analytics data (or use third-party measurement and marketing tools). For more information about our use of cookies and how to opt out of third-party collection of this information, please see our cookie declaration available here.

We may use the Personal Information described above for the following purposes:

To fulfill the purpose for which you provided the Personal Information (for example, to provide customer support or respond to your inquiries, etc.);
To monitor, maintain, and improve our Services;
To provide, operate, and administer the Services;
To market our Services;
To aanalyze our services and your use of the Services and website;
To evaluate or carry out a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or a similar proceeding;
To respond to law enforcement requests and as otherwise required or permitted by applicable law, or as otherwise detailed in our Privacy Policy.

We will not collect additional categories of Personal Information, or use the Personal Information we collected, for materially different, unrelated, or incompatible purposes without providing you with notice.

(D) SALE OR SHARE OF PERSONAL INFORMATION

We do not “sell” information as most people would commonly understand that term, we do not, and will not, disclose your Personal Information in direct exchange for money or some other form of payment.

For retargeting and analytic purposes, when we promote our Services, we use third-party providers and tracking tools that are able to market our Services online, measure these marketing efforts, identify individuals that are interested in our Services, etc. this is done by placing cookies, pixel or other tracking technology on our website and sharing with these vendors the online identifiers and online behavior information. The CCPA defines these actions as “sharing” or “selling”.

Below we detail the categories of Personal Information that we “sell” or “share” in the preceding twelve (12) months for a Business Purpose:

Category of Personal Information (corresponding with the table above)	Categories of third-party recipients	Purpose of Sale or Share
Category A Category F Category G	Analytics providers, advertising networks, social media networks, media providers, and search platforms.	Targeted advertising, cross-contextual behavioral advertising (“CCBA”), promoting the Services, analytics and security services.

(E) CHILDREN

Our Services are not intended for use by children, and we do not collect or maintain information about anyone under the age of 16. Please contact us at: [email protected] if you have reason to believe that a child has shared any information with us.

(F) DATA RETENTION

We retain Personal Information we collect as long as it remains necessary for the purposes set forth above and in the Privacy Policy.

The retention periods are determined according to the following criteria:

For as long as it remains necessary in order to achieve the purpose for which the Personal Data was initially processed.
For example: if you contact us, we will retain your contact information at least until we will address your inquiry.
To comply with our regulatory obligations.
For example: transactional data will be retained for up to seven years (or even more under certain circumstances) for compliance with our bookkeeping obligations purposes.
To resolve a claim, we might have or a dispute with you, including any legal proceeding between us, until such dispute will be resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods.

Please note that except as required by applicable law, we may at our sole discretion, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.

PART II: EXPLANATION OF YOUR RIGHTS UNDER THE CCPA AND HOW TO EXERCISE THEM

(A) YOUR RIGHTS UNDER THE CCPA

If you are a California resident, you may exercise certain privacy rights relating to your Personal Information. You may exercise these rights free of charge, except as otherwise permitted under applicable law, by completing our DSR Form and contacting us at [email protected]. We may limit our response to your request as permitted under applicable law, as further described herein and in our DSR Form.

California Privacy Right	Details
The right to know what Personal Information the business has collected and the right to access Personal Information.	The right to know what Personal Information the business has collected about the consumer, including the categories of personal information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information, and the specific pieces of Personal Information the business has collected about the consumer.
Deletion Rights	The right to request the deletion of your Personal Information that the business has collected from the consumer, subject to certain exceptions.
Correct Inaccurate Information	The right to request correction of inaccurate Personal Information that a business maintains about a consumer.
Opt-Out of Sharing for Cross-Contextual Behavioral Advertising	You have the right to opt-out of the “sharing” of your Personal Information for “cross-contextual behavioral advertising,” often referred to as “interest-based advertising” or “targeted advertising.”
Opt-out of Sharing for Cross-Contextual Behavioral Advertising or from selling, where applicable.	You have the right to opt-out of the sale or sharing of Personal Information by the business. See below further explanation about your oprtions for opting out.
Limit the Use or Disclosure of SPI	Under certain circumstances, If the business uses or discloses SPI, you have the right to limit the use or disclosure of SPI by the business.
Opt-Out of the Use of Automated Decision Making	In certain circumstances, you have the right to opt-out of the use of automated decision making in relation to your Personal Information.
Non-Discrimination	The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including the right not to be retaliated against for the exercise of your CCPA rights, denying a consumer services, charging different prices or rates for services, providing you a different level or quality of services, etc. We may, however, charge different prices or rates, or provide a different level or quality of services, if that difference is reasonably related to the value provided to us by your Personal Information.
Data Portability	You may request to receive a copy of your Personal Information, including specific pieces of Personal Information, including, where applicable, to obtain a copy of the Personal Information you provided to us in a portable format.

To learn more about your California privacy rights, please visit https://oag.ca.gov/privacy/privacy-laws.

(H) HOW CAN YOU EXERCISE THE RIGHTS?

You may exercise your rights by completing our DSR Form and contacting us at [email protected]. The instructions for submitting, the general description of the process, verification requirements, when applicable, including any information the consumer must provide are all detailed in the form.

Note, certain rights can be done by you independently without without submitting a formal request. For example, depending on your interaction with us:

you can opt-out from receiving emails from us by clicking the “unsubscribe” link or using other opt-out options provided in the marketing communications we send; and
you can access, correct, or delete information available in your account, through your account settings; and

Further, opt-out rights can be executed without filling the form:

Through our website footer: You can opt-out from processing of online identifiers or other marketing data, for analytics or marketing purposes, at any time, by using the cookie settings banner or the “Do Not Sell or Share my Personal Information” button all available through our website footer or as detailed under Akeyless cookie declaration available here.
Through Device-Level Choices: If you do not want to receive interest-based advertisements, you can limit the collection of certain information through your device settings.
Use the Global Privacy Control (“GPC”) signals.
you can opt-out from interest-based advertising, CCBA, by using Self-Regulatory Program for Online Behavioral Advertising such as:
1. Digital Advertising Alliance’s (“DAA”): https://www.aboutads.info/choices and https://www.aboutads.info/appchoices; and
2. The Network Advertising Initiative (“NAI”): https://www.networkadvertising.org/choices.

(I) NOTICE OF FINANCIAL INCENTIVE

We do not offer financial incentives to consumers for providing personal information

(J) AUTHORIZED AGENTS

You can designate an authorized agent to submit requests on your behalf via the methods above. However, we will require written proof of the agent’s permission to do so and verify your identity directly. We will not verify your identity if the agent provides the power of attorney documentation.

(K) CONTACT US:

By Email: [email protected]

By Mail:

Akeyless Security Ltd. To: Zeev Jabotinsky St 7, 33rd Floor, Ramat Gan, 5252007, Israel

Akeyless Security Inc. To: 122 Grand St, New York, NY 10013, United States.

(L) UPDATES:

This CCPA Notice was last updated on February 9, 2026. As required under the CCPA, we will update this CCPA Notice every 12 months. The last revision date will be reflected in the “Last Modified” heading at the top of this CCPA Notice.

PART III: OTHER CALIFORNIA OBLIGATIONS

California Direct Marketing Requests: California Civil Code Section 1798.83 permits you, if you are a California resident, to request certain information regarding disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please complete our DSR form and contact us at [email protected].

Do Not Track Settings: Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the “Do Not Track” settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we do not respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn the Do Not Track setting on, visit: www.donottrack.us.

Download

Frequently Asked Questions

Privacy, Data Collection & CCPA Compliance