Privacy Policy
Information We Collect
We collect personal data you voluntarily provide: name, work email, job title, company name, and professional background. We also collect technical data automatically: IP address, device fingerprint, browser type, operating system, and session activity logs. For threat monitoring purposes, we may process metadata from security alerts and incident tickets.
Legal Basis for Processing
Processing is based on legitimate interest (security operations), contractual necessity (service delivery), and legal obligations (fraud prevention, regulatory reporting). For EU data subjects, we rely on Article 6(1)(f) GDPR for security-related processing and Article 49 for international transfers under Standard Contractual Clauses.
Data Retention & Deletion
Personal data is retained for the duration of the business relationship plus 90 days post-termination. Security logs are retained for 365 days in immutable storage. Request data deletion via [email protected]. We will confirm erasure within 30 days, subject to overriding legal holds.
Third-Party Sharing
We share data with sub-processors: AWS (cloud hosting), Splunk (SIEM logging), and Cloudflare (CDN/DDoS). All sub-processors are bound by Data Processing Agreements (DPA) consistent with GDPR Article 28. We do not sell personal data. Breach notifications follow 72-hour GDPR Article 33 requirements.
Your Rights
You may access, rectify, or port your data. Object to processing for direct marketing or profiling. Lodge a complaint with your local SA. For UK: ICO; EU: lead authority is UK ICO. Contact DPO at [email protected]. We implement pseudonymization and encryption for all data at rest and in transit.