Legal
Privacy Policy
This Privacy Policy explains how the Customer Delivery Portal processes personal and security-related information in connection with cybersecurity engagement management, vulnerability tracking, and reporting.
Effective date: April 23, 2026
1. Information We Collect
We may collect account information (name, email, role), profile data, authentication data (including MFA status), project and engagement records, vulnerability findings, comments, evidence links, uploaded files, and operational logs necessary to deliver the platform.
2. How We Use Information
We use data to authenticate users, enforce role-based access, operate project workflows, generate reports, provide auditability, secure the platform, and support customer operations.
3. Tenant and Access Isolation
Where multi-tenant mode is enabled, data is logically separated by tenant context. Access is restricted by authentication, tenant context, and role permissions. Users are only permitted to access data they are authorized to view or manage.
4. Security Measures
We implement safeguards including authenticated access, optional MFA, permission checks, and controlled API access. While we apply reasonable security controls, no system can be guaranteed fully secure.
5. Data Sharing
We do not sell personal data. Data is shared only as needed for service delivery, legal compliance, contractual obligations, or authorized project collaboration between stakeholders (for example: admins, managers, partners, customers, and assigned security team members).
6. Data Retention
We retain data for as long as needed to provide services, meet contractual requirements, maintain audit records, and satisfy legal obligations. Retention periods can vary by tenant policy and engagement type.
7. Your Rights and Requests
Depending on your jurisdiction and contract, you may request access, correction, or deletion of relevant personal data through your organization administrator or designated account contact.
8. Policy Changes
We may update this policy to reflect service or legal changes. Updates will be posted on this page with a revised effective date.