Privacy Policy

1. Introduction

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

Organization name
User email address
User name (optional)
User role (Admin, Auditor, or Owner)

Integration Credentials:

Cloud provider API keys/credentials (encrypted)
SaaS application API tokens (encrypted)
OAuth tokens for third-party integrations

Support Communications:

Email correspondence
Support ticket information
Feedback and survey responses

2.2 Information Collected Automatically

Usage Data:

• Login timestamps
• Pages viewed
• Features used
• Scan history
• API requests

Technical Data:

• IP address
• Browser type and version
• Device information
• Operating system
• Referring URLs

Security Findings Data:

• Cloud/SaaS configuration metadata
• Security misconfigurations detected
• Compliance status
• Vulnerability information

2.3 Information We Do NOT Collect

We do NOT collect:

Passwords (we use passwordless authentication)
Customer application data or business data
End-user personal information from your systems
Payment card information (handled by third-party processor)
Sensitive personal data unless necessary for service delivery

3. How We Use Your Information

3.1 Service Delivery

• Provide and maintain the SecureZona SPM platform
• Authenticate users and manage sessions
• Perform security scans and generate findings
• Generate compliance reports
• Send security alerts and notifications

3.2 Service Improvement

• Analyze usage patterns to improve features
• Develop new features and integrations
• Troubleshoot technical issues
• Optimize performance

3.3 Communication

• Send service-related emails (login links, scan results, alerts)
• Respond to support requests
• Send product updates and announcements (with opt-out option)
• Request feedback

3.4 Security & Compliance

• Detect and prevent fraud and abuse
• Monitor for security threats
• Comply with legal obligations
• Enforce our Terms of Service

3.5 Legal Basis for Processing (GDPR)

Contract Performance: Processing necessary to provide the Service
Legitimate Interests: Service improvement, security, fraud prevention
Consent: Marketing communications (with opt-in)
Legal Obligation: Compliance with laws and regulations

4. How We Share Your Information

4.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Service Providers (Sub-Processors)

We share data with trusted third-party service providers who help us operate the Service:

• Cloud Hosting: Amazon Web Services - Infrastructure hosting
• Email Delivery: Amazon Web Services - Transactional emails
• Analytics: Shodan, Netlas, Censys, NVD - Usage analytics

All service providers are contractually obligated to protect your data and use it only for specified purposes.

4.3 Legal Requirements

We may disclose information if required by law, such as:

• In response to valid legal process (subpoena, court order)
• To protect our rights, property, or safety
• To prevent fraud or security threats
• To comply with regulatory requirements

4.4 Business Transfers

If SecureZona is acquired or merged, your information may be transferred to the new owner. We will notify you before your information is transferred and becomes subject to a different privacy policy.

5. Data Security

Security Measures

• Encryption: AES-256 encryption at rest, TLS 1.3 in transit
• Access Controls: Role-based access control (RBAC)
• Authentication: Passwordless magic link authentication
• Monitoring: 24/7 security monitoring
• Auditing: Comprehensive audit logs
• Incident Response: Dedicated security team

See our Security Page for detailed security practices.

No Absolute Security

While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

Active Accounts

• Account data retained while your account is active
• Security findings retained for compliance and trend analysis
• Usage data retained for service improvement

Inactive Accounts

• Accounts inactive for 12 months may be deactivated
• Data retained for 30 days after deactivation
• You can request reactivation during this period

Deleted Accounts

• Upon account deletion, data is purged within 30 days
• Backup copies deleted within 30 days
• Some data may be retained for legal/compliance purposes

Legal Retention

• Data required for legal, tax, or regulatory purposes retained as required by law
• Audit logs retained for 7 years for compliance

7. Your Privacy Rights

7.1 Rights for All Users

Access: Request a copy of your personal data

Correction: Update or correct inaccurate data

Deletion: Request deletion of your data

Export: Download your data in portable format

Opt-Out: Unsubscribe from marketing emails

7.2 Additional Rights (GDPR - EU Users)

✅ Right to Restriction: Limit how we process your data
✅ Right to Object: Object to processing based on legitimate interests
✅ Right to Portability: Receive data in machine-readable format
✅ Right to Withdraw Consent: Withdraw consent at any time
✅ Right to Lodge Complaint: File complaint with supervisory authority

7.3 Additional Rights (CCPA - California Users)

✅ Right to Know: What personal information we collect and how we use it
✅ Right to Delete: Request deletion of personal information
✅ Right to Opt-Out: Opt-out of sale of personal information (we don't sell data)
✅ Right to Non-Discrimination: No discrimination for exercising privacy rights

How to Exercise Your Rights

• Email: privacy@securezona.com
• In-App: Account Settings → Privacy & Data
• Response Time: Within 30 days

8. Cookies and Tracking

Essential Cookies

Required for the Service to function:

• Session authentication
• Security features
• Load balancing

Analytics Cookies (Optional)

Help us improve the Service:

• Usage analytics (anonymized)
• Performance monitoring
• Feature usage tracking

Cookie Control

• You can disable cookies in your browser settings
• Essential cookies are required for the Service to function
• Analytics cookies can be opted out
• We respect Do Not Track (DNT) browser signals

9. International Data Transfers

Data Location

• Primary data storage: United States (AWS us-east-1)
• Backup storage: United States (AWS)

EU-US Data Transfers

For EU customers, we comply with GDPR requirements for international data transfers:

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements (DPAs)
• Adequate safeguards for data protection

10. Children's Privacy

SecureZona SPM is a business-to-business (B2B) service not intended for children under 16.

We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it immediately.

11. Changes to This Privacy Policy

Updates

• We may update this Privacy Policy from time to time
• Changes effective upon posting to this page
• Material changes will be notified via email
• Continued use of Service constitutes acceptance of changes

Notification

• Email notification for material changes
• In-app notification
• "Last Updated" date at top of policy

12. Contact Us

For privacy questions or to exercise your privacy rights, please contact us:

Privacy Questions or Requests:

Email: privacy@securezona.com
Address: Dubai, UAE
Response Time: Within 30 days

Related Pages

Security Page

Learn about our security practices and data protection measures

Terms of Service

Review our legal agreement for using the SecureZona platform

Table of Contents