Privacy Policy
Last updated: December 30, 2025
We believe privacy is a fundamental right. This policy explains how we protect yours.
Don't Store
Your files stay on your device. We only receive anonymized threat signatures.
Don't Sell
You're our customer, not our product. Your data is never for sale.
Don't Share
No advertisers. No data brokers. No exceptions.
Contents
Information We Collect
Account Information
When you create an account, we collect your email address, name, and password (encrypted). This is required to provide you with our services and communicate important security alerts.
Device Information
Our security agent collects minimal device information (OS type, version, device identifier) to provide platform-specific protection and manage your device fleet.
Threat Data
When threats are detected, we collect anonymized threat signatures (file hashes, not file contents) to improve our global threat intelligence network. Your actual files never leave your device.
Usage Analytics
We collect basic usage analytics (feature usage, scan frequency) to improve our product. This data is anonymized and cannot be traced back to individual users.
How We Use Your Data
Security Protection
We use your data solely to provide, maintain, and improve our security services. This includes detecting threats, sending alerts, and generating security reports.
Communication
We use your contact information to send critical security alerts (including AI phone calls for high-severity threats), product updates, and account-related notifications.
Product Improvement
Anonymized usage data helps us understand which features are most valuable and where we can improve. We never use your personal data for advertising.
Data Sharing Policy
We Never Sell Your Data
Period. Your data is not for sale. We will never sell, rent, or trade your personal information to third parties for marketing or any other purpose.
Limited Service Providers
We work with a small number of trusted service providers (cloud hosting, payment processing) who are contractually bound to protect your data and use it only for providing their services.
Legal Requirements
We may disclose data if required by law, but we will notify you whenever legally possible and challenge overly broad requests.
Security Measures
Encryption
All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256. Your passwords are hashed using bcrypt with high work factors.
Infrastructure
We use enterprise-grade cloud infrastructure (Google Cloud Platform) with SOC 2 compliance, regular security audits, and 24/7 monitoring.
Access Controls
Employee access to user data is strictly limited on a need-to-know basis. All access is logged and regularly audited.
Your Rights
Access & Portability
You can request a copy of all data we hold about you at any time. We'll provide it in a machine-readable format within 30 days.
Correction
You can update or correct your personal information at any time through your account settings or by contacting us.
Deletion
You can request deletion of your account and associated data at any time. We'll process your request within 30 days, subject to legal retention requirements.
Opt-Out
You can opt out of non-essential communications at any time. Note that critical security alerts cannot be disabled for your protection.
Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by email and/or a prominent notice on our website prior to the change becoming effective.