Privacy Policy
Last updated: January 2025
Table of Contents
1. Introduction
ThreatCluster ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our threat intelligence platform.
By accessing or using ThreatCluster, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access our services.
We are compliant with GDPR, CCPA, and other applicable data protection regulations. Your privacy is our priority.
2. Information We Collect
2.1 Information You Provide
- Account registration details (name, email address, organisation)
- Profile information and preferences
- Payment and billing information (processed securely via Stripe)
- Communications with our support team
- Feedback and survey responses
2.2 Information We Collect Automatically
- Log data (IP address, browser type, operating system)
- Usage information (features accessed, search queries, time spent)
- Device information (device type, unique identifiers)
- Cookies and similar tracking technologies
2.3 Information from Third Parties
- Authentication data from Auth0
- Payment processing data from Stripe
- Public threat intelligence data from various sources
3. How We Use Your Information
We use your information for the following purposes:
- Provide and maintain our threat intelligence services
- Process transactions and manage subscriptions
- Send service-related communications and updates
- Improve and personalise your experience
- Analyse usage patterns and optimise performance
- Ensure security and prevent fraud
- Comply with legal obligations
- Respond to support requests and inquiries
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
4. Data Sharing and Disclosure
We may share your information in the following circumstances:
4.1 Service Providers
- Auth0 for authentication services
- Stripe for payment processing
- DigitalOcean for hosting infrastructure
- Analytics providers for usage insights
4.2 Legal Requirements
- To comply with legal obligations or court orders
- To protect our rights, property, or safety
- To investigate potential violations of our terms
- With your explicit consent
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption of data in transit and at rest
- Regular security audits and vulnerability assessments
- Access controls and authentication mechanisms
- Secure development practices and code reviews
- Incident response and breach notification procedures
- Employee security training and confidentiality agreements
While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but commit to using commercially reasonable efforts.
6. Data Retention
We retain your personal information for as long as necessary to:
- Provide our services and maintain your account
- Comply with legal and regulatory requirements
- Resolve disputes and enforce agreements
- Maintain security and prevent fraud
When you delete your account, we will delete or anonymise your personal information within 30 days, except where retention is required by law.
7. Your Rights
Depending on your location, you may have the following rights:
7.1 GDPR Rights (European Users)
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
7.2 CCPA Rights (California Users)
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of the sale of personal information
- Right to non-discrimination
To exercise your rights, please contact us at [email protected]. We will respond to your request within 30 days.
8. Cookies and Tracking
We use cookies and similar technologies to:
- Maintain your session and authentication state
- Remember your preferences and settings
- Analyse usage patterns and improve our services
- Provide security and prevent fraud
8.1 Types of Cookies
- Essential Cookies: Required for basic functionality
- Performance Cookies: Help us understand usage patterns
- Preference Cookies: Remember your settings and choices
You can control cookies through your browser settings. Disabling essential cookies may impact functionality.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:
- Standard contractual clauses approved by regulatory authorities
- Data processing agreements with service providers
- Compliance with Privacy Shield or successor frameworks
- Adequate protection assessments
10. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:
- Posting the updated policy on our website
- Updating the "Last updated" date
- Sending email notifications for significant changes
Continued use of our services after changes indicates acceptance of the updated policy.
11. Contact Information
Data Protection Officer
For privacy-related questions or to exercise your rights, please contact:
Email: [email protected]
Address: ThreatCluster Ltd
United Kingdom
For security vulnerabilities, please contact: [email protected]