Privacy Policy

Introduction

This Privacy Policy outlines how ThreatSense ("we", "our", or "us") collects, uses, maintains, and discloses information collected from users (each, a "User") of the application. This privacy policy applies to the application and all products and services offered by us. We are committed to protecting your privacy and handling your data in accordance with the Swiss Federal Act on Data Protection (FADP) and other applicable Swiss data protection laws.

Data Controller

ThreatSense is the data controller for the processing of your personal data. Our registered office is in Switzerland. For any questions regarding data protection, you can contact us at the email address provided at the end of this policy.

Information We Collect

We may collect the following types of information from Users:

• Email Addresses: We collect email addresses when Users register for an account, subscribe to a newsletter, or otherwise provide it to us.
• Stripe IDs: For payment processing, we store Stripe customer IDs. We do not store full credit card details; these are handled directly by Stripe.
• WorkOS IDs: For authentication purposes, we utilize WorkOS and may store WorkOS user identifiers.
• Anonymous Analytics: We use Umami to collect anonymous analytics data to help us understand how our service is used. This data may include page views, session duration, device type, and country of origin. This information is anonymized and cannot be used to personally identify you.

Legal Basis for Processing

We process your personal data based on the following legal grounds under Swiss law:

• Your consent
• Performance of a contract with you
• Compliance with legal obligations
• Our legitimate interests, provided they are not overridden by your interests or fundamental rights

How We Use Your Information

We use the information we collect for the following purposes:

• To Provide and Maintain Our Service: To create and manage user accounts, provide customer support, and ensure the proper functioning of our application.
• To Communicate With You: To send important notices, updates, security alerts, and support messages.
• To Process Payments: To facilitate transactions and manage billing through Stripe.
• To Improve Our Service: Anonymous analytics data helps us understand user behavior, identify areas for improvement, and enhance the overall user experience.

Data Security

We are committed to protecting your data in accordance with Swiss data protection standards. We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Regular security assessments
• Access controls and authentication procedures
• Regular backups and disaster recovery procedures

Data Transfers

Your personal data may be transferred to and processed in countries outside of Switzerland. When we transfer your personal data outside of Switzerland, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the Swiss Federal Data Protection and Information Commissioner (FDPIC)
• Binding corporate rules
• Countries with adequate data protection laws as recognized by the FDPIC

Third-Party Services

We may use third-party services to help us operate our business and the application or administer activities on our behalf. These services include:

• Stripe: For payment processing. Their Privacy Policy can be found on the Stripe website.
• WorkOS: For authentication services. Their Privacy Policy can be found on the WorkOS website.
• Umami: For anonymous analytics. Their Privacy Policy can be found on the Umami website.

Your Rights

Under Swiss data protection law, you have the following rights:

• Right to Information: You have the right to be informed about the collection and use of your personal data.
• Right of Access: You have the right to access the personal information we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information.
• Right to Erasure: You have the right to request that we delete your personal information, subject to certain legal obligations.
• Right to Object: You have the right to object to the processing of your personal data.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

To exercise these rights, please contact us using the information provided below. We will respond to your request within 30 days.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. When we no longer need your personal data, we will securely delete or anonymize it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and, where appropriate, sending you an email notification. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.