We use cookies to improve your experience and analyze site usage. You can customize your preferences or accept all cookies.

Customize
StrictPath Audit

Privacy Policy

Last updated: March 15, 2024

1. Introduction and Scope

StrictPath Audit ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us in any capacity.

This policy applies to all information collected through our website, mobile applications, email communications, and any related services, sales, marketing, or events. By using our services, you consent to the data practices described in this policy.

2. Information We Collect

We collect information to provide and improve our security auditing services. The types of information we collect include:

2.1 Information You Provide Directly

  • Account Information: When you create an account, we collect your name, email address, company name, job title, and password.
  • Contact Information: Name, email address, phone number, mailing address, and company details when you contact us or sign up for our services.
  • Domain Information: Domain names, subdomains, and related technical information you submit for security auditing and monitoring.
  • Payment Information: Billing address, payment method details (processed securely through third-party payment processors), and transaction history.
  • Communication Data: Messages, feedback, support requests, survey responses, and any other communications you send to us.
  • Professional Information: Job title, company size, industry, and other business-related information relevant to our services.

2.2 Information We Collect Automatically

  • Usage Data: Information about how you use our website and services, including pages visited, features used, time spent, and interaction patterns.
  • Technical Data: IP address, browser type and version, operating system, device information, screen resolution, and referring website.
  • Log Data: Server logs that include IP addresses, access times, pages viewed, and other diagnostic data.
  • Cookies and Tracking: Data collected through cookies, web beacons, and similar technologies as described in our Cookie Policy.
  • Performance Data: Information about the performance and functionality of our services, including error reports and usage statistics.

2.3 Information from Third Parties

  • DNS and Certificate Data: Publicly available information about domains, DNS records, SSL certificates, and security configurations.
  • Business Information: Company information from public databases and business directories to enhance our services.
  • Integration Data: Information from third-party services you choose to integrate with our platform.

3. How We Use Your Information

We use the collected information for legitimate business purposes, including:

  • Service Provision: Providing and maintaining our security auditing services, processing domain scans, and generating reports.
  • Account Management: Creating and managing your account, processing payments, and providing customer support.
  • Communication: Sending service-related notifications, security alerts, updates, and responding to your inquiries.
  • Service Improvement: Analyzing usage patterns to improve our website, services, and user experience.
  • Security and Fraud Prevention: Protecting against unauthorized access, fraud, and other security threats.
  • Legal Compliance: Complying with applicable laws, regulations, and legal processes.
  • Marketing: Sending promotional materials and information about new features (with your consent where required).
  • Research and Development: Developing new features and improving our security methodologies.
  • Business Operations: Internal business purposes such as data analysis, audits, and strategic planning.

4. Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Contract Performance: Processing necessary to perform our services and fulfill our contractual obligations.
  • Legitimate Interests: Processing for our legitimate business interests, such as improving services and preventing fraud.
  • Consent: Where you have provided explicit consent for specific processing activities.
  • Legal Obligation: Processing required to comply with legal or regulatory requirements.
  • Vital Interests: Processing necessary to protect someone's life or physical safety.

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

  • Service Providers: With trusted third-party service providers who assist in operating our business, such as hosting providers, payment processors, and analytics services.
  • Business Partners: With partners who provide complementary services, only with your explicit consent.
  • Legal Requirements: When required by law, court order, or government request, or to protect our rights, property, and safety.
  • Business Transfers: In connection with a merger, acquisition, sale of assets, or other business transaction.
  • Consent: With your explicit consent for specific purposes not covered by this policy.
  • Aggregated Data: Anonymized, aggregated data that cannot identify individuals may be shared for research or business purposes.
  • Emergency Situations: To protect the vital interests of individuals or prevent serious harm.

6. Data Security

We implement comprehensive technical and organizational measures to protect your personal information:

  • Encryption: Data is encrypted in transit using TLS and at rest using industry-standard encryption algorithms.
  • Access Controls: Strict access controls ensure only authorized personnel can access personal information.
  • Security Monitoring: Continuous monitoring for security threats and vulnerabilities.
  • Regular Audits: Regular security assessments and penetration testing.
  • Employee Training: Comprehensive training on data protection practices and security procedures.
  • Incident Response: Established procedures for detecting, responding to, and reporting security incidents.
  • Data Minimization: We collect and retain only the information necessary for our stated purposes.
  • Secure Development: Security-by-design principles in all our development processes.

7. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data: Retained for the duration of your account plus 3 years for business records.
  • Domain Audit Data: Retained for the duration of your service subscription plus 2 years for historical analysis.
  • Communication Records: Retained for 5 years for customer service and legal purposes.
  • Financial Records: Retained for 7 years as required by applicable accounting and tax laws.
  • Marketing Data: Retained until you withdraw consent or for 3 years of inactivity.
  • Legal Hold: Data may be retained longer if required for legal proceedings or regulatory investigations.

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request access to your personal information and details about our processing activities.
  • Rectification: Request correction of inaccurate or incomplete information.
  • Erasure: Request deletion of your personal information under certain circumstances.
  • Restriction: Request restriction of processing under certain conditions.
  • Data Portability: Request a copy of your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw Consent: Withdraw consent for processing activities that require consent.
  • Automated Decision-Making: Rights related to automated decision-making and profiling.
  • Complaint: Lodge a complaint with relevant data protection authorities.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

  • Adequacy Decisions: Transfers to countries with adequate data protection as determined by relevant authorities.
  • Standard Contractual Clauses: Use of approved contractual clauses for international transfers.
  • Binding Corporate Rules: Internal policies ensuring consistent data protection standards.
  • Certification Programs: Participation in recognized data protection certification programs.

10. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

11. Third-Party Links and Services

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last updated" date
  • Sending email notifications to registered users for significant changes
  • Providing prominent notice on our website or services

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or need to report a privacy concern, please contact us:

Email: [email protected]

Phone: +1 614-839-0527

Address: 722 S 6th St, Columbus, OH 43206, USA

Data Protection Officer: [email protected]