Privacy Policy

ThreatKrew ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our threat modeling platform and related services (collectively, the "Services").

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Services.

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide when using our Services, including:

• Account Information: Name, email address, company name, job title, and authentication credentials
• Profile Information: User preferences, settings, and profile details
• Threat Model Data: Information you input into our platform, including system architectures, security assessments, and threat analyses
• Communication Data: Messages, feedback, and correspondence with our support team
• Payment Information: Billing details and transaction information (processed securely through third-party payment processors)

1.2 Automatically Collected Information

When you access our Services, we may automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, features used, time spent on platform, click patterns
• Performance Data: Error logs, system performance metrics, API response times
• Cookies and Tracking Technologies: Session data, preferences, and analytics information

1.3 Information from Third Parties

We may receive information from third-party services you connect to our platform, including authentication providers, integration partners, and security intelligence sources.

2. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, operate, and maintain our threat modeling platform
• Account Management: To create and manage your account, authenticate users, and provide customer support
• Service Improvement: To analyze usage patterns, improve features, and develop new functionality
• Security: To detect, prevent, and address technical issues, fraud, and security vulnerabilities
• Communication: To send service updates, security alerts, and administrative messages
• Marketing: With your consent, to send promotional materials and product updates (you may opt-out at any time)
• Compliance: To comply with legal obligations and enforce our terms of service
• Analytics: To understand how our Services are used and measure their effectiveness

3. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption: Data encryption in transit (TLS/SSL) and at rest
• Access Controls: Role-based access controls and authentication mechanisms
• Infrastructure Security: Secure cloud infrastructure with regular security audits
• Monitoring: Continuous security monitoring and incident response procedures
• Data Backup: Regular backups and disaster recovery procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

• Essential Cookies: Required for authentication and core platform functionality
• Analytics Cookies: Help us understand usage patterns and improve our Services
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Used for targeted advertising (with your consent)

You can control cookie preferences through your browser settings. Note that disabling certain cookies may limit functionality of our Services.

5. How We Share Your Information

We may share your information in the following circumstances:

• Service Providers: With trusted third-party vendors who assist in operating our Services (e.g., cloud hosting, payment processing, analytics)
• Business Transfers: In connection with mergers, acquisitions, or sale of assets
• Legal Compliance: When required by law, court order, or government regulation
• Protection of Rights: To protect our rights, property, or safety, or that of our users or the public
• With Your Consent: When you explicitly authorize us to share information

We do not sell your personal information to third parties. We require all service providers to maintain confidentiality and use your information only as directed.

6. Data Retention

We retain your information for as long as necessary to provide our Services and fulfill the purposes outlined in this Privacy Policy. When you close your account, we will delete or anonymize your personal information within a reasonable timeframe, unless we are required to retain it for legal, regulatory, or security purposes. Threat model data may be retained in backups for up to [SPECIFY PERIOD] days.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Portability: Request transfer of your data to another service
• Restriction: Request limitation on how we process your information
• Objection: Object to processing of your information for certain purposes
• Withdraw Consent: Withdraw consent for processing based on consent
• Opt-Out: Unsubscribe from marketing communications

To exercise these rights, please contact us at hello@threatkrew.io. We will respond to your request within the timeframe required by applicable law.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from those in your country. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable law.

9. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

10. Third-Party Links and Services

Our Services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information (subject to exceptions)
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your information based on the following legal grounds:

• Contract Performance: To provide Services you've requested
• Legitimate Interests: To improve and secure our Services
• Legal Obligations: To comply with applicable laws
• Consent: Where you have provided explicit consent

You have the right to lodge a complaint with your local data protection authority.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our Services after such changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: