Please refer to these Current Privacy Policy and Terms for information regarding your use of the SecUnit websites, related services, and communications with you. This Privacy Policy applies to your use of the SecUnit Platform and related services and communications with you (“Services”).

SecUnit Privacy Program

SecUnit maintains a privacy program aligned with global privacy requirements, including the California Consumer Privacy Act (CCPA), Brazil’s data privacy law (“LGPD”), the General Data Protection Regulation (GDPR) and with the EU-U.S., Swiss-U.S. Privacy Shield Principles and Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information about individuals in the European Union, United Kingdom (UK) and Switzerland, processed within the United States.

SecUnit Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

As of July 16, 2020, we no longer rely on the EU-U.S. Privacy Shield to transfer data that originated in the EEA or the UK to the U.S.

Notice

SecUnit provides this Privacy Policy to describe the ways we collect, use, transfer, store, secure and protect Personal Information on our secunit.cloud website and services (Site) and on the SecUnit platform’s product and integrated services (SecUnit Platform). It describes the ways you can exercise your rights to access and control your Personal Information, and the complaint and recourse methods available to you.

Data Integrity and Purpose Limitation

These are the ways we collect, use, and store Personal Information.

The SecUnit Platform Collection and Use

The SecUnit Platform monitors and analyzes security events in your infrastructure on the basis of legitimate interest to fulfill our contractual commitments to you, our customer. The SecUnit Platform acts as a Data Processor to you, our customer, as the Data Controller over your data.

The SecUnit Platform holds two types of Personal Information:

1. Information about SecUnit users.

Information about SecUnit users includes:

End-user login/registration information (business email and password) for SecUnit users as well as metadata about SecUnit usage. Login information is controlled by customers directly as it is entered on their SecUnit instance and they can delete their users’ information at any time.
Job role information which may also be shared and used with SecUnit training and certification programs.
Metadata is used to facilitate product improvements, customer support and license auditing.
We retain basic user contact information to send product updates, relevant marketing, training and events based on the users’ communication preferences.

2. Customer data necessary to answer users’ queries.

Once the SecUnit Platform is connected to a customer’s infrastructure, the SecUnit cache retains data from the customer’s environment that is fetched in response to its Users’ queries. Customer data is encrypted and stored by SecUnit for a maximum of 30 days or until the cache storage limits are reached — whichever occurs first. You can also take additional steps to reduce the amount of time that query results are held in cache.

When you create an account or your organization’s administrator creates an account to use the Platform on your behalf, additional information about your use is created, which may collect and use the following information:

Unique identifier(s) allow us to monitor user experience.
Device information may include the hardware model, operating system and version, unique device identifiers, network information, IP address, and/or Platform version.
Information about all of your interactions with the Platform and training content (“Usage Data”) and how the Platform is performing (“Analytics Data”) both of which are “Service Data”.
License credentials to ensure that usage is in compliance with the customer’s licensing terms. This information includes metadata about users, roles, connections, server settings, features used, API usage, and Platform version.
Information contained in your organization’s infrastructure used with the Platform, to which we have access when we automatically back it up and encrypt it for you.
Logins that use external directory or single sign-on services share with us certain information to authenticate your identity and pre-populate certain forms on the Platform. Note that even if you subsequently stop using the services, we will retain the information you have shared with us, in accordance with this Privacy Policy.

If a SecUnit customer uses the Platform to analyze personal information in their infrastructure, SecUnit will process the categories of personal information analyzed, which may include special categories of data as determined by the customer. SecUnit users should avoid using special or sensitive data categories, PHI, or other protected consumer information as part of query strings, reports, embedded messages or similar.

Retention and Deletion

SecUnit customers create and remain in control of your data and data about your users and user activities and reports. When you remove users from your SecUnit-connected instance, their data will be removed from SecUnit’s databases within 30 days and within 30 days they will no longer remain in SecUnit’s cache.

If you are a SecUnit user and wish to delete a SecUnit user’s account data, please contact your SecUnit Administrator or internal compliance decision-maker for assistance. At the request of our customers, we have a process to permanently anonymize the data by data engineering. SecUnit Administrators may either self-serve or Contact Us to request assistance.

Access

The SecUnit Platform uses a read-only connection for its Users to access the minimum amount of data needed to answer questions and only returns the relevant result set. Alternatively, customers can choose to give SecUnit write-access to their infrastructure to take advantage of persistent derived tables and advanced reporting features.

Additional Use and Retention

SecUnit has a legitimate interest to further process your Personal Information collected by the Platform as follows, depending upon the nature of your SecUnit deployment:

To administer your Platform user accounts.
To enable your access and use of the Platform, and to enable you to communicate, collaborate, and share information with those you designate.
To enable SecUnit to verify the license(s) you’ve contracted with us to use the Platform.
To provide product enablement and licensing, customer service and support.
To enable your access and use of Platform Integration and Application services.
To monitor your user experience on the Platform.
To enable SecUnit to proactively help customers maintain the performance and functionality of deployments of the Platform.
To validate certification and training information. This information is aggregated and anonymized and not used to create a profile about users.

Choice, Control and Access

Accessing, Correcting And Deleting Your Personal Information

Ensuring that Personal Information we hold about you is accurate and complete is important to us. If you would like to request access to, correct or delete your Personal Information, please Contact Us.

Except as listed below, SecUnit will not share Personal Information with third party service providers unless you have consented to the disclosure. Depending on how SecUnit is deployed by the customer, SecUnit may share Personal Information with third-party service providers that need your information to provide the following operational or other support services to SecUnit Platform:

Data management and database hosting.
Integration services and professional services.
Information security, integrity, and identity and authentication services.
Email communications (e.g. operational, marketing, events, training, certifications).
Financial operations (e.g. licensing, billing).
Payments and payment card processing.
Communication services (e.g. enabling collaboration, conferencing or messaging).
Support services (e.g. providing customer service and support).
Cloud services (e.g. functioning of the Platform).

To ensure the confidentiality and security of your Personal Information, we ask service providers that handle Personal Information to sign a Data Protection Addendum and undergo a security and privacy review. These service providers are restricted by contract from using Personal Information in any way other than to provide services for SecUnit, including on your behalf as part of your contract with us. SecUnit is accountable and has liability in cases of onward transfers to third party service providers.

SecUnit does not share the information contained in your organization’s connected infrastructure and used with the SecUnit Platform with the above service providers.

SecUnit may also provide your Personal Information to a third party if:

We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or lawful government request, including in connection with national security or law enforcement requirements.
To enforce our agreements, policies, and Terms of Service.
To protect the security and integrity of the Platform.
To respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing serious bodily injury or death of any person.

SecUnit may also share your Personal Information with our subsidiaries, affiliates, and partners, to facilitate our global operations and in accordance with applicable laws, our Service Agreement, Terms of Service or Contracts with customers or service providers.

We may also provide your Personal Information to a third party in connection with a merger or acquisition of SecUnit, either in part or in whole, or the assignment or other transfer of the Platform. In such event, such third party will either continue to honor the privacy practices described in this Privacy Policy or inform you and get your express affirmative consent to opt-in to the new practices.

You may choose to opt-out of allowing your Personal Information to be shared with certain third-parties. To do so, please Contact Us with your request. We will do our best to respond in a timely manner and grant your request to the extent permitted by law.

International Transfer And Storage Of Information Collected

SecUnit and our subprocessors and vendors primarily store information collected from you within the United States. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which SecUnit or our subprocessors have operations.

We use applicable, approved information transfer mechanisms where required, such as EU Standard Contractual Clauses (SCCs).

Local Hosting

By default, SecUnit hosts instances of the SecUnit Platform in the U.S. region. Customers may request that we host their instance in various other regions, including within the EU, Asia and Latin America, which varies based on each unique customer’s circumstances. Customers can also host their own SecUnit instance on their own servers. Contact your Account Executive for details.

Data Security

SecUnit has a dedicated information security function responsible for security and data compliance across the organization. SecUnit protects the Personal Information it collects via the Platform with reasonable and appropriate physical, electronic, and procedural safeguards.

Any sections of the Platform that collect sensitive Personal Information use industry-standard secure socket layer (TLS/SSL) encryption. The SecUnit platform uses AES 256 bit encryption to secure your connection credentials and cached data stored at rest. Plus, TLS 1.2 is used to encrypt network traffic between users’ browsers and the SecUnit platform.

The SecUnit platform provides numerous product features to assist with data management, setup, and processes to help you meet data security and privacy requirements.

Recourse and Enforcement

You may Contact Us about our practices or to make a complaint and seek recourse according to these methods available to you, and subject to applicable enforcement powers.

As part of our adherence to the EU-U.S. Privacy Shield Principles, SecUnit commits to resolve complaints about our collection or use of your personal information. European Union, UK and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first Contact Us.

If you have an unresolved complaint, SecUnit commits to cooperate with your local EU data protection authority and/or the Swiss Federal Data Protection and Information Commissioner as alternative dispute resolution providers. SecUnit is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). European Union and Swiss individuals have the possibility, under certain conditions, to invoke binding arbitration.

Do Not Track Signals

We do not track visitors across third-party websites and therefore we do not respond to Do Not Track signals in these circumstances.

Links To Third-Party Sites

The Platform may contain links to a number of sites owned and operated by third parties that may offer useful information. The policies and procedures described in this Privacy Policy do not apply to those third-party sites. Please contact those third-party sites for information on their data collection, security, and distribution policies.

Minimum Age

SecUnit is a business service, not a consumer product. The Platform is not directed to, nor intended to be used by, individuals under the age of 16, or the equivalent minimum age in the relevant jurisdiction. SecUnit does not knowingly collect personal information from individuals under the age of 16. If you become aware that an individual under the age of 16 has provided us with personal information, please Contact Us immediately. If we become aware that an individual under the age of 16 has provided us with personal information, we will take steps to delete such information.

Updates to this Privacy Policy

SecUnit may update this Privacy Policy from time to time. When we do update it, for your convenience, we will make the updated Privacy Policy available on this page. Please check this Privacy Policy periodically for changes. If we make any material changes, we will notify you by email (sent to the email address specified in your account) or by means of a notice on this site or Platform.

Contact Us

Data Protection Officer: privacy@secunit.cloud

Glossary

“Affiliates” means SecUnit Inc.’s parent and related entities.
“Analytics Data” means information about how the Services are performing, which is also referred to as Service Data.
“Do Not Track” is a technology and policy proposal that enables users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms.
“SecUnit”, “we” and “us” mean SecUnit Inc.
“SecUnit Users” means individuals designated by the SecUnit customer as a user of the SecUnit software products or Platform.
“SecUnit Customers” means companies that license SecUnit software products or Platform.
“Personal Information” (or, Personal Data) means information that personally identifies and/or locates you as described in the Privacy Policy.
“Platform” means SecUnit’s software products, including the SecUnit Dashboard and related services and deployments.
“Usage Data” means information about all of your interactions with the Platform, which is also referred to as Service Data. Pseudonymized usage data is gathered by the Services about how users are using the SecUnit product and how well it is performing.
“Standard Contractual Clauses (SCCs)”, also known as Model Clauses (MCCs), were developed and updated by the European Commission to provide organizations with a mechanism to comply with data protection requirements when transferring personal data from the EU to third countries or third parties.

Privacy Policy