ScoutSentinel Privacy Policy

Effective Date: 29/01/2025

ScoutSentinel (“we,” “us,” or “our”) is committed to respecting and protecting the privacy of our users. This Privacy Policy explains how we collect, use, share, and safeguard your personal data when you use our website and associated backend API (collectively, the “Services”). By accessing or using the Services, you agree to the terms of this Privacy Policy.

Legal Entity: For the purposes of data protection laws (including the EU General Data Protection Regulation (“GDPR”)), ScoutSentinel is the “data controller.” Currently, ScoutSentinel is not registered as a formal company, and we do not maintain a physical or mailing address. If you need to serve legal notices or official correspondence, please use the contact details below or consider using a virtual mailbox/PO Box.

Contact Email: privacy@scoutsentinel.com

Note: If you are located in certain regions (e.g., EU/EEA), additional rules may require an EU representative. We will provide instructions on how to direct any official correspondence or data subject requests through email.

1. Information We Collect

1.1 Personal Information

We may collect and process the following personal information when you use our Services:

  • Name
  • Email address
  • Phone number
  • Job title
  • Role
  • Subject matter queries or topics of interest

This information is collected during:

  • Account sign-up
  • Form submissions on our website
  • Interactions with our Services, including scheduling updates or setting preferences

1.2 Usage Data

We may also automatically collect certain information about how you access and use our Services. This may include:

  • Your IP address
  • Browser type and version
  • Pages you visit, and the time and date of your visit
  • Other diagnostic and usage data

1.3 Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze usage. These may include:

  • Authentication cookies (to keep you logged in)
  • Google Ads and Google Analytics cookies (for advertising and analytics)
  • Cloudflare Analytics (for performance and security)
  • Cookies from other common advertising providers

Most browsers allow you to refuse or accept cookies. If you choose to disable cookies, some features of our Services may not function properly. For more information, please see our separate Cookie Policy.

2. How We Use Your Information

We use the information we collect for various purposes, including to:

  • Create and manage your account
  • Provide and personalize the Services, including sending custom regulatory and compliance updates based on your selected topics
  • Communicate with you, such as sending notifications, important account or security updates, and administrative messages
  • Send marketing or promotional materials, which you can opt out of at any time
  • Process payments for paid features or subscription plans
  • Analyze usage and improve our Services
  • Comply with legal obligations and protect our rights

2.1 Legal Bases for Processing (GDPR/EEA)

If you are located in the European Economic Area or other regions with data protection laws, we process your personal data under the following legal bases:

  • Performance of a Contract: We process your data as necessary to provide the Services you request (e.g., account setup, delivering updates).
  • Consent: We rely on your consent for certain processing activities, such as sending marketing emails or using non-essential cookies/analytics. You can withdraw consent at any time.
  • Legitimate Interests: We may process your data for our legitimate interests (e.g., to secure and improve our Services), balanced against your data protection rights.

3. Sharing and Disclosure of Your Information

We do not sell or rent your personal data to third parties. We may share your information in the following situations:

  1. AI Providers: We use AI solutions (currently OpenAI and possibly other AI providers) to generate personalized updates and insights. Only the minimum necessary data is shared for generating topic-based responses. If more than one user selects the same combination of queries, they may receive an identical or similar AI-generated response. We do not permit AI providers to use your personal data for model training.
  2. Service Providers: We engage third-party companies to facilitate our Services, perform related services, or assist us in analyzing usage, such as:
    • Stripe for payment processing
    • Brevo for email communications
    • Auth0 for authentication and registration
    • Cloudflare for hosting, caching, and performance
  3. Legal Compliance: We may disclose your data if required by law, subpoena, or to protect the rights, property, or safety of ScoutSentinel, our users, or others.
  4. Business Transfers: If ScoutSentinel undergoes a business transaction such as a merger, acquisition, or asset sale, your data may be transferred as part of that process.

4. Data Retention

We retain your personal data for as long as your account is activeor as needed to provide our Services. We may also retain your data for a reasonable period afterward to comply with legal obligations, resolve disputes, or enforce our agreements. Our general practices are:

  • Logs: Retained for up to 90 days.
  • User Profiles: Retained until you delete your account.
  • Queries: Retained for the life of your account. However,unique query combinations that do not relate to an individual are retained indefinitely if they are common across multiple users.

When you request account deletion, we will remove or anonymize your personal data in accordance with applicable laws. Some data may remain in backup or archival systems of our service providers for a limited time.

4.1 Sub-Processor Retention

Our key sub-processors have their own retention policies which may affect how long your data could remain in backups or logs:

  • Auth0: Authentication logs typically retained for around 30 days (subject to Auth0’s policies).
  • Brevo: Retains subscriber data for as long as you remain subscribed, or until the data is deleted by the account owner. Backups may persist for a limited time as per Brevo’s internal retention policies.
  • Cloudflare: May retain certain logs (e.g., IP addresses) for roughly 24 to 48 hours for performance and security analysis, in accordance with Cloudflare’s data retention policy.
  • Google Analytics: Data retention can be configured (often 14 months by default) and may vary depending on our settings. Aggregated analytics data may be retained indefinitely.

For further details, please review each sub-processor’s privacy policy or terms.

5. Data Security

We take data security seriously and employ various measures to protect your personal information:

  • Encryption in transit (HTTPS) and encryption at rest
  • Multi-factor authentication (MFA) for administrator access
  • Strict access controls so that only authorized personnel can access sensitive data

We utilize Cloudflare for performance, caching, and security services. Cloudflare holds various certifications, including ISO 27001 and SOC 2, and provides GDPR-compliant data transfer mechanisms where applicable. Despite our efforts, no security measures are foolproof, and we cannot guarantee absolute security.

5.1 Data Breach Notification

In the event of a data breach, we will notify affected users via email and, if required by law, relevant supervisory authorities within the legally mandated timeframe (e.g., within 72 hours under GDPR).

6. Your Rights

Depending on where you live, you may have certain rights regarding your personal data, including:

  • Access: The right to request a copy of your personal data.
  • Rectification: The right to request corrections to any inaccurate or incomplete personal data.
  • Erasure: The right to request deletion of your personal data under certain circumstances.
  • Restriction of Processing: The right to request limits on how we process your personal data.
  • Data Portability: The right to request a machine-readable copy of your personal data.
  • Objection: The right to object to processing, including for direct marketing purposes.

To exercise any of these rights, please email us at privacy@scoutsentinel.com. We may request additional information to verify your identity. We will respond within 30 days, or as required by applicable data protection laws.

If you believe we have not adequately addressed your concerns, you may have the right to lodge a complaint with a relevant supervisory authority (e.g., a Data Protection Authority in the EU).

7. Children’s Privacy

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe that a child under 16 has provided us with personal information, please contact us at privacy@scoutsentinel.com so we can delete it. Where local law sets a higher or lower minimum age, we comply with the relevant minimum age requirements.

8. International Data Transfers

ScoutSentinel operates internationally. If you are located in the European Economic Area (EEA) or other regions with data protection laws, please note that your personal data may be transferred to, stored, and processed in countries outside of your own. Where required, we use Standard Contractual Clausesor other approved mechanisms to ensure the lawful transfer of data across borders in compliance with relevant data protection regulations (such as the GDPR).

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. When we do, we will post a notice via a banner on our website to inform users. We encourage you to review this policy periodically. Your continued use of our Services after any modifications signifies your acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your rights, please contact us at:

privacy@scoutsentinel.com

We value your privacy and will do our best to address your concerns.