Privacy Policy

At Secure Raven, Inc. (“Secure Raven,” “we,” “us,” or “our”), your privacy is critically important to us. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our security compliance monitoring platform, website, and related services (collectively, the “Service”). By accessing or using the Service, you agree to the practices described in this policy.

1. Information We Collect

We collect information that you provide directly to us when you create an account, configure security agents, or contact our support team. This includes your name, email address, organization name, and role within your organization.

We automatically collect usage data when you interact with the Service, including pages visited, features used, agent configurations, and interaction timestamps. This data helps us understand how you use the platform and improve the experience.

• Personal information (name, email, organization)
• Usage and interaction data (pages, features, timestamps)
• Device information (browser type, operating system, IP address)
• Security scan results and compliance data you choose to store

2. How We Use Your Information

We use the information we collect to provide, maintain, and improve the Service, including running compliance assessments, generating reports, and deploying autonomous security agents on your behalf. Your data powers the core functionality you rely on.

We also use this information to communicate with you about your account, respond to support requests, send important product updates, and notify you of security events. We may use aggregated, anonymized data to improve our AI models and platform capabilities.

• Providing and operating the compliance monitoring platform
• Improving our AI agents and detection capabilities
• Communicating service updates, security alerts, and support responses
• Ensuring platform security and preventing abuse

3. Data Storage & Security

All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. We employ strict access controls, including role-based access, multi-factor authentication, and audit logging for all administrative actions. Our infrastructure is hosted on SOC 2 Type II compliant cloud providers.

We conduct regular vulnerability assessments and annual third-party penetration testing. Our security monitoring agents continuously scan our own infrastructure for misconfigurations and anomalies, applying the same rigor we provide to our customers.

4. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share data with trusted service providers who assist us in operating the Service, such as cloud hosting, analytics, and customer support tools, subject to strict confidentiality agreements.

We may disclose information if required by law, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others. In the event of a merger or acquisition, your data may be transferred as part of the business assets.

5. Your Rights & Choices

You have the right to access, correct, update, or delete your personal information at any time. You can manage most of your data directly through your account settings, or contact us at privacy@secureraven.com for assistance with data access or deletion requests.

You may also request a portable copy of your data in a machine-readable format. If you are located in the European Economic Area, you have additional rights under the GDPR, including the right to restrict processing and the right to object to certain data uses.

• Access and review your personal data
• Correct inaccurate or incomplete information
• Request deletion of your account and associated data
• Export your data in a portable format

6. Cookies & Tracking

We use essential cookies to maintain your session and authenticate your identity. These cookies are strictly necessary for the Service to function and cannot be disabled. We also use analytics cookies to understand usage patterns and improve the platform experience.

You can control non-essential cookies through your browser settings or through the cookie preference center in your account. We honor Do Not Track browser signals and provide a clear mechanism for opting out of analytics tracking.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service to you. Compliance scan results and audit evidence are retained according to the retention schedules defined by the applicable compliance framework (typically 1 to 7 years).

When you request account deletion, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention. Aggregated, anonymized data may be retained indefinitely for analytics purposes.

8. International Data Transfers

Secure Raven is headquartered in the United States, and your data may be processed in the United States or other countries where our service providers operate. When we transfer data internationally, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and other appropriate safeguards.

We ensure that any international data transfers comply with applicable data protection laws, including the GDPR. We evaluate the data protection practices of our sub-processors and require them to maintain equivalent levels of security.

9. Children’s Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete the information and terminate the associated account.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@secureraven.com so we can take appropriate action.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or through a prominent notice in the Service at least 30 days before the changes take effect.

We encourage you to review this page periodically for the latest information on our privacy practices. The “Last updated” date at the top of this policy indicates when it was most recently revised. Continued use of the Service after changes become effective constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:

We will respond to all privacy-related inquiries within 30 days. For EU residents, you also have the right to lodge a complaint with your local data protection authority if you believe your rights have not been adequately addressed.