When you sign in with Microsoft Entra ID, we collect your email address, display name, and organizational information necessary to provide our security dashboard services.
We collect device information, security alerts, compliance status, and incident data from your Microsoft 365, Intune, and Defender environments to calculate security scores and provide threat detection.
We collect anonymized usage data to improve our services, including feature usage patterns, dashboard interactions, and report generation metrics.
Your data is used to calculate real-time security scores, detect threats, identify compliance gaps, and generate actionable recommendations for your organization.
We use AI to analyze security incidents and provide plain-language explanations, business impact assessments, and remediation recommendations. All AI processing follows strict data minimization principles.
Aggregated, anonymized data helps us improve our detection algorithms, enhance user experience, and develop new security features.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Sensitive credentials and tokens are additionally encrypted using envelope encryption.
Your organization's data is logically isolated from other tenants. Each tenant has unique identifiers and access controls preventing cross-tenant data access.
We implement role-based access control (RBAC) with least-privilege principles. All administrative access is logged and audited.
We do not sell, rent, or trade your personal or organizational data to third parties for marketing or advertising purposes.
We work with trusted service providers (cloud infrastructure, AI processing) who are contractually bound to protect your data and use it only as instructed.
We may disclose data when required by law, court order, or to protect our rights, safety, or the security of our users and the public.
Security data and incidents are retained for 90 days by default, with configurable retention periods up to 2 years for compliance purposes.
Upon account termination, your data is securely deleted within 30 days, except where retention is required for legal or compliance reasons.
Backup data is retained for disaster recovery purposes and is automatically purged according to our retention schedule.
You have the right to request a copy of your data in a structured, machine-readable format.
You can request correction of inaccurate data or deletion of your data, subject to legal and contractual obligations.
You can object to certain processing activities or request restriction of processing in specific circumstances.
Our data protection team is here to help. Reach out with any questions or requests.
Contact Us