π― Scope
This Privacy Policy applies to:- Enforster AI website and services
- API services
- Customer support interactions
- Marketing communications
π Information We Collect
Information You Provide
- Account Information: Name, email, company, job title
- Payment Information: Billing details, payment method (processed securely)
- Project Data: Repository information, code snippets
- Communication: Support tickets, feedback, feature requests
- Profile Information: Preferences, settings, usage patterns
Automatically Collected Information
- Usage Data: Feature usage, scan frequency, platform interactions
- Technical Data: IP address, browser type, device information
- Performance Data: Response times, error logs, system metrics
- Security Data: Login attempts, access patterns, threat indicators
Third-Party Sources
- Authentication Providers: GitHub, GitLab, Google, Microsoft, AWS, AZURE, GCP
- Analytics Services: Usage analytics and performance monitoring
- Security Services: Threat intelligence and security monitoring
- Business Partners: Referral and partnership information
π How We Use Your Information
Service Provision
- Account Management: User authentication and access control
- Security Scanning: AI-powered vulnerability detection and analysis
- Feature Delivery: Platform functionality and customization
- Support Services: Customer assistance and technical support
- Communication: Service updates and important notifications
Platform Improvement
- Performance Optimization: System efficiency and reliability
- Feature Development: Product enhancement and new capabilities
- Security Enhancement: Threat detection and prevention
- User Experience: Interface improvements and usability
- Analytics: Usage patterns and service optimization
Business Operations
- Billing and Payments: Subscription management and invoicing
- Customer Success: Account management and relationship building
- Marketing: Product updates and relevant communications
- Compliance: Legal and regulatory requirements
- Security: Fraud prevention and threat detection
π« Information We Donβt Collect
Excluded Data Types
- Source Code: We do not store your complete source code
- Credentials: Passwords, API keys, or authentication tokens
- Personal Files: Documents, images, or personal content
- Sensitive Business Data: Trade secrets or confidential information
- User Communications: Private messages or personal emails
Data Minimization
- Purpose Limitation: Collect only necessary information
- Retention Limits: Store data only as long as required
- Access Controls: Limit access to essential personnel
- Encryption: Protect all sensitive data with encryption
- Anonymization: Remove identifying information when possible
π Data Security
Security Measures
- Encryption: AES-256 encryption for data at rest and in transit
- Access Controls: Role-based access and multi-factor authentication
- Network Security: Firewalls, intrusion detection, and DDoS protection
- Physical Security: Secure data centers with 24/7 monitoring
- Employee Training: Regular security awareness and training
Data Protection
- Vulnerability Scanning: Regular security assessments
- Penetration Testing: Third-party security testing
- Incident Response: 24/7 security monitoring and response
- Backup Security: Encrypted backups with disaster recovery
- Compliance Monitoring: Regular compliance verification
π Data Location and Transfer
Data Storage
- Primary Location: United States (AWS US East)
- Backup Locations: Multiple geographic regions for redundancy
- Data Residency: Options available for specific regions
- Transfer Protocols: Secure data transfer with encryption
- Local Laws: Compliance with applicable data protection laws
International Transfers
- Adequacy Decisions: EU-US Privacy Shield compliance
- Standard Contractual Clauses: GDPR-compliant data transfer
- Binding Corporate Rules: Internal data protection standards
- Local Representatives: EU and UK data protection representatives
- Cross-Border Compliance: International data transfer safeguards
π Data Retention
Retention Periods
- Account Data: Retained while account is active
- Usage Data: Retained for 24 months for service improvement
- Security Data: Retained for 7 years for compliance
- Communication Data: Retained for 3 years for support
- Analytics Data: Retained for 12 months for optimization
Data Deletion
- Account Deletion: Complete data removal within 30 days
- Data Export: Customer data export before deletion
- Backup Cleanup: Secure deletion from all backup systems
- Third-Party Removal: Removal from integrated services
- Verification: Confirmation of complete data removal
π₯ Data Sharing
Service Providers
- Cloud Infrastructure: AWS, Google Cloud, Azure
- Security Services: Threat intelligence and monitoring
- Analytics Services: Usage analytics and performance monitoring
- Support Tools: Customer support and communication platforms
- Payment Processors: Secure payment processing services
Legal Requirements
- Law Enforcement: When required by law or court order
- Regulatory Compliance: Government and industry regulations
- Legal Proceedings: Legal defense and dispute resolution
- Public Safety: Emergency situations and threat prevention
- Fraud Prevention: Security and fraud detection
Business Transfers
- Merger or Acquisition: Business combination or sale
- Asset Sale: Sale of business assets or divisions
- Bankruptcy: Insolvency or financial restructuring
- Successor Entity: Continuation of business operations
- Customer Notification: Advance notice of business changes
π― Your Rights and Choices
Data Access
- View Your Data: Access to your personal information
- Data Portability: Export your data in standard formats
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your personal data
- Restriction: Limit how we use your information
Communication Preferences
- Marketing Emails: Opt-out of promotional communications
- Service Updates: Essential service notifications
- Security Alerts: Important security and privacy updates
- Newsletter: Product updates and industry insights
- Frequency Control: Control communication frequency
Account Settings
- Privacy Controls: Manage your privacy preferences
- Data Sharing: Control third-party data sharing
- Analytics Opt-out: Disable usage analytics collection
- Cookie Preferences: Manage cookie and tracking settings
- Notification Settings: Customize notification preferences
πͺ Cookies and Tracking
Cookie Types
- Essential Cookies: Required for platform functionality
- Performance Cookies: Analytics and performance monitoring
- Functional Cookies: User preferences and customization
- Marketing Cookies: Advertising and marketing optimization
- Third-Party Cookies: Integrated service functionality
Tracking Technologies
- Web Beacons: Email tracking and engagement metrics
- Local Storage: Browser-based data storage
- Session Storage: Temporary session information
- Device Fingerprinting: Device identification and security
- Analytics Tools: Usage analysis and optimization
π§ Childrenβs Privacy
Age Restrictions
- Minimum Age: 18 years or older for account creation
- Parental Consent: Required for users under 18
- Educational Use: Special provisions for educational institutions
- Verification: Age verification for account creation
- Protection: Enhanced protection for minor users
π Policy Updates
Update Process
- Regular Review: Annual policy review and updates
- Customer Notification: Advance notice of significant changes
- Version History: Complete change tracking and documentation
- Effective Date: Clear effective dates for all changes
- Acceptance: Continued use constitutes acceptance of changes
Communication Methods
- Email Notification: Direct email to registered users
- Platform Notice: In-app notifications and alerts
- Website Updates: Updated policy posted on website
- Social Media: Announcements on official channels
- Customer Support: Direct communication for significant changes
π Contact Information
Privacy Team
- Privacy Officer: privacy@enforster.ai
- Legal Team: legal@enforster.ai
- Customer Support: support@enforster.ai
π¨ Privacy Complaints
Response Timeline
- Initial Response: Within 48 hours of receipt
- Investigation: Complete investigation within 30 days
- Resolution: Resolution and communication within 60 days
- Follow-up: Follow-up to ensure satisfaction
- Documentation: Complete complaint documentation
This Privacy Policy is part of our commitment to transparency and data protection. We encourage you to review this policy regularly and contact us with any questions or concerns. For questions about this Privacy Policy, please contact us at privacy@enforster.ai