ThreatGhost (“we”, “us”) provides an AI-powered SecOps platform for security teams. This policy explains what personal data we process when you visit our website, request early access, or use our services during a pilot.
1. Data we collect
We may collect the following categories of data:
- Contact details you submit (name, company, phone, message) through our website forms.
- Account and authentication data if you are invited to a pilot (username, role, session identifiers).
- Security telemetry and logs that your organization chooses to send to the platform for analysis (IPs, hostnames, usernames, alert metadata, investigation notes).
- Technical usage data (browser type, pages visited, approximate region, cookies strictly necessary for language preference).
2. How we use your data
We use personal data to:
- Respond to early-access and contact requests.
- Provide, operate, and improve the ThreatGhost SecOps console.
- Correlate alerts, generate investigations, and power AI-assisted analysis requested by your organization.
- Maintain security, prevent abuse, and comply with legal obligations.
3. Legal basis (EEA / UK)
Where GDPR applies, we rely on: (a) performance of a contract or steps prior to entering a contract (pilots and service delivery); (b) legitimate interests in operating and securing our product; (c) consent where required (e.g. optional marketing communications). You may withdraw consent at any time.
4. Security telemetry
Log and alert data processed in ThreatGhost remains under the control of your organization. During pilots, deployments may run on-premises or in your chosen environment. We do not sell security telemetry to third parties.
5. Sharing and processors
We share data only with subprocessors needed to host infrastructure, send transactional email, or support the service under written agreements. We may disclose data if required by law or to protect rights and safety.
6. Retention
Contact form data is retained while your request is active and for a reasonable period thereafter. Pilot and telemetry retention follows your contract or pilot terms. You may request deletion subject to legal and contractual limits.
7. Your rights
Depending on your location, you may have rights to access, rectify, erase, restrict, port, or object to processing, and to lodge a complaint with a supervisory authority. Contact us to exercise these rights.
8. International transfers
If data is transferred outside the EEA, we use appropriate safeguards such as Standard Contractual Clauses where required.
9. Contact
Privacy questions: team@threatghost.com