This policy describes the data used by the current AdverseMonitor website and platform. It does not claim certifications, fixed deletion schedules, or technical safeguards that are not documented by the current service.
1. Data we collect
Depending on how you use the service, we may process:
- Account data: email address, password hash, authentication credentials, session information, and account status.
- Monitoring configuration: profile names, companies, domains, categories, threat actors, countries, industries, and any destination settings already stored on an account.
- Product activity: searches, alert history, API-key metadata, API usage, audit and activity records, browser/device information, IP address, and timestamps.
- Billing data: plan and subscription identifiers, status, and transaction references. Payment-card details are handled by Stripe rather than stored directly in the application database.
- Contact and support data: information submitted through contact forms or support communications.
- Website analytics: after you choose Allow analytics, the marketing site sends a canonical page path and fixed interaction labels to Google Analytics. Google also receives technical request data such as the IP address and browser headers.
2. How we use data
- Provide authentication, monitoring profiles, dashboard match history, search, APIs, exports, and billing features.
- Apply account, plan, data-window, abuse-prevention, and rate-limit controls.
- Diagnose errors, secure accounts, investigate misuse, and improve product reliability.
- Respond to contact, billing, privacy, and support requests.
- Measure use of the website and product funnel.
- Comply with applicable legal obligations and enforce service terms.
3. Outbound alert delivery
Customer alert delivery to Email, Slack, Teams, browser push and webhooks is currently disabled. New profile matches remain available in the signed-in dashboard. Existing destination settings may remain stored until you remove them, but the service does not use those settings while delivery is disabled.
4. Service providers and disclosures
AdverseMonitor uses service providers to operate the product, including database/authentication infrastructure, hosting, payment processing through Stripe, and website analytics/tag management. Data may be sent to a provider when required to perform that function. We may also disclose data when required by law, to protect the service and users, or as part of a business transaction subject to appropriate safeguards.
5. Data retention
We retain data for as long as reasonably needed to provide and secure the service, maintain required business and financial records, resolve disputes, and meet legal obligations. Different records may have different retention periods. Backups and logs may persist after active records are removed. This policy does not promise a fixed deletion interval.
6. Security
The application implements password hashing, passkey flows, authenticated sessions, server-side authorization checks, user-scoped database queries, API-key hashing, rate limits, and activity logging. No security program eliminates all risk. See the current Security & Assurance page for bounded details and limitations.
7. Cookies and similar technologies
The website and platform use essential browser storage or cookies for authentication, preferences, and security. The marketing site removes URL query parameters and does not load Google Analytics until you choose Allow analytics. Choosing Reject keeps it off. AdverseMonitor’s analytics code uses fixed labels and does not add form values, scan values, result counts, returned categories, error text, or referrer values to event payloads. Blocking essential storage may prevent sign-in or other product features.
8. Your choices and rights
Depending on your location, you may have rights to request access, correction, deletion, restriction, portability, or objection regarding personal data. These rights can be limited by identity verification, legal obligations, security needs, and applicable exceptions. You can remove stored webhook configurations from API Access.
9. International use
The service and its providers may process data in countries other than your own. Applicable transfer mechanisms and protections depend on the relevant provider, location, and law. This page does not claim a specific transfer mechanism for every processing activity.
10. Children
The service is intended for business users and is not directed to children. Do not submit children’s personal data through monitoring criteria or support channels.
11. Changes
We may update this policy as the service changes. The date above identifies the current published version.
12. Contact
For privacy requests or questions, contact support@adversemonitor.com. We may need to verify account ownership before acting on a request.