Privacy Policy

1. Introduction

AdverseMonitor ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our dark web threat intelligence platform and services.

By accessing or using AdverseMonitor, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

We collect several types of information to provide and improve our services:

2.1 Account Information

• Full name and email address
• Organization name and industry
• Account credentials (passwords are encrypted and never stored in plain text)
• Billing and payment information (processed securely through third-party payment processors)

2.2 Alert Configuration Data

• Keywords, domains, and search terms you monitor
• Alert profiles and notification preferences
• Integration settings (Slack, Microsoft Teams, webhook URLs)
• API access tokens and configuration

2.3 Usage and Analytics Data

• Platform usage statistics and feature interactions
• Log data including IP addresses, browser types, and device information
• Alert history and threat viewing patterns
• Performance metrics and error logs

2.4 Communications

• Support ticket content and correspondence
• Feedback and survey responses
• Email communications and preferences

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

• Provide dark web threat monitoring and alert services
• Process and deliver threat intelligence notifications
• Maintain and improve platform functionality
• Enable API access and third-party integrations

3.2 Security and Fraud Prevention

• Protect against unauthorized access and security threats
• Detect and prevent fraudulent activities
• Monitor for abuse and policy violations
• Ensure compliance with legal obligations

3.3 Communication and Support

• Respond to customer inquiries and support requests
• Send service updates and security notifications
• Provide technical assistance and troubleshooting
• Share product updates and new features (with your consent)

3.4 Analytics and Improvement

• Analyze usage patterns to improve our services
• Conduct research and development
• Generate anonymized statistics and insights
• Optimize platform performance and user experience

4. Data Security and Protection

We implement industry-leading security measures to protect your information from unauthorized access, disclosure, alteration, or destruction:

4.1 Technical Safeguards

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
• Access Controls: Role-based access controls (RBAC) and principle of least privilege
• Authentication: Multi-factor authentication (MFA) support and secure password requirements
• Infrastructure: SOC 2 Type II compliant cloud infrastructure with 99.9% uptime SLA

4.2 Operational Safeguards

• Regular security audits and penetration testing
• Employee security training and background checks
• Incident response procedures and breach notification protocols
• Continuous monitoring and threat detection

4.3 Data Isolation

• Customer data is logically isolated using database-level separation
• No cross-customer data sharing or access
• Dedicated encryption keys per customer for Enterprise plans

5. Third-Party Services

We work with trusted third-party service providers to deliver our services. These providers have access only to the information necessary to perform their functions and are contractually obligated to maintain confidentiality.

5.1 Service Categories

• Cloud Infrastructure: Hosting and database services (AWS, Google Cloud)
• Payment Processing: Secure payment transactions (Stripe)
• Email Services: Transactional emails and notifications
• Analytics: Usage analytics and performance monitoring (anonymized data only)

5.2 Data Sharing Limitations

We do not:

• Sell your personal information to third parties
• Share threat intelligence data with other customers
• Use your alert configurations for marketing purposes
• Disclose your data except as required by law or with your explicit consent

6. Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Portability

• Request a copy of your personal data in machine-readable format
• Export your alert configurations and notification history
• Access all information we hold about you

6.2 Correction and Deletion

• Update or correct your account information at any time
• Request deletion of your account and associated data
• Correct inaccurate or incomplete information

6.3 Control and Consent

• Opt out of marketing communications (service emails required for platform operation)
• Manage notification preferences and alert channels
• Withdraw consent for data processing where applicable
• Object to automated decision-making

6.4 Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond to all requests within 30 days.

7. GDPR Compliance

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we comply with the General Data Protection Regulation (GDPR):

7.1 Legal Basis for Processing

• Contract Performance: Processing necessary to provide our services
• Legitimate Interest: Security, fraud prevention, and service improvement
• Consent: Marketing communications and optional features
• Legal Obligation: Compliance with applicable laws and regulations

7.2 International Data Transfers

When transferring data outside the EEA, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for certain jurisdictions
• Additional safeguards and security measures

7.3 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at [email protected].

7.4 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

8. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this policy:

8.1 Retention Periods

• Account Data: Duration of active account plus 90 days after termination
• Alert History: 12 months (24 months for Enterprise plans)
• Billing Records: 7 years for tax and accounting purposes
• Support Communications: 3 years for quality assurance
• Usage Logs: 90 days (anonymized data may be retained longer for analytics)

8.2 Deletion Procedures

Upon account deletion, we permanently remove your data within 30 days, except where retention is required by law. Backups are purged within 90 days.

9. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience and analyze platform usage:

9.1 Cookie Types

• Essential Cookies: Required for platform functionality and security (cannot be disabled)
• Analytics Cookies: Help us understand usage patterns (can be disabled)
• Preference Cookies: Remember your settings and preferences

9.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may impact platform functionality.

10. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes through:

• Email notification to your registered address
• Prominent notice on our platform
• Updated "Last Modified" date at the top of this policy

Your continued use of AdverseMonitor after changes become effective constitutes acceptance of the updated policy.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: