Privacy Policy

A. Information you provide directly

We may collect personal information that you provide directly to us, including:

• •name;
• •work email address;
• •company name;
• •job title;
• •work phone number, if provided;
• •account registration and login information;
• •communications, requests, support tickets, and feedback; and
• •documents and content you upload to the Service, such as PDFs, spreadsheets, screenshots, reports, narratives, attachments, and other files.

B. Information from connected systems and integrations

If you or your organization connect third-party services to the Service, we may collect information from those services, such as:

• •cloud account metadata;
• •configuration and control information;
• •logs, evidence, and artifacts; and
• •other information made available through the permissions you grant.

C. Information collected automatically

When you visit our website or use the Service, we may automatically collect:

• •IP address;
• •browser type and settings;
• •device and operating system information;
• •pages viewed, clicks, features used, and timestamps;
• •referrer URLs;
• •log and diagnostic data; and
• •cookie, analytics, and similar technology data.

D. Information from third parties

We may receive personal information from:

• •your employer or organization administrators;
• •identity or single sign-on providers; and
• •service providers that help us operate the Service.

We ask customers and users to avoid submitting more personal information than is reasonably necessary for the intended use of the Service.

We may use personal information to:

• (a)provide, operate, host, maintain, and support the Service;
• (b)create and manage accounts, authenticate users, and administer access;
• (c)connect to customer-authorized third-party services and process uploaded documents and other content;
• (d)generate analyses, reports, summaries, narratives, and related outputs requested through the Service;
• (e)respond to inquiries, provide customer support, and communicate about the Service;
• (f)monitor usage, troubleshoot issues, detect bugs, prevent abuse, fraud, and security incidents, and protect the Service;
• (g)improve, develop, and enhance the Service, including through internal analytics, telemetry, and de-identified or aggregated information;
• (h)comply with legal obligations, enforce our agreements, and protect our rights, users, and business;
• (i)send administrative, transactional, security, and service-related communications; and
• (j)send marketing communications where permitted by law. You can opt out of marketing emails at any time using the unsubscribe mechanism in the email or by contacting us.

We do not sell personal information. We do not use Customer Data for third-party advertising or to build advertising profiles about users.

We may disclose personal information to:

• (a)service providers and contractors that help us operate the Service and our business, such as hosting, infrastructure, analytics, authentication, communications, customer support, security, and document-processing providers;
• (b)your organization, account administrators, and authorized users, including where an administrator controls your business account;
• (c)third-party integrations and providers at your direction or as necessary to provide the Service you request;
• (d)professional advisors such as lawyers, auditors, insurers, and accountants;
• (e)regulators, law enforcement, courts, or other third parties when we believe disclosure is required by law, legal process, or necessary to protect rights, safety, or property;
• (f)a buyer, investor, lender, successor, or other participant in a merger, financing, acquisition, reorganization, sale of assets, or similar transaction; or
• (g)others with your consent or at your direction.

We may also disclose information that has been de-identified or aggregated so that it no longer reasonably identifies an individual or a specific customer.

We and our service providers may use cookies, local storage, and similar technologies to operate the website and Service, remember settings, understand usage, and improve performance.

These technologies may include:

• •essential technologies needed for site and Service functionality; and
• •analytics technologies used to understand traffic and product usage.

You can usually control cookies through your browser settings. Blocking certain cookies may cause parts of the website or Service not to function properly.

In many cases, SentrIQ processes personal information contained in Customer Data on behalf of a business customer. In those cases, the business customer determines the purposes for which the information is collected and used, and SentrIQ acts as a service provider, processor, or contractor on that customer's behalf, subject to our agreements with that customer.

If you use the Service through your employer or another organization, your account administrator or organization may:

• •access and manage your account;
• •access, use, export, or disclose Customer Data associated with your organization's account; and
• •restrict, suspend, or terminate your access.

If we receive a privacy request relating to Customer Data that we process on behalf of a business customer, we may refer the requester to the relevant customer or work with that customer to respond.

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Service, maintain business and tax records, resolve disputes, enforce agreements, and comply with legal obligations.

In general:

• •we retain business contact and account information for the duration of the relationship and for a reasonable period afterward;
• •we retain Customer Data and integration data while the applicable customer account is active and for a limited period afterward as needed for export, backup retention, disaster recovery, legal compliance, and dispute resolution; and
• •we retain logs, diagnostics, and analytics data for as long as reasonably necessary for security, performance, and product improvement.

After the applicable retention period, we will delete, de-identify, or render personal information inaccessible within a commercially reasonable time, subject to legal retention requirements and the normal retention of backup copies for a limited period.

We implement and maintain reasonable administrative, technical, and organizational safeguards designed to protect personal information from unauthorized access, loss, misuse, alteration, and disclosure. However, no method of transmission over the internet or method of storage is completely secure, and we cannot guarantee absolute security.

You and your organization are responsible for maintaining the confidentiality of your credentials, using appropriate permissions, and limiting the information submitted to the Service to what is reasonably necessary.

Depending on where you live and subject to applicable law, you may have the right to request:

• •access to certain personal information;
• •correction of inaccurate personal information;
• •deletion of certain personal information;
• •a portable copy of certain personal information;
• •limitation of certain uses of sensitive personal information, where applicable; and
• •appeal of a denial of a privacy-rights request, where applicable.

You may also:

• •opt out of marketing emails at any time; and
• •update certain account information through your account or by contacting us.

To submit a privacy request, contact us at support@sentriq.io. We may need to verify your identity or authority before processing a request. You may also designate an authorized agent where permitted by law.

If your request relates to personal information that we process on behalf of a business customer through the Service, we may direct you to the relevant customer because that customer controls the data and the applicable request process.

We will not discriminate against you for exercising privacy rights provided by law.

The website and Service are intended for business use and are not directed to children. We do not knowingly collect personal information from children under 13 through the website or Service. If you believe a child has provided personal information to us, contact us and we will take appropriate steps to delete it.

The Service is intended for users in the United States. Personal information may be stored and processed in the United States and other locations where our service providers operate. By using the Service, you understand that your information may be transferred to and processed in the United States.

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version on our website and update the "Effective Date" above. Your continued use of the Service after the effective date of the updated Privacy Policy means the updated Privacy Policy applies to your use, to the extent permitted by law.

SentrIQ Labs, Inc.

Privacy email: support@sentriq.io