PRIVACY POLICY
1. Introduction
We are committed to protecting your privacy and handling your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR").
By using our website or services, you acknowledge the practices described in this Privacy Policy.
2. Data Controller
Data Controller: secdit
Contact: contact@secdit.com
If you have questions regarding this Privacy Policy or how your data is handled, please contact us using the details above.
3. Personal Data We Collect
3.1 Account Information
When you register for an account or interact with our services, we may collect:
- Name
- Email address
- Account credentials (stored securely and encrypted where applicable)
- Company or organization name
- User preferences and settings
3.2 Service Usage Data
When using the ConfigSentry platform, we may process data including:
- Firewall configuration files uploaded for auditing
- Technical metadata relating to audits
- Audit results and reports
- System interface information contained in configuration files
This data is processed solely for the purpose of performing the requested security audit.
3.3 Payment Information
Payments are processed by third-party payment providers such as Stripe. We do not store full payment card information on our systems.
Stripe may process personal data including:
- Name
- Billing address
- Payment card details
- Transaction information
Stripe processes this data according to their own privacy policies.
3.4 Technical and Log Data
When you access our website or services, our systems may automatically collect:
- IP address
- Browser type and version
- Operating system
- Referring URLs
- Access timestamps
- Error logs and security logs
This information helps us operate, secure, and improve our services.
4. Cookies
Our website may use cookies and similar technologies to operate essential site functionality, maintain session state, and improve user experience.
For detailed information about cookies used by our services, please see our Cookie Policy.
5. Legal Basis for Processing (GDPR)
We process personal data under the following lawful bases:
5.1 Contractual Necessity
Processing necessary to provide the services you request, including:
- Account creation and management
- Performing firewall configuration audits
- Delivering reports and audit results
- Customer support
5.2 Legitimate Interests
We may process personal data where necessary for legitimate business interests, including:
- Improving our platform
- Monitoring service performance
- Detecting fraud or misuse
- Securing our infrastructure
5.3 Legal Obligations
We may process personal data where required to comply with legal obligations, such as financial record keeping or responding to lawful requests from authorities.
5.4 Consent
Where required, we may rely on your consent for specific processing activities, such as optional communications.
6. How We Use Personal Data
We use personal data for purposes including:
- Providing and maintaining our services
- Processing and analyzing firewall configuration audits
- Managing user accounts
- Processing payments and transactions
- Responding to customer inquiries and support requests
- Monitoring service security and performance
- Preventing fraud or misuse
- Complying with legal obligations
7. Data Sharing
We do not sell or rent personal data.
We may share personal data with trusted third parties only where necessary to operate our services, including:
- Payment processors (such as Stripe)
- Infrastructure providers and hosting services
- Email and communication providers
- Security and monitoring providers
These providers process data only as necessary to deliver their services and are subject to appropriate data protection obligations.
8. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place in accordance with GDPR requirements, such as:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions issued by the European Commission
9. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this policy, including:
- Maintaining user accounts
- Providing requested services
- Complying with legal and financial obligations
- Resolving disputes and enforcing agreements
Firewall configuration files uploaded for auditing may be retained for operational purposes, audit history, and user access to past reports, unless deletion is requested or retention is no longer necessary.
10. Data Security
We implement appropriate technical and organizational measures to protect personal data from unauthorized access, loss, misuse, or disclosure. These measures may include:
- Encryption of sensitive data
- Secure server infrastructure
- Access controls
- Security monitoring and logging
- Regular security reviews
While we strive to protect personal data, no system can guarantee absolute security.
11. Your Data Protection Rights
Under the GDPR, you have the following rights:
- Right of access — request a copy of your personal data
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your personal data
- Right to restrict processing
- Right to data portability
- Right to object to processing
To exercise these rights, please contact us at: contact@secdit.com. You also have the right to lodge a complaint with your local data protection authority.
12. Third-Party Services
Our services may integrate with third-party platforms or services. These third parties operate under their own privacy policies, and we encourage you to review their policies when interacting with such services.
13. Children's Privacy
Our services are not intended for individuals under the age of 16, and we do not knowingly collect personal data from children.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data processing practices. When changes are made, the updated policy will be published on this page and the effective date may be updated accordingly.