LegalPrivacy Policy
How ThreatCanary approaches personal information, customer data, evidence, telemetry and privacy-aware operation.
Deterministic evidenceScope-aware executionAdaptive capability
What this covers
Privacy Policy: clear expectations for safe operation.
Plain-language policy content for customers, users, partners and researchers.
01Privacy principles
- Collect only the information needed to provide, secure and improve ThreatCanary services.
- Handle customer security data, evidence and telemetry with confidentiality and access controls.
- Minimise sensitive data exposure in reports, logs and evidence wherever practical.
02Information we may process
- Account and contact information provided by customers, partners or website visitors.
- Platform configuration, authorised scope, scan metadata, findings, evidence and workflow records.
- Operational logs, audit records and security events required to run and protect the service.
03How information is used
- To provide the platform, support customers, secure accounts and maintain audit trails.
- To improve discovery, validation, reporting and workflow functionality.
- To communicate about demos, support, service updates, security notices and legitimate business enquiries.
04Control and review
- Customers should use authorised scope and redaction controls to limit unnecessary sensitive data capture.
- Access to customer information should be limited by role, operational need and contractual requirements.
- Formal contractual terms, data processing agreements and applicable law control where they differ from this summary.
