Privacy Policy

Your data security is our top priority

Last Updated: October 4, 2025

Introduction

At ThreatDefender.net, we understand that in the cybersecurity industry, protecting your data isn't just a policy—it's our core mission. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Services.

What This Policy Covers

This Privacy Policy applies to all ThreatDefender.net Services, including:

  • The ThreatDefender.net website and platform
  • Our threat intelligence API
  • All integrations and connected services
  • Customer dashboard and analytics tools

Information We Collect

We collect information only when necessary to provide, improve, and secure our Services. Information is collected in two ways:

Information You Provide

  • Account Information: Email address and password required for account creation. Optionally, you may provide your name, company name, and role.
  • Billing Information: If you subscribe to our services, we collect payment details including name, billing address, credit card information, and business details (such as VAT number or tax ID).
  • Security Data: Information you upload or submit for threat analysis, scanning, or intelligence gathering.
  • Support Inquiries: Information provided when you contact our support team, including correspondence and technical details.
  • Communication Preferences: Your email address when you sign up for launch notifications or newsletters.

Information Collected Automatically

  • Usage Logs: Access logs, API calls, timestamps, IP addresses, and browser information.
  • Security Events: Authentication attempts, security alerts, and threat detection events.
  • Performance Metrics: Service performance data, error logs, and system diagnostics.
  • Device Information: Operating system, browser type, and device identifiers.

How We Use Your Information

We use collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our threat intelligence and security services.
  • Security Protection: To detect, prevent, and respond to security threats, fraud, and malicious activity.
  • Communication: To send service updates, security alerts, and respond to your inquiries.
  • Platform Improvement: To analyze usage patterns and enhance our threat detection capabilities.
  • Compliance: To meet legal obligations and enforce our Terms of Service.
  • Billing: To process payments and maintain accurate financial records.

Data Retention

We retain your information only as long as necessary to fulfill the purposes outlined in this policy:

  • Active Accounts: Information retained while your account is active.
  • Inactive Accounts: Retained for two years. After this period, we send a notification; if still inactive after 30 days, the account is deleted.
  • Security Logs: Retained for up to 90 days for security analysis and compliance purposes.
  • Backups: Kept for up to 7 days. Deleted data may be recoverable from backups during this period.
  • Legal Requirements: Some data may be retained longer if required by law or for legitimate business purposes.

Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following limited circumstances:

  • Service Providers: With trusted third-party processors who assist in operating our services (see Sub-Processors below).
  • Legal Requirements: When required by law, court order, or government request.
  • Security Threats: To protect against security threats, fraud, or illegal activity.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to you.
  • With Your Consent: When you explicitly authorize us to share your information.

Legal Basis for Processing (GDPR)

For users in the European Union, our legal bases for processing personal data include:

  • Contractual Necessity: Processing required to fulfill our service agreement with you.
  • Legitimate Interests: For service improvement, security, fraud prevention, and business operations.
  • Consent: Where you have provided explicit consent, which you may withdraw at any time.
  • Legal Compliance: To comply with applicable laws and regulations.

We adhere to GDPR principles of data minimization and purpose limitation in all our data processing activities.

Security Measures

As a cybersecurity platform, we take data security extremely seriously. We implement industry-leading security measures, including:

  • End-to-end encryption for data in transit and at rest
  • Multi-factor authentication (MFA) for account access
  • Regular security audits and penetration testing
  • Intrusion detection and prevention systems
  • Continuous monitoring of our infrastructure
  • Employee security training and background checks
  • Incident response procedures and breach notification protocols

While no system is 100% secure, we continuously work to maintain the highest security standards and protect your information against unauthorized access, destruction, or malicious activity.

Your Rights

Regardless of your location, we honor GDPR-level rights for all users:

  • Access: Request a copy of your personal data we hold.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data (right to be forgotten).
  • Objection: Object to our use and processing of your data.
  • Restriction: Request limits on how we use and process your data.
  • Portability: Request your data in a structured, machine-readable format.
  • Withdraw Consent: Withdraw previously given consent at any time.

You can exercise most of these rights through your account settings. For assistance, please contact us using the information below.

Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and keep you logged in
  • Remember your preferences and settings
  • Analyze usage patterns and improve our services
  • Detect and prevent security threats

You can control cookie settings through your browser, though disabling certain cookies may limit functionality.

Third-Party Services (Sub-Processors)

ThreatDefender.net uses the following GDPR-compliant service providers:

  • Cloudflare: For hosting, CDN, and security services
  • Microsoft Azure: For cloud infrastructure and email services
  • Stripe: For payment processing (if applicable)
  • Microsoft 365: For business email and collaboration

All sub-processors are carefully vetted and contractually required to protect your data in accordance with applicable privacy laws.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for data transfers to approved countries
  • Appropriate safeguards as required by GDPR and other privacy laws

Children's Privacy

ThreatDefender.net is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

  • Notify you within 72 hours of becoming aware of the breach
  • Provide details about the nature and scope of the breach
  • Explain the steps we are taking to address the breach
  • Advise you on protective measures you can take
  • Notify relevant regulatory authorities as required by law

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

  • Notify you of material changes via email or prominent notice on our website
  • Update the "Last Updated" date at the top of this policy
  • Provide a reasonable notice period before changes take effect

Continued use of our Services after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Complaints and Regulatory Authority

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority:

  • EU Users: Contact your national Data Protection Authority
  • UK Users: Information Commissioner's Office (ICO)
  • Other Jurisdictions: Contact your local privacy regulatory authority