SECConnect

Privacy Policy

Your privacy and data security are our top priorities

Last updated: March 15, 2024

Data Privacy and Security Protection

1. Information We Collect

SECConnect collects information to provide you with advanced security protection services. The types of information we collect include:

1.1 Personal Information

  • Contact information (name, email address, phone number)
  • Account credentials and authentication data
  • Billing and payment information
  • Communication preferences and settings
  • Profile information and user preferences
  • Customer support interactions and feedback

1.2 Security Monitoring Data

  • Transaction patterns and metadata (not actual transaction details)
  • Communication metadata for threat analysis
  • Device and browser information including user agents
  • IP addresses, geolocation data, and network information
  • Security event logs and threat indicators
  • Behavioral patterns and usage analytics
  • Account access logs and authentication events

1.3 Technical Information

  • Browser type, version, and configuration
  • Operating system and device specifications
  • Screen resolution and display settings
  • Time zone and language preferences
  • Cookies and similar tracking technologies
  • Website interaction data and click patterns

2. How We Use Your Information

We use the collected information for the following purposes:

  • Providing AI-powered security monitoring and threat detection services
  • Sending security alerts, notifications, and risk assessments
  • Improving our security algorithms and threat detection capabilities
  • Customer support, service communications, and technical assistance
  • Billing, account management, and subscription processing
  • Legal compliance, fraud prevention, and regulatory requirements
  • Product development and feature enhancement
  • Security research and threat intelligence gathering
  • Performance optimization and system maintenance

3. Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Contract Performance: To fulfill our service obligations to you
  • Legitimate Interests: For security monitoring and fraud prevention
  • Consent: Where you have provided explicit consent
  • Legal Obligation: To comply with applicable laws and regulations
  • Vital Interests: To protect against immediate security threats

4. Data Protection and Security

We implement industry-leading security measures to protect your information:

  • End-to-end encryption for all data transmission using TLS 1.3
  • Advanced encryption at rest using AES-256 with rotating keys
  • Multi-factor authentication for all administrative access
  • Regular security audits and penetration testing by third parties
  • SOC 2 Type II compliance and annual assessments
  • GDPR, CCPA, and PIPEDA compliance frameworks
  • Zero-trust network architecture and microsegmentation
  • Continuous monitoring and threat detection systems
  • Secure development lifecycle and code review processes
  • Employee security training and background checks

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information only in the following circumstances:

5.1 Service Providers

  • Cloud infrastructure providers (AWS, Google Cloud, Microsoft Azure)
  • Payment processors and billing service providers
  • Customer support and communication platforms
  • Analytics and monitoring service providers
  • Security and fraud prevention services

5.2 Legal Requirements

  • To comply with legal obligations or court orders
  • To protect our rights, property, or safety
  • To investigate fraud or security incidents
  • To respond to government requests or regulatory inquiries

5.3 Business Transfers

In case of business merger, acquisition, or asset sale, your information may be transferred with prior notice and continued protection under this policy.

6. International Data Transfers

Your information may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard contractual clauses approved by regulatory authorities
  • Adequacy decisions by relevant data protection authorities
  • Certification under approved frameworks (Privacy Shield successors)
  • Binding corporate rules for intra-group transfers
  • Explicit consent for specific transfer scenarios

7. Data Retention

We retain your information only as long as necessary to provide our services and comply with legal obligations:

  • Account information: Retained while your account is active plus 3 years
  • Security monitoring data: Retained for up to 5 years for threat analysis
  • Communication records: Retained for up to 7 years for support purposes
  • Billing information: Retained as required by law (typically 7-10 years)
  • Marketing data: Retained until consent is withdrawn
  • Legal hold data: Retained as required for litigation or investigations

8. Your Rights and Choices

You have the following rights regarding your personal information:

8.1 Access and Portability

  • Request a copy of your personal information in a structured format
  • Obtain information about how your data is processed
  • Request transfer of your data to another service provider

8.2 Correction and Updates

  • Request correction of inaccurate or incomplete information
  • Update your profile and preference settings
  • Modify communication and notification preferences

8.3 Deletion and Restriction

  • Request deletion of your personal information (right to be forgotten)
  • Request restriction of processing activities
  • Object to processing based on legitimate interests

8.4 Marketing and Communications

  • Opt-out of marketing communications at any time
  • Manage email subscription preferences
  • Control push notifications and alerts

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information about our cookie practices, please refer to our Cookie Policy.

10. Children's Privacy

SECConnect does not knowingly collect personal information from children under 16 years of age (or 13 in the United States). If we become aware that we have collected such information, we will take steps to delete it promptly and notify parents or guardians as required by law.

11. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected and how it's used
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising privacy rights
  • Right to request specific pieces of personal information

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

  • Posting the updated policy on our website with a new effective date
  • Sending email notifications to registered users
  • Providing in-app notifications for significant changes
  • Posting notices on our website homepage

Your continued use of our services after the effective date constitutes acceptance of the updated Privacy Policy.

13. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@secconnect.com

Phone: +1 (604) 783-9261

Address:
SECConnect Privacy Office
3346 W 2nd Avenue
Vancouver, BC V6R 1J8
Canada