Privacy Policy

01 / Information We Collect

We may collect the following categories of information:

• Contact Information: Name, email address, phone number, company name, and job title provided when requesting a demo, accessing our services, or submitting a ransomware analysis request.
• Technical Data: IP address, browser type, operating system, referring URLs, and pages visited — collected automatically via server logs and analytics tools.
• Incident Data: Ransomware notes, encrypted file samples, and related forensic artifacts voluntarily submitted through our analysis portal. This data is treated as strictly confidential.
• Communications: Content of emails, support tickets, or other communications you send to us.
• Payment Information: Billing details processed by our third-party payment processor. We do not store full payment card numbers.

02 / How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve our managed security services and ransomware analysis platform.
• Respond to inquiries, demo requests, and support tickets.
• Deliver ransomware intelligence reports and incident response services.
• Send transactional communications, service updates, and security alerts relevant to your account.
• Comply with legal obligations, including incident reporting requirements under HIPAA, GDPR, and applicable state laws.
• Detect, investigate, and prevent fraudulent or unauthorized activity.
• Conduct internal analytics to improve our platform and services.

We do not sell your personal information to third parties. We do not use submitted incident data for purposes other than delivering the requested analysis service.

03 / Incident & Forensic Data

04 / Sharing & Disclosure

We may share your information with:

• Technology Partners: SentinelOne, CyberArk, Rubrik, Tenable, Recorded Future, and Vanta — solely to deliver contracted services. Each partner is subject to data processing agreements consistent with applicable privacy law.
• Recovery Partners: RansomwareHelp and ReputationUP — where you have engaged those specific services as part of a ThreatGuard AI engagement.
• Legal Requirements: When required by law, court order, or to protect the rights, property, or safety of ThreatGuard AI, our clients, or others.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections.

We do not share personal information with advertising networks or data brokers.

05 / Data Security

We implement industry-standard security measures including:

• AES-256 encryption for data at rest
• TLS 1.3 for all data in transit
• Zero-knowledge architecture for sensitive client environments
• Role-based access controls and mandatory MFA for all internal systems
• Immutable audit logs for all data access events

Our infrastructure leverages the security certifications of our technology partners, including SOC 2 Type II, ISO 27001, and FedRAMP-authorized components. ThreatGuard AI's own SOC 2 Type I audit is in progress via Vanta, with Type II targeted for Q4 2026.

06 / Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request transfer of your data in a machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdrawal of Consent: Withdraw consent at any time where processing is based on consent.

EU/EEA residents have rights under the General Data Protection Regulation (GDPR). California residents have rights under the California Consumer Privacy Act (CCPA). To exercise any of these rights, contact us at privacy@threatguard.ai.

07 / Cookies & Tracking

Our website uses essential cookies required for basic functionality and security. We may use analytics tools (such as Google Analytics) to understand how visitors interact with our site. You may opt out of non-essential cookies by adjusting your browser settings.

We do not use tracking cookies for advertising or remarketing purposes.

08 / Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law:

• Ransomware analysis submissions: 30 days after report delivery (immediate deletion available on request)
• Client account data: Duration of service agreement plus 3 years
• Communications and support records: 2 years
• Financial records: 7 years (legal requirement)

09 / International Transfers

ThreatGuard AI LLC is incorporated in Florida, USA. If you access our services from outside the United States, your information may be transferred to and processed in the United States. We take appropriate safeguards to ensure such transfers comply with applicable data protection laws, including Standard Contractual Clauses for transfers from the EU/EEA.

10 / Children's Privacy

Our services are directed to business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

11 / Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active clients of material changes via email. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of our services after changes constitutes acceptance of the updated policy.