Privacy Policy

Introduction

SecGuard ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our phishing simulation and security awareness training platform (the "Service").

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us, including:

• Account information (name, email address, company name, job title)
• Employee data you upload (names, email addresses, departments)
• Payment information (processed by third-party payment processors)
• Communications with our support team
• Feedback and survey responses

1.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Simulation interaction data (email opens, link clicks, credential submissions)
• Training completion data (courses completed, quiz scores, time spent)
• Device and browser information (IP address, browser type, operating system)
• Usage data (features used, pages viewed, time on platform)
• Log data (access times, error logs, performance metrics)

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Generate and deliver phishing simulations
• Track user performance and generate analytics reports
• Process payments and billing
• Send administrative information, updates, and security alerts
• Provide customer support
• Ensure platform security and prevent fraud
• Comply with legal obligations
• Develop new features and improve existing ones

3. Data Sharing and Disclosure

3.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

3.2 Limited Sharing

We may share information only in the following circumstances:

• Service Providers: With trusted third-party vendors who perform services on our behalf (cloud hosting, payment processing, email delivery)
• Legal Requirements: When required by law, subpoena, or legal process
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Protection: To protect the rights, property, or safety of SecGuard, our users, or others
• With Consent: When you explicitly authorize us to share information

4. Data Security

We implement industry-standard security measures to protect your information:

• AES-256 encryption at rest
• TLS 1.3 encryption in transit
• Role-based access controls (RBAC)
• Multi-factor authentication
• Regular security audits and penetration testing
• SOC 2 Type II certified infrastructure
• Encrypted database backups
• 24/7 security monitoring

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services. When you delete your account, we will delete or anonymize your data within 30 days, except where we are required to retain information for legal or compliance purposes.

6. Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Portability: Receive your data in a machine-readable format
• Restriction: Request limitation of processing
• Object: Object to certain processing activities
• Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@secguard.app

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission for transfers outside the EEA.

8. Cookies and Tracking

We use cookies and similar technologies for:

• Authentication and session management
• Preferences and settings
• Analytics and performance monitoring
• Security and fraud prevention

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features.

9. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies before providing any information.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through a notice on our platform. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us: