1) Information We Collect
We collect information that you provide directly, information collected automatically when you use our services, and information from third parties (where permitted by law).
Provided by you
- Account & profile data (name, email, credentials, organization, role).
- Content you submit (forms, uploads, messages, feedback, support requests).
- Billing & transaction data (payment method tokens, subscription plans, invoices) processed by our payment partner(s); we do not store full card numbers.
- Consent and preference settings.
Collected automatically
- Usage logs (IP address, device/OS, browser, timestamps, pages, clicks, referring URLs).
- Telemetry for performance and security (error traces, latency, feature flags, rate limiting data).
- Cookie identifiers, session tokens, and analytics events (see Cookies section).
From third parties
- Identity & security providers (SSO, MFA) to authenticate users.
- Payment processors for fraud prevention and receipts.
- Integration partners (e.g., data sources you connect) per your instructions.
AI/Model Inputs. If Raptor Cybersecurity Services offers AI features, content you submit may be sent to model providers and sub‑processors for the purpose of generating outputs, improving safety, and preventing abuse. See our processor list.
2) How We Use Information
- Provide, operate, and secure the services, including account creation and authentication.
- Process transactions, subscriptions, refunds, and billing communications.
- Maintain service integrity: monitor, prevent, and address abuse, security incidents, and fraud.
- Improve and research: debug, analyze trends, develop new features, and optimize performance.
- Comply with legal obligations and enforce terms.
- Communicate with you regarding updates, security alerts, and support.
- Personalize the experience and remember preferences.
3) Legal Bases for Processing (EU/UK GDPR)
- Contract To provide the service you requested.
- Legitimate Interests To secure and improve our services and support business operations balanced against your privacy.
- Consent For optional features like certain analytics, marketing emails, or cookies. You can withdraw consent at any time.
- Legal Obligation To comply with applicable laws and tax/accounting rules.
4) How We Share Information
We do not sell your personal information. We share data only as described below:
- With service providers and sub‑processors who perform services on our behalf (hosting, analytics, payments, email, support, security). These parties are bound by contractual confidentiality and data‑protection obligations.
- With integration partners only when you choose to connect services or import/export data.
- For legal reasons: to comply with law, lawful requests, or protect rights, property, safety.
- During business transfers (e.g., merger, acquisition) with appropriate protections.
Sub‑Processors / Key Vendors (Illustrative)
- Cloud hosting & storage (e.g., AWS, GCP, Azure).
- Payment processing (e.g., Stripe, Square) – tokenized payments only.
- Email/service notifications (e.g., SendGrid, Postmark).
- Analytics/telemetry (e.g., first‑party analytics, privacy‑respecting tools).
- AI model providers (only for AI features you invoke).
"Selling" and "Sharing" (CPRA). We do not sell personal information. We do not share personal information for cross‑context behavioral advertising as defined by California law, unless explicitly stated and consented to.
5) Cookies & Similar Technologies
We use strictly necessary cookies for security and session management, and—if you consent—functional or analytics cookies to understand usage and improve the product.
- Strictly necessary: session tokens, CSRF tokens, authentication state.
- Functional/analytics (optional): performance timing, feature usage events.
You can manage cookie preferences in your browser and via our in‑product consent banner where available.
6) Data Retention
We retain personal information for as long as needed to provide the services, comply with legal obligations, resolve disputes, and enforce agreements. When no longer needed, we take steps to delete or anonymize data.
7) Security
We implement technical and organizational measures designed to protect personal information, including encryption in transit, role‑based access controls, and regular monitoring. No method of transmission or storage is 100% secure, but we continuously improve our safeguards.
8) International Data Transfers
Your information may be processed in countries other than your own. Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) for transfers from the EEA/UK/Switzerland.
9) Your Rights & Choices
Depending on your location, you may have the right to access, correct, delete, restrict, or port your personal information, and to object to certain processing. You also have the right to withdraw consent at any time for processing based on consent.
- EU/UK/Swiss: GDPR rights including access, rectification, erasure, restriction, portability, and objection; lodge a complaint with a supervisory authority.
- California: Rights to know, delete, correct, and opt‑out of sale/sharing; limit use of sensitive personal information.
- Other regions: We honor applicable local laws. Contact us to exercise your rights.
To exercise rights, email privacy@raptorcyber.com. We may need to verify your identity before fulfilling requests.
10) Children’s Privacy
Our services are not directed to children under 13 (or as defined by local law), and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us so we can delete it.
11) Do Not Track & Global Privacy Control
Some browsers offer "Do Not Track" (DNT) or Global Privacy Control (GPC) signals. Where legally required and technically feasible, we make good‑faith efforts to respect these signals for activities that constitute sale/sharing or targeted advertising.
12) Changes to This Policy
We may update this Privacy Policy from time to time. We will update the "Effective" date above and, when appropriate, notify you through the service or by email. Your continued use of the service after changes become effective signifies acceptance.