Legal
Privacy Policy
This Privacy Policy explains how we collect, use, and protect your information when you use our website and services.
Effective date: [01 October 2025]
At Trusteed Inc. ("Trusteed", "we", "our"), your privacy is important to us. This Privacy Policy describes how we collect, use, disclose, and protect information in connection with our websites (trusteed.io), our web application (app.trusteed.io) and related services, documentation and APIs (together, the "Services"). By using the Services, you agree to this Privacy Policy.
1. Who we are and scope
- Controller: Trusteed Inc., 2880 Zanker Road, Suite 203, San Jose, CA, USA. Contact: and .
- Scope: This Policy covers information we process about visitors, account users, and prospective customers when interacting with our websites, the app, support channels, and marketing activities. It does not apply to third‑party websites or services linked from our Services.
2. Information we collect
We collect information in the following categories:
2.1 Information you provide to us
- Account & profile: name, business email, phone number, organization name, job title/role, password (stored in hashed form), authentication and authorization settings.
- Billing: payment card or bank details are processed by our payment processors (e.g., Stripe and/or GoCardless) and are not stored on Trusteed systems. Their processing is governed by their own terms and privacy policies.
- Targets / assets: domains, subdomains, IP addresses, DNS zones, cloud accounts/subscriptions, web applications, APIs and other Target Systems you register for discovery and scanning.
- Support & communications: content of messages, tickets, attachments, survey responses, and call/meeting notes with our teams.
2.2 Information collected automatically
- Usage & log data: IP address, device and browser type, operating system, settings, unique identifiers, pages viewed, referring/exit pages, timestamps, and other usage metrics collected by us or our service providers (e.g., analytics and logging tools).
- Cookies and similar technologies: We use cookies, web beacons and local storage to operate the Services, remember preferences, enhance security, perform analytics and (where applicable) measure campaigns. See Section 10 (Cookies).
2.3 Information generated by the Services
- Scanning and monitoring data: discovery results, configuration and vulnerability findings, evidence collected for compliance automation, and security reports generated as part of the Services. Unless otherwise instructed by you, these reports are stored to make them available to you and to support investigations, triage and remediation.
2.4 Information from third parties
- Partners and vendors: contact and enrichment data from resellers, partners or publicly available sources, consistent with applicable law.
We do not intentionally collect sensitive personal information through the Services and we do not target the Services to consumers.
3. How we use information (purposes and legal bases)
We process information for the following purposes:
- Provide and operate the Services (create accounts, authenticate users, perform discovery and scanning, generate reports, enable evidence collection) — performance of a contract; legitimate interests.
- Customer support and communications (respond to requests, provide notices about changes and security alerts) — performance of a contract; legitimate interests; legal obligations.
- Billing and account management (process payments, subscriptions, renewals, fraud prevention) — performance of a contract; legitimate interests; legal obligations.
- Product improvement and analytics (monitor usage, troubleshoot, develop features, quality assurance) — legitimate interests.
- Marketing (B2B) (send product updates, event invites and offers) — consent where required by law; otherwise legitimate interests. You can opt out at any time (Section 8).
- Security and abuse prevention (detect, prevent, and respond to security incidents and misuse) — legitimate interests; legal obligations.
- Compliance and legal (comply with laws, enforce agreements, protect our rights) — legal obligations; legitimate interests.
4. Sharing and disclosures
We do not sell personal information. We share information in these situations:
- Service providers / processors: cloud hosting (Microsoft Azure), data storage/backups, analytics, logging, email and in‑app communications, customer support tools, and payment processing (e.g., Stripe/GoCardless). These providers process personal information on our behalf under appropriate contracts and confidentiality obligations.
- Advertising, analytics and measurement partners: where you consent (where required by law), we may allow cookies/tags that enable advertising and remarketing and cross‑service measurement (see Section 10). In some jurisdictions (e.g., California), these disclosures may constitute “sharing” for cross‑context behavioral advertising under CPRA.
- Professional advisors and compliance: auditors, lawyers, accountants where necessary.
- Business transfers: in connection with a merger, acquisition or asset sale, subject to this Policy.
- Legal and safety: to comply with law or valid legal process, or to protect rights, property or safety.
Scanning data and reports. We do not disclose your security findings/reports to third parties except (i) to our processors as necessary to provide the Services; (ii) with your instruction or consent (e.g., integrations you enable); or (iii) as required by law.
Platform Data. We may create and use aggregated and anonymized statistics that do not identify any individual or customer (e.g., prevalence of certain weaknesses). We may disclose such statistics publicly.
5. International data transfers
We and our providers may process information in the United States, the European Union, and other countries where we or they operate. Our Services are hosted on Microsoft Azure in data centers located in the United States and European Union regions. When transferring personal data from the EEA/UK to countries without an adequacy decision, we rely on appropriate safeguards such as the EU/UK Standard Contractual Clauses, and implement additional measures where required.
6. Data retention
We retain personal information for as long as your account is active or as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Security reports and evidence generated by the Services are retained for the duration of your subscription unless you delete them or request deletion (subject to legal/contractual requirements). We may retain Platform Data in aggregated/anonymized form.
7. Security
We use administrative, technical and organizational measures designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. No method of transmission or storage is 100% secure; you are responsible for maintaining the confidentiality of your credentials and for appropriate configuration of your environments.
8. Your choices and rights
- Marketing opt‑out: You may unsubscribe from marketing emails at any time via the Unsubscribe link or by contacting . Transactional/service emails will still be sent.
- Account closure & deletion: You may request account closure and deletion of personal information by contacting support or using in‑app controls (where available). We will process requests subject to legal obligations and legitimate business interests.
- EEA/UK data subject rights: Where applicable, you have the right to access, rectify, erase, restrict, object (including to direct marketing), and data portability, and to withdraw consent at any time without affecting lawfulness of prior processing. You may lodge a complaint with your local supervisory authority.
- California (CPRA) rights: California residents have the right to know/access, delete, correct, opt‑out of sale/share, and to non‑discrimination. We do not sell personal information for money. We may share identifiers and internet activity with advertising partners for cross‑context behavioral advertising where you have provided consent or have not opted out. To exercise CPRA rights or to opt out of sharing, use our [Do Not Sell or Share My Personal Information] link or contact . We honor Global Privacy Control (GPC) signals.
9. Children’s privacy
The Services are directed to business users and are not intended for individuals under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete it.
10. Cookies and similar technologies
We use cookies and similar technologies to operate and improve the Services and to personalize and measure marketing. Cookie categories include:
- Essential (strictly necessary): required for login, security, network management and to provide requested features.
- Functional: remember preferences and enhance features.
- Analytics: help us understand usage and performance of our sites and app.
- Advertising / Remarketing: set by us or our partners (e.g., ad platforms and social networks) to build audiences, measure campaigns and show ads that may be more relevant to you across sites and apps.
Your choices
- Consent & preferences (EEA/UK and where required): We obtain consent for non‑essential cookies. You can manage your choices at any time via our Cookie banner or [Manage Cookie Preferences] link in the footer of our websites.
- California (CPRA): You may opt out of “sharing” for cross‑context behavioral advertising via the [Do Not Sell or Share My Personal Information] link. We honor Global Privacy Control (GPC) signals as an opt‑out preference.
- Browser controls: You can block or delete cookies in your browser settings; essential cookies may be required for core functionality and parts of the Services may not work without them.
We may provide a separate Cookie Notice with partner‑specific details (names, purposes, retention) and keep it updated as partners change.
11. Changes to this Policy
We may update this Policy from time to time. We will post the updated version on this page and update the Effective date above. If changes materially affect your rights or how we use personal information, we will provide additional notice (e.g., via email or in‑app notification).
12. Contact us
If you have questions about this Policy or our privacy practices, please contact:
Trusteed Inc.
2880 Zanker Road, Suite 203
San Jose, CA, USA
|