Privacy Policy
How we handle data across demos, scans, and the assurance platform.
What we collect
- Account data: names, company emails, titles, and roles
- Company data: organization name, industry, and engagement metadata
- Scope data: domains, allowlists/denylists, and consent records
- Scan artifacts: findings, evidence, timestamps, and run metadata
- Operational logs: service health and error telemetry (non-sensitive)
- Abuse prevention signals: IP address and user agent (hashed)
What we do not collect
- No customer passwords or authentication tokens
- No internal system access or privileged credentials
- No PII beyond what you submit in the form
How we use data
- Deliver external assurance reports and evidence artifacts
- Validate scope and consent for authorized assessment
- Enable continuous assurance, drift detection, and verification
- Provide follow-up communication and support
- Prevent abuse and ensure platform integrity
Retention
Demo request data is retained only as long as needed to deliver the report and provide follow-up. Platform artifacts and reports are retained based on customer policy and contractual requirements. You can request deletion at any time.
Sharing
We do not sell or share your data with third parties. We may use service providers (such as email delivery) strictly to fulfill your request.
Security
We use encryption in transit, access controls, and least-privilege practices to protect data. Evidence and artifacts are stored with restricted access and are scoped per customer.
Your rights
You can request deletion or correction of your data. Contact us at privacy@fusionstek.com.