Seraph Secure
Buy one, gift one free!
Find out how

Privacy Policy (Beta)

This page applies to the Premium subscription service offered as part of the beta testing programme for Seraph Secure.

 

If you are not a beta program participant, this policy does not apply to you, and you should instead refer to the other policies available on our privacy policies page.

Introduction

This privacy policy (“Policy”) describes the data practices of Seraph Secure Inc. (“Company”), covering its Premium protection products (known as the "Services"). This Policy will explain what information we collect online, why we collect it, and the choices we offer to you.

By using the Services, you are consenting to this Policy and the processing of your data in the manner provided in this Policy. This Privacy Policy was last updated on November 21, 2024.

Information We Collect

We may collect information about the Services you use and how you use them, such as data regarding your usage of the Services and activity in the Services. We collect PII, DII, and log information about your interactions as described below.

Personally Identifiable Information (PII)

PII is information that can be used to identify or contact you online or offline, such as your name, address, email, phone number, photos or audio data, and payment information, or data that is linked to such identifiers. If you create an account with us, make a purchase, sign up for updates and mailing lists, complete and submit responses to our surveys, connect with us on social media, attempt to contact us, or request information about our Services, we collect information about you, including:

  • Account Data: If you create an account with us, we collect PII such as your name, mailing address, email address, phone number, and user credentials (login name and password).
  • Communications: If you contact us directly, we collect personal data about you, including identifiers, such as your name, email address, phone number, the contents of any message or attachments that you may send to us, and any other information you choose to provide. We may retain and review audio, electronic, visual, or similar information, such as audio call and chat recordings and/or the contents of the messages as required/permitted by law and our recording and information management practices. We will also collect identifiers from you, such as your email address and phone number, when you sign up to receive product updates, offers, and other promotional information or messages from us. When we send you emails, we may track whether you open them to learn how to deliver a better customer experience and improve our Services.
  • Web browsing data: In order to provide our Premium threat detection service, and to collect diagnostic information to support development as part of the Beta program, we collect data about the websites you visit, in order to analyze them for signals of fraud. This information includes URLs of visited websites, including query strings and metadata such as page titles. We may also store the contents of pages found at those URLs, including text, images, and other media. We may also collect information about search terms, where a search engine is used to attempt to navigate to a website which is potentially malicious.
  • Device activity: As part of our Premium service offering, our software will analyze aspects of your device activity, such as the applications you run, the files you access, and the network connections you make. This data is processed locally on your device and is not ordinarily transmitted to our servers, except where necessary to provide the service, such as when a threat is detected. To support the Beta program, we may on occasion transmit and store this data where it is necessary to diagnose and resolve issues with the software, and it will be treated with the same level of care as any other PII.
  • Diagnostic reports: When submitting feedback or a bug report, you will have the option to include diagnostic information about your device and the software. This may include system log files, the contents of which could potentially include device and/or personally identifiable information. Should we receive this data, we will treat it with the same level of care as any other PII, and it will be used only for the purposes of diagnosing and resolving the issue you have reported.

Log Data

For the purposes of maintaining system security and reliability, we keep logs of requests flowing into our system. This can mean that for a short time, your IP address may be recorded alongside, for example, a request to scan a website you recently visited. These logs are short-lived, and once expired, there is no enduring association between your personal or device identifiers and the websites you visit, unless such identifiers happen to be present in the URLs themselves, where they may occasionally be stored as part of our database of malicious websites. For participants in our beta program, additional metadata may be stored alongside your IP address and user account information for a short time, including web page titles. We will never share complete URLs, where they may potentially include embedded PII or DII, with third parties. For efficiency’s sake, information about your interactions may be transmitted to our servers while you are not using the Services.

Device Identifiable Information (DII)

We may also collect DII to facilitate installation and use of our Services, including your device operating system, device name, device statistics, browser, web pages visited, web page metadata (such as page title), network, applications running on the device, cookies, unique device and advertising identifiers, statistical identifiers, usernames, and similar identifiers that are linkable to a browser or device. This data can also include internal identifiers such as serial numbers, account generated unique ID, mobile device IDs, Wi-fi networks, MAC addresses, IP addresses, install identifiers, etc. We may also receive and collect other information, such as user agent, timestamps, city-level geolocation, sensor data, apps, fonts, battery life information, and screen size.

We may have collected the following information from you within the past 12 months:

Category Examples
Identifiers Data collected as part of support requests or other communication, including name, email address, IP address, online identifier, device identifiers, social media username, phone number, billing address, or other similar data
Geolocation Data This will be coarse geolocation data (limited to your current city), based on your IP address, in order to efficiently deliver the software and any updates.
Web browsing data Search terms (where a threat is suspected), and URLs visited, including path and query string, and approximate date/time of visit.
Device activity Processes run, files accessed or network connections created, where these have been identified as potentially dangerous.

Withdrawal of Consent

If you provided us with consent to process your PII at any time, please note that you may withdraw such consent at any time, for any reason or no reason, by emailing us at privacy@seraphsecure.com. You acknowledge that the withdrawal of consent may affect our ability to provide the Services.

If you are a resident of the EEA, the United Kingdom, or Switzerland and wish to access, correct, object to, opt out of the sharing of, obtain a copy of, or delete your Personal Information, or otherwise wish to contact us regarding your Personal Information, please reach out to us at privacy@seraphsecure.com. We may ask you to verify your identity before we can act on your request. Making a verifiable consumer request does not require that you create an account with us. You must provide us with sufficient information to verify your identity, however, we will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity.

In some cases, we may have to keep the information provided for legitimate business or legal purposes and therefore will deny your request to delete the information.

You may make any of the following requests yourself or through a designated agent. Making a verifiable consumer request does not require that you create an account with us. You must provide us with sufficient information to verify your identity, however we will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity. Additionally, if you choose to make a request through a designated agent, we may contact you to verify that you have given such agent the requisite permission.

You have the right to request that we disclose certain information to you about the collection and use of your Personal Information over the previous 12 months. We may ask you to verify your identity before we can act on your request. Upon such verification, we may disclose to you:

  1. The categories of Personal Information we collected about you;
  2. The categories of sources from which the Personal Information is collected;
  3. The business or commercial purpose for collecting or selling Personal Information;
  4. The categories of third parties with whom we share that Personal Information;
  5. The specific pieces of Personal Information we collected about you.
  6. If we disclosed your Personal Information for a business purpose, we will provide the categories that each category of recipient purchased, and identify the business purposes for the disclosure.

If you live in a US State with Data Privacy Laws or are a resident of EEA, the United Kingdom, or Switzerland, you have certain rights with respect to your Personal Information, including:

  1. The right to request to know what Personal Information we collect, how we collect it, and how it is used and shared, including the categories of third parties with whom we have shared your Personal Information;
  2. The right to request that we delete Personal Information we retain about you;
  3. The right to request that we correct Personal Information that we maintain that is inaccurate;
  4. The right to opt out of certain processing of your Personal Information, including the sharing of your Personal Information for cross-contextual behavioral advertising (we do not share your Personal Information for that purpose);
  5. The right to request that we limit the use and disclosure of sensitive Personal Information we collect;
  6. The right to obtain a portable and readily usable copy of the Personal Information we maintain;
  7. The right to revoke consent for our use of your Personal Information;
  8. The right not to receive discriminatory treatment if you exercise your privacy rights.The right to lodge a complaint with a supervisory authority.

If your Personal Information request is denied by us, you have the right to appeal our decision. If you wish to appeal our decision, please email us at privacy@seraphsecure.com. In your appeal, please state that your message pertains to an appeal, include the date and subject matter of your original request, and any other supporting information to assist with verifying and granting your Personal Information request.

Complaint

If you are a resident of the EEA, the United Kingdom, or Switzerland, you have the right to make complaint to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority in the EEA, the United Kingdom, or Switzerland.

Non-Discrimination

We will not discriminate against you for exercising the rights set forth herein. To that end, and unless permitted by law, in the event you exercise the rights set forth above, we will not:

  1. Deny you goods or services unless it is impossible to distribute or provide such goods or services without the requisite Personal Information;
  2. Charge you different prices or rates for goods or services;
  3. Impose penalties;
  4. Provide you with a different level or quality of goods or services; or
  5. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

How We Use and Process Information We Collect

We use the information we collect from our Services to provide, maintain, protect and improve our Services, to develop new Services and offerings, and to protect us and our users.

We keep and process your PII when it is necessary to fulfill our contract with you at your request and/or where you have provided your consent, in order to:

  1. Provide you with information and Services you request from us;
  2. Confirm that you received the necessary service and transactional emails;
  3. Resolve disputes;
  4. Prevent potentially fraudulent, prohibited, or illegal activities;
  5. Provide you with technical and customer support;
  6. Subscribe you to newsletters and send you product updates or technical alerts;
  7. Send you marketing communications and information on the Services;
  8. Solicit your opinion or feedback and/or provide opportunities for you to test Services;
  9. Better administer and understand the usability, performance, and effectiveness of our Services, and communications to you, including troubleshooting, debugging, review customer service interactions, data analytics, testing, research, and statistical analysis;
  10. Develop cyber-threat intelligence resources;
  11. Enhance the security of our own networks and information systems;
  12. Improve our Services (including developing new Services) and customize and present content in the most relevant and effective manner for you and your device, including suggestions and recommendations about things that may be of interest to you;
  13. Keep our Services, business, and users safe and secure, and comply with applicable laws and regulations or judicial processes or government agencies, and to protect or exercise our legal rights and defend against legal claims; and
  14. Perform and fulfill other duties as required by law.

We are committed to maintaining your privacy, and we do not sell your personal data. We do not otherwise use or disclose sensitive personal information to third parties unless for the limited purposes outlined below:

  1. We may share PII and other data with companies, outside organizations, or individuals if we have your consent to do so;
  2. For external processing - We provide PII to our payment processors, login providers, service providers, or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Policy and any other appropriate confidentiality and security measures;
  3. For legal reasons - We will share PII with companies, outside organizations, or individuals if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process, or enforceable governmental request, detect, prevent, or otherwise address fraud, security or technical issues or protect against harm to the rights, property, or safety of our users or the public as required or permitted by law;
  4. In case of a sale or asset transfer - If we become involved in a merger, acquisition, or other transaction involving the sale of some or all of our assets, user information, including PII collected from you through your use of our Services, could be included in the transferred assets. Should such an event occur, we will use reasonable means to notify you, either through email and/or a prominent notice on the Services;
  5. We may use DII to operate our Services and manage user sessions, including analyzing usage of our Services, preventing malicious behavior and fraud, improving the content, and to link your identity across devices and browsers in order to provide you with a more seamless user experience. We may share DII with third parties primarily for analytics purposes, for external processing, and for security purposes. We do not otherwise share or supply PII or DII to third parties. We do not sell or rent your personal information to marketers or third parties.

In the past twelve months since this Policy was last updated, we did not disclose any personal or device information to third parties, outside our data processing agreements where we are the controllers of the data. We do not sell your personal information to third parties.

Third Parties

While we strive to work with reputable companies with good privacy practices, this Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you on the Services. We also do not control the privacy policies and your privacy settings on third-party sites, including social networks. If you visit any linked third-party websites, please review their privacy policy carefully. We are not responsible for the content or privacy practices of websites that are owned by third parties.

Data Processors

We have data processing agreements in place with all of our data processors, and we ensure that they are GDPR compliant. These processors include:

  1. Cloud infrastructure providers, such as Amazon Web Services
  2. Payment processors, such as Stripe
  3. Customer support software, such as Fernand
  4. Communications and marketing systems, such as Twilio and Brevo

Information Security

We work hard to protect our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold and undertake reasonable security measures with appropriate confidentiality, integrity, and availability protections. However, since no software or storage system is 100% secure, we cannot guarantee for the security of your information associated with the Services, or any other service for that matter. As a result, while we strive to protect your information, you agree and acknowledge that: (i) there are security and privacy limitations inherent to the Internet and wireless and mobile networks which are beyond our control; and (ii) security, integrity, and privacy of all information and data exchanged between you and us cannot be guaranteed. You can help protect your account information by using unique and hard-to-guess passwords, ensuring no one else uses your device or computer when you are logged in, logging off from the Services when they are not in use, by keeping your password and other information confidential, and by taking precautionary steps to guard the physical safety and security of your device or computer.

Retention Period

We will retain and store Personal Information data for up to five (5) years or longer if we have a valid business purpose, or a longer retention period is required to comply with applicable laws.

International Transfer

Our services are located in the United States and your Personal Information may be transferred or stored in the United States. The data protection laws and rules in the United States may be different from those where you live. To the maximum extent permitted by applicable law, you hereby authorize Company to process your information in the United States or any other locations where we operate. We rely on various legal mechanisms to help lawfully support transfers of information outside the country of collection where appropriate including ensuring all our processors adhere to terms and conditions set forth in the Standard Contractual Clauses, as approved by the European Commission.

Given that our Services are globally accessible, there are times where your data may need to be transferred across different jurisdictions. However, we will not transfer your Personal Information across jurisdictions, unless:

  1. You have provided your consent; or
  2. It is necessary to complete a transaction related to the Services or for another legal basis otherwise described herein; and
  3. We believe that the recipient of such information is subject to a law, contractual obligation, or a binding scheme, that has the effect of protecting your Personal Information in a way that, overall, is at least substantially similar to the way in which information is protected in the European Union, United Kingdom or Switzerland and there are mechanisms you can access to enforce that protection of the law or binding scheme; or
  4. Where otherwise allowed by any applicable legislation.

Children Under 13

Our services are not directed to, nor do we knowingly collect data from any child under the age of 13 or minors (as defined by applicable law), except where explicitly described otherwise in the privacy notices of Services designed specifically for purposes such as to assist you by providing child online protection features. In such cases, we will only collect and process personal data related to any child under the age of 13 years of age that you choose to disclose to us or otherwise instruct us to collect and process. If you are the parent of a child under the age of 13 and have a concern regarding your child’s information on our Services, please contact us at privacy@seraphsecure.com.

Changes

Our Privacy Policy may change from time to time. We will post any Policy changes on this page and within the settings of any of our Services. Please check back periodically to view changes to our privacy policy.

Questions?

If you have questions or requests regarding our privacy practices, please contact us at privacy@seraphsecure.com.