Privacy Policy (Website)

Introduction

This privacy policy (“Policy”) describes the data practices of Seraph Secure Inc. (“Company”), covering websites under its control, including the website at www.seraphsecure.com, and any and all other Company websites (collectively "Websites", also known as "Services"). This Policy will explain what information we collect online, why we collect it, and the choices we offer to you.

By using the Websites, you are consenting to this Policy and the processing of your data in the manner provided in this Policy. Please keep in mind that comment sections, forums, and other similar areas of our Websites are public. Any information posted in those areas is viewable and usable by anyone who has access. If you do not agree with these terms, please do not use the Websites. This Privacy Policy was last updated on November 21, 2024.

Information We Collect

We may collect information about the Websites you use and how you use them, such as data regarding your usage of the Websites and activity in the Websites. We collect PII, DII, and log information about your interactions as described below.

Personally Identifiable Information (PII)

PII is information that can be used to identify or contact you online or offline, such as your name, address, email, phone number, photos or audio data, and payment information, or data that is linked to such identifiers. If you create an account with us, make a purchase, sign up for updates and mailing lists, complete and submit responses to our surveys, connect with us on social media, attempt to contact us, or request information about our Websites, we collect information about you, including:

  • Account Data: If you create an account with us, we collect PII such as your name, mailing address, email address, phone number, and user credentials (login name and password).
  • Identity Data: We collect identifiers, such as your address and email, to provide our Websites.
  • Communications: If you contact us directly, we collect personal data about you, including identifiers, such as your name, email address, phone number, the contents of any message or attachments that you may send to us, and any other information you choose to provide. We may retain and review audio, electronic, visual, or similar information, such as audio call and chat recordings and/or the contents of the messages as required/permitted by law and our recording and information management practices. We will also collect identifiers from you, such as your email address and phone number, when you sign up to receive product updates, offers, and other promotional information or messages from us. When we send you emails, we may track whether you open them to learn how to deliver a better customer experience and improve our Websites.

Device Identifiable Information (DII)

We may also collect DII to facilitate installation and use of our Websites, including your device operating system, browser user agent, unique device and advertising identifiers, statistical identifiers, usernames, and similar identifiers that are linkable to a browser or device. We may also receive and collect other information, such as timestamps, city-level geolocation, fonts, and screen size.

Website Data

When you browse our Websites, we automatically collect internet or other electronic network activity information, commercial information, and inferences drawn from personal information about the individual web pages or products that you view, the purchases you make, what websites or search terms referred you to our Websites, the dates and times of your visits, and other information about how you interact with our Websites. When you browse our Websites, we may collect personal data using cookies and similar technologies (e.g., web beacons). Please see below for more details.

Cookies and How We Use Them

Cookies are small text files that are placed on your computer or device by websites that you visit or HTML-formatted emails you open, to make our websites work, or to make them work more efficiently, to understand the effectiveness of our emails, and confirm that you received the necessary communications. We use the word “cookie” in this notice as a synonym for all similar tracking technologies which we use, such as pixel tags and web beacons (collectively “cookies”). The cookies we use include “session” cookies that are erased when you leave our websites, or they may be “persistent” cookies that remain on your computer or device after you leave the website, in preparation for your next visit to our websites. For instance, cookies are used to:

  1. Enable the proper functioning of our websites and the proper delivery of legitimate electronic communications;
  2. Tailor information presented to you based on your browsing preferences, such as language and geographical region;
  3. Collect statistics regarding your website usage;
  4. Provide us with business and marketing information; and
  5. In some cases, to enable a third party to deliver future advertising for our Websites to you when you visit certain websites owned by third parties.

We may have collected the following information from you within the past 12 months:

Category Examples
Identifiers IP address, online identifier, device identifiers, or other similar data
Internet activity and electronic network information Including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, browser, application, or advertisement
Geolocation Data This will be coarse geolocation data (limited to your current city)

Withdrawal of Consent

If you provided us with consent to process your PII at any time, please note that you may withdraw such consent at any time, for any reason or no reason, by emailing us at privacy@seraphsecure.com. You acknowledge that the withdrawal of consent may affect our ability to provide the Services.

If you are a resident of the EEA, the United Kingdom, or Switzerland and wish to access, correct, object to, opt out of the sharing of, obtain a copy of, or delete your Personal Information, or otherwise wish to contact us regarding your Personal Information, please reach out to us at privacy@seraphsecure.com. We may ask you to verify your identity before we can act on your request. Making a verifiable consumer request does not require that you create an account with us. You must provide us with sufficient information to verify your identity, however, we will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity.

In some cases, we may have to keep the information provided for legitimate business or legal purposes and therefore will deny your request to delete the information.

You may make any of the following requests yourself or through a designated agent. Making a verifiable consumer request does not require that you create an account with us. You must provide us with sufficient information to verify your identity, however we will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity. Additionally, if you choose to make a request through a designated agent, we may contact you to verify that you have given such agent the requisite permission.

You have the right to request that we disclose certain information to you about the collection and use of your Personal Information over the previous 12 months. We may ask you to verify your identity before we can act on your request. Upon such verification, we may disclose to you:

  1. The categories of Personal Information we collected about you;
  2. The categories of sources from which the Personal Information is collected;
  3. The business or commercial purpose for collecting or selling Personal Information;
  4. The categories of third parties with whom we share that Personal Information;
  5. The specific pieces of Personal Information we collected about you.
  6. If we disclosed your Personal Information for a business purpose, we will provide the categories that each category of recipient purchased, and identify the business purposes for the disclosure.

If you live in a US State with Data Privacy Laws or are a resident of EEA, the United Kingdom, or Switzerland, you have certain rights with respect to your Personal Information, including:

  1. The right to request to know what Personal Information we collect, how we collect it, and how it is used and shared, including the categories of third parties with whom we have shared your Personal Information;
  2. The right to request that we delete Personal Information we retain about you;
  3. The right to request that we correct Personal Information that we maintain that is inaccurate;
  4. The right to opt out of certain processing of your Personal Information, including the sharing of your Personal Information for cross-contextual behavioral advertising (we do not share your Personal Information for that purpose);
  5. The right to request that we limit the use and disclosure of sensitive Personal Information we collect;
  6. The right to obtain a portable and readily usable copy of the Personal Information we maintain;
  7. The right to revoke consent for our use of your Personal Information;
  8. The right not to receive discriminatory treatment if you exercise your privacy rights.The right to lodge a complaint with a supervisory authority.

If your Personal Information request is denied by us, you have the right to appeal our decision. If you wish to appeal our decision, please email us at privacy@seraphsecure.com. In your appeal, please state that your message pertains to an appeal, include the date and subject matter of your original request, and any other supporting information to assist with verifying and granting your Personal Information request.

Complaint

If you are a resident of the EEA, the United Kingdom, or Switzerland, you have the right to make complaint to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority in the EEA, the United Kingdom, or Switzerland.

Non-Discrimination

We will not discriminate against you for exercising the rights set forth herein. To that end, and unless permitted by law, in the event you exercise the rights set forth above, we will not:

  1. Deny you goods or services unless it is impossible to distribute or provide such goods or services without the requisite Personal Information;
  2. Charge you different prices or rates for goods or services;
  3. Impose penalties;
  4. Provide you with a different level or quality of goods or services; or
  5. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

How We Use and Process Information We Collect

We use the information we collect from our Services to provide, maintain, protect and improve our Services, to develop new Services and offerings, and to protect us and our users.

We keep and process your PII when it is necessary to fulfill our contract with you at your request and/or where you have provided your consent, in order to:

  1. Provide you with information and Services you request from us;
  2. Confirm that you received the necessary service and transactional emails;
  3. Resolve disputes;
  4. Prevent potentially fraudulent, prohibited, or illegal activities;
  5. Provide you with technical and customer support;
  6. Subscribe you to newsletters and send you product updates or technical alerts;
  7. Send you marketing communications and information on the Services;
  8. Solicit your opinion or feedback and/or provide opportunities for you to test Services;
  9. Better administer and understand the usability, performance, and effectiveness of our Services, and communications to you, including troubleshooting, debugging, review customer service interactions, data analytics, testing, research, and statistical analysis;
  10. Develop cyber-threat intelligence resources;
  11. Enhance the security of our own networks and information systems;
  12. Improve our Services (including developing new Services) and customize and present content in the most relevant and effective manner for you and your device, including suggestions and recommendations about things that may be of interest to you;
  13. Keep our Services, business, and users safe and secure, and comply with applicable laws and regulations or judicial processes or government agencies, and to protect or exercise our legal rights and defend against legal claims; and
  14. Perform and fulfill other duties as required by law.

We are committed to maintaining your privacy, and we do not sell your personal data. We do not otherwise use or disclose sensitive personal information to third parties unless for the limited purposes outlined below:

  1. We may share PII and other data with companies, outside organizations, or individuals if we have your consent to do so;
  2. For external processing - We provide PII to our payment processors, login providers, service providers, or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Policy and any other appropriate confidentiality and security measures;
  3. For legal reasons - We will share PII with companies, outside organizations, or individuals if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process, or enforceable governmental request, detect, prevent, or otherwise address fraud, security or technical issues or protect against harm to the rights, property, or safety of our users or the public as required or permitted by law;
  4. In case of a sale or asset transfer - If we become involved in a merger, acquisition, or other transaction involving the sale of some or all of our assets, user information, including PII collected from you through your use of our Services, could be included in the transferred assets. Should such an event occur, we will use reasonable means to notify you, either through email and/or a prominent notice on the Services;
  5. We may use DII to operate our Services and manage user sessions, including analyzing usage of our Services, preventing malicious behavior and fraud, improving the content, and to link your identity across devices and browsers in order to provide you with a more seamless user experience. We may share DII with third parties primarily for analytics purposes, for external processing, and for security purposes. We do not otherwise share or supply PII or DII to third parties. We do not sell or rent your personal information to marketers or third parties.

In the past twelve months since this Policy was last updated, we did not disclose any personal or device information to third parties, outside our data processing agreements where we are the controllers of the data. We do not sell your personal information to third parties.

Third Parties

While we strive to work with reputable companies with good privacy practices, this Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you on the Services. We also do not control the privacy policies and your privacy settings on third-party sites, including social networks. If you visit any linked third-party websites, please review their privacy policy carefully. We are not responsible for the content or privacy practices of websites that are owned by third parties.

Data Processors

We have data processing agreements in place with all of our data processors, and we ensure that they are GDPR compliant. These processors include:

  1. Cloud infrastructure providers, such as Amazon Web Services
  2. Payment processors, such as Stripe
  3. Customer support software, such as Fernand
  4. Communications and marketing systems, such as Twilio and Brevo

Information Security

We work hard to protect our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold and undertake reasonable security measures with appropriate confidentiality, integrity, and availability protections. However, since no software or storage system is 100% secure, we cannot guarantee for the security of your information associated with the Services, or any other service for that matter. As a result, while we strive to protect your information, you agree and acknowledge that: (i) there are security and privacy limitations inherent to the Internet and wireless and mobile networks which are beyond our control; and (ii) security, integrity, and privacy of all information and data exchanged between you and us cannot be guaranteed. You can help protect your account information by using unique and hard-to-guess passwords, ensuring no one else uses your device or computer when you are logged in, logging off from the Services when they are not in use, by keeping your password and other information confidential, and by taking precautionary steps to guard the physical safety and security of your device or computer.

Retention Period

We will retain and store Personal Information data for up to five (5) years or longer if we have a valid business purpose, or a longer retention period is required to comply with applicable laws.

International Transfer

Our services are located in the United States and your Personal Information may be transferred or stored in the United States. The data protection laws and rules in the United States may be different from those where you live. To the maximum extent permitted by applicable law, you hereby authorize Company to process your information in the United States or any other locations where we operate. We rely on various legal mechanisms to help lawfully support transfers of information outside the country of collection where appropriate including ensuring all our processors adhere to terms and conditions set forth in the Standard Contractual Clauses, as approved by the European Commission.

Given that our Services are globally accessible, there are times where your data may need to be transferred across different jurisdictions. However, we will not transfer your Personal Information across jurisdictions, unless:

  1. You have provided your consent; or
  2. It is necessary to complete a transaction related to the Services or for another legal basis otherwise described herein; and
  3. We believe that the recipient of such information is subject to a law, contractual obligation, or a binding scheme, that has the effect of protecting your Personal Information in a way that, overall, is at least substantially similar to the way in which information is protected in the European Union, United Kingdom or Switzerland and there are mechanisms you can access to enforce that protection of the law or binding scheme; or
  4. Where otherwise allowed by any applicable legislation.

Children Under 13

Our services are not directed to, nor do we knowingly collect data from any child under the age of 13 or minors (as defined by applicable law), except where explicitly described otherwise in the privacy notices of Services designed specifically for purposes such as to assist you by providing child online protection features. In such cases, we will only collect and process personal data related to any child under the age of 13 years of age that you choose to disclose to us or otherwise instruct us to collect and process. If you are the parent of a child under the age of 13 and have a concern regarding your child’s information on our Services, please contact us at privacy@seraphsecure.com.

Changes

Our Privacy Policy may change from time to time. We will post any Policy changes on this page and within the settings of any of our Services. Please check back periodically to view changes to our privacy policy.

Questions?

If you have questions or requests regarding our privacy practices, please contact us at privacy@seraphsecure.com.