logo

    Privacy Policy

    Table of Contents

    1. Introduction
    2. Information We Collect
    3. How We Use Your Information
    4. Information Sharing and Disclosure
    5. Data Security
    6. Data Retention
    7. Your Rights and Choices
    8. International Data Transfers
    9. Cookies and Tracking Technologies
    10. Third-Party Services
    11. Children's Privacy
    12. Changes to This Privacy Policy
    13. Contact Information

    Introduction

    Sceptive LLC, Sceptive Pte. Ltd., and Sceptive Ltd. (collectively referred to as "Sceptive," "we," "us," or "our") are committed to protecting the privacy and security of personal information. As a leading cybersecurity company specializing in threat intelligence, behavioral analytics, and comprehensive security solutions, we understand the critical importance of data protection and privacy.

    This Privacy Policy describes how we collect, use, disclose, and protect information when you visit our website at www.sceptive.com, use our cybersecurity services, or interact with us in any capacity. This policy applies to all our services including but not limited to our Sceptive://bl0ck threat intelligence platform, behavioral biometrics solutions, malware analysis services, advanced forensics, post-quantum cryptography services, managed security services, and technology consulting.

    Our operations span multiple jurisdictions, with offices in Delaware (United States), Singapore, and Istanbul (Turkey). We serve a diverse clientele including government institutions, financial corporations, banks, and private sector organizations worldwide. Given the nature of our cybersecurity services, we process various types of data including threat intelligence, network traffic data, security logs, and behavioral analytics information.

    By accessing our website, using our services, or providing us with your information, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our services or provide us with your personal information.

    We are committed to transparency in our data processing activities and compliance with applicable privacy laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Personal Data Protection Act (PDPA) of Singapore, and other relevant data protection laws in jurisdictions where we operate.

    Information We Collect

    The nature of our cybersecurity services requires us to collect and process various types of information to effectively protect our clients and provide comprehensive security solutions. We collect information through multiple channels and for different purposes as outlined below.

    Personal Information

    Contact and Identification Information: We collect personal information that you voluntarily provide to us when you contact us, request information about our services, register for our services, or engage with us professionally. This includes your name, email address, phone number, job title, company name, business address, and other contact details.

    Professional Information: When you engage with our services, we may collect information about your professional background, security clearances (where applicable), technical expertise, and role within your organization. This information helps us tailor our services to your specific needs and ensure appropriate access controls.

    Communication Records: We maintain records of our communications with you, including emails, phone calls, meeting notes, and other correspondence. This information is essential for providing ongoing support, maintaining service quality, and ensuring continuity in our professional relationships.

    Technical and Security Data

    Network and System Information: Through our cybersecurity services, we collect extensive technical data including IP addresses, network traffic patterns, system logs, security event data, and infrastructure information. This data is crucial for threat detection, behavioral analysis, and providing effective security monitoring services.

    Threat Intelligence Data: Our global honeypot network and threat intelligence services collect data about malicious activities, attack patterns, suspicious IP addresses, malware signatures, and other indicators of compromise. This information is aggregated and analyzed to provide real-time threat intelligence to our clients.

    Behavioral Analytics Data: Our behavioral biometrics and analytics services collect data about user behavior patterns, access patterns, authentication attempts, and other behavioral indicators. This data is processed to create behavioral fingerprints that help identify and prevent unauthorized access and malicious activities.

    Malware and Security Samples: We collect and analyze malware samples, suspicious files, and other security artifacts as part of our malware analysis and forensics services. This information is used to understand attack methodologies and develop protective measures.

    Website and Digital Interaction Data

    Website Usage Information: When you visit our website, we automatically collect certain information about your visit, including your IP address, browser type and version, operating system, referring website, pages viewed, time spent on pages, and other usage statistics.

    Cookies and Tracking Data: We use cookies and similar tracking technologies to enhance your website experience, analyze website performance, and understand user preferences. For detailed information about our use of cookies, please refer to the "Cookies and Tracking Technologies" section below.

    Digital Communications: We may collect information about your interactions with our digital communications, including email open rates, click-through rates, and engagement metrics. This helps us improve our communications and provide more relevant information.

    Client Service Data

    Service Configuration Data: When providing our cybersecurity services, we collect information about your IT infrastructure, security configurations, system architectures, and operational requirements. This information is necessary to customize our services and ensure effective security coverage.

    Incident Response Data: During security incidents or forensic investigations, we may collect detailed information about the incident, affected systems, potential vulnerabilities, and remediation activities. This data is essential for effective incident response and preventing future occurrences.

    Compliance and Audit Information: We may collect information related to regulatory compliance requirements, audit trails, and security assessments as part of our managed security services and consulting engagements.

    Third-Party Information

    Partner and Vendor Data: We may receive information from our business partners, vendors, and other third parties who provide services to us or work with us to deliver services to our clients. This may include contact information, technical data, and other relevant business information.

    Public Sources: We collect information from publicly available sources, including threat intelligence feeds, security research publications, and other open-source intelligence sources. This information enhances our threat detection capabilities and helps us stay current with emerging security threats.

    We process personal information based on various legal grounds depending on the nature of the data and the purpose of processing. These legal bases include:

    • Contractual Necessity: Processing necessary for the performance of contracts with our clients and service providers
    • Legitimate Interests: Processing necessary for our legitimate business interests, including security monitoring, threat detection, and service improvement
    • Legal Compliance: Processing required to comply with legal obligations, regulatory requirements, and law enforcement requests
    • Consent: Processing based on explicit consent where required by applicable law
    • Vital Interests: Processing necessary to protect the vital interests of individuals or public safety

    We ensure that our processing activities are proportionate, necessary, and conducted in accordance with applicable privacy laws and regulations.

    How We Use Your Information

    We use the information we collect for various legitimate business purposes related to our cybersecurity services and operations. Our use of information is guided by the principles of necessity, proportionality, and transparency, ensuring that we only process data for specified, explicit, and legitimate purposes.

    Service Delivery and Operations

    Cybersecurity Service Provision: We use collected information to deliver our core cybersecurity services, including threat intelligence, behavioral analytics, intrusion detection, malware analysis, and forensic investigations. This involves analyzing patterns, identifying threats, and providing real-time security monitoring and response services to our clients.

    Threat Detection and Prevention: Information collected through our global honeypot network and behavioral analytics systems is used to identify emerging threats, detect malicious activities, and develop protective measures. We analyze attack patterns, behavioral indicators, and threat intelligence to enhance our detection capabilities and protect our clients from cyber threats.

    Security Monitoring and Incident Response: We use technical and security data to monitor client environments, detect security incidents, and provide rapid response services. This includes analyzing security logs, network traffic, and system events to identify potential breaches and coordinate appropriate response measures.

    Service Customization and Optimization: We use client information and service data to customize our offerings to meet specific client needs, optimize service performance, and ensure that our security solutions are effectively tailored to each client's unique environment and risk profile.

    Research and Development

    Security Research: We use aggregated and anonymized data to conduct security research, develop new threat detection methodologies, and enhance our understanding of emerging cyber threats. This research contributes to the broader cybersecurity community and helps us stay ahead of evolving threat landscapes.

    Product Development: Information about client needs, service performance, and emerging threats is used to develop new cybersecurity products and services, improve existing offerings, and ensure that our solutions remain effective against current and future threats.

    Algorithm Enhancement: We use behavioral data and threat intelligence to improve our machine learning algorithms, enhance our behavioral analytics capabilities, and develop more sophisticated threat detection and prevention mechanisms.

    Communication and Support

    Client Communication: We use contact information to communicate with clients about our services, provide technical support, share threat intelligence updates, and deliver important security notifications. This includes sending service-related emails, security alerts, and other relevant communications.

    Technical Support: We use service data and client information to provide technical support, troubleshoot issues, and ensure optimal service performance. This may involve analyzing system configurations, reviewing security logs, and providing guidance on security best practices.

    Training and Education: We use information about client needs and industry trends to develop and deliver security awareness training, educational content, and best practice guidance to help our clients improve their overall security posture.

    Business Operations and Administration

    Account Management: We use client information to manage accounts, process payments, maintain service records, and ensure proper service delivery. This includes managing user access, tracking service usage, and maintaining accurate billing information.

    Legal and Regulatory Compliance: We use information as necessary to comply with legal obligations, respond to law enforcement requests, and meet regulatory requirements in the jurisdictions where we operate. This may include maintaining audit trails, providing information for legal proceedings, and ensuring compliance with data protection laws.

    Risk Management: We use information to assess and manage business risks, including cybersecurity risks, operational risks, and compliance risks. This helps us maintain the security and integrity of our own operations while providing reliable services to our clients.

    Analytics and Improvement

    Service Analytics: We analyze service performance data, client feedback, and usage patterns to understand how our services are being used, identify areas for improvement, and measure the effectiveness of our security solutions.

    Website and Digital Experience Optimization: We use website usage data and digital interaction information to improve our online presence, enhance user experience, and provide more relevant and useful content to our visitors.

    Quality Assurance: We use various types of data to monitor service quality, ensure compliance with service level agreements, and maintain the high standards expected by our clients and regulatory authorities.

    Marketing and Business Development

    Service Promotion: We may use contact information to inform existing and potential clients about new services, security updates, and relevant industry developments. All marketing communications are conducted in accordance with applicable laws and regulations, and recipients can opt out at any time.

    Industry Engagement: We use aggregated and anonymized information to participate in industry discussions, contribute to security standards development, and share insights with the broader cybersecurity community through publications, conferences, and professional forums.

    Data Minimization and Purpose Limitation

    We are committed to the principles of data minimization and purpose limitation. We only collect and process information that is necessary for the specified purposes outlined above, and we do not use personal information for purposes that are incompatible with the original purpose of collection without obtaining appropriate consent or having another lawful basis for such use.

    We regularly review our data processing activities to ensure they remain necessary, proportionate, and aligned with our stated purposes. When information is no longer needed for its original purpose, we take appropriate steps to securely delete or anonymize it in accordance with our data retention policies.

    Information Sharing and Disclosure

    We understand the sensitive nature of the information we handle and are committed to protecting it while enabling effective cybersecurity services. We share information only when necessary for legitimate business purposes, legal compliance, or with appropriate consent. This section outlines the circumstances under which we may share or disclose information.

    Service Delivery and Client Support

    Client-Authorized Sharing: We may share information with third parties when explicitly authorized by our clients or when necessary to deliver requested services. This includes sharing threat intelligence with client security teams, coordinating incident response activities with client-designated partners, and providing security data to client-approved vendors or consultants.

    Subcontractors and Service Providers: We may share information with carefully selected subcontractors, service providers, and business partners who assist us in delivering our cybersecurity services. These parties are bound by strict confidentiality agreements and are only permitted to use the information for the specific purposes for which it was shared. Examples include cloud infrastructure providers, specialized security tool vendors, and technical support partners.

    Inter-Office Coordination: Given our global operations with offices in the United States, Singapore, and Turkey, we may share information between our offices to ensure seamless service delivery, maintain consistent security standards, and provide comprehensive support to our international clients.

    Threat Intelligence and Security Collaboration

    Anonymized Threat Intelligence Sharing: We may share anonymized and aggregated threat intelligence with other cybersecurity organizations, industry groups, and security researchers to enhance collective defense capabilities. This sharing is conducted in a manner that protects individual privacy and client confidentiality while contributing to broader cybersecurity efforts.

    Government and Law Enforcement Cooperation: We may share information with government agencies, law enforcement, and national security organizations when required by law or when necessary to protect public safety and national security. Such sharing is conducted in accordance with applicable legal frameworks and with appropriate safeguards to protect privacy rights.

    Industry Security Initiatives: We may participate in industry-wide security initiatives, threat sharing consortiums, and collaborative defense programs where information sharing enhances collective security. Participation in such initiatives is conducted with appropriate anonymization and aggregation to protect individual privacy.

    Legal Compliance: We may disclose information when required by law, regulation, legal process, or government request. This includes responding to subpoenas, court orders, regulatory investigations, and other legal proceedings. We will notify affected individuals when legally permitted and practical to do so.

    Regulatory Reporting: We may share information with regulatory authorities as required by applicable laws and regulations in the jurisdictions where we operate. This includes reporting security incidents, compliance audits, and other regulatory requirements related to our cybersecurity services.

    Law Enforcement Cooperation: We cooperate with law enforcement agencies in investigating cybercrimes, security incidents, and other illegal activities. Such cooperation is conducted in accordance with applicable laws and with appropriate consideration for privacy rights and client confidentiality.

    Business Operations and Transactions

    Corporate Transactions: In the event of a merger, acquisition, sale of assets, or other corporate transaction, we may transfer information to the acquiring entity or other parties involved in the transaction. We will provide notice of such transfers and ensure that the receiving party agrees to protect the information in accordance with this Privacy Policy or equivalent standards.

    Professional Advisors: We may share information with our professional advisors, including lawyers, accountants, auditors, and consultants, when necessary for business operations, legal compliance, or professional services. These advisors are bound by professional confidentiality obligations and are only permitted to use the information for the specific purposes for which it was shared.

    Emergency and Safety Situations

    Vital Interests Protection: We may disclose information when we believe in good faith that such disclosure is necessary to protect the vital interests of individuals, prevent serious harm, or address emergency situations. This includes situations where disclosure may help prevent cyberattacks, protect critical infrastructure, or safeguard public safety.

    Security Incident Response: During active security incidents or cyber attacks, we may share relevant information with affected parties, security partners, and response teams to coordinate effective incident response and minimize damage. Such sharing is conducted with appropriate consideration for confidentiality and privacy.

    Explicit Consent: We may share information with third parties when we have obtained explicit consent from the relevant individuals. Such consent will clearly specify the purpose of sharing, the recipients of the information, and the duration of the consent.

    Opt-In Programs: We may offer opt-in programs that allow individuals to participate in research studies, security initiatives, or other programs that involve information sharing. Participation in such programs is entirely voluntary and based on informed consent.

    Safeguards and Protections

    Data Processing Agreements: When sharing information with third parties, we enter into appropriate data processing agreements that specify the purposes of processing, security requirements, confidentiality obligations, and other protections to ensure that shared information is handled appropriately.

    Security Measures: We implement appropriate technical and organizational measures to protect information during sharing and transmission. This includes encryption, secure communication channels, access controls, and other security safeguards.

    Monitoring and Oversight: We monitor our information sharing practices to ensure compliance with this Privacy Policy, applicable laws, and contractual obligations. We conduct regular reviews of our sharing arrangements and take corrective action when necessary.

    Limitations on Sharing

    No Sale of Personal Information: We do not sell personal information to third parties for commercial purposes. Any sharing of information is conducted for legitimate business purposes as outlined in this policy.

    Minimal Disclosure Principle: We adhere to the principle of minimal disclosure, sharing only the information that is necessary for the specified purpose and implementing appropriate safeguards to protect privacy and confidentiality.

    Client Confidentiality: We maintain strict confidentiality regarding client-specific information and do not disclose such information except as authorized by the client or required by law. Our confidentiality obligations are reinforced through contractual agreements and professional standards.

    Data Security

    As a cybersecurity company, we understand that the security of information is paramount to our operations and our clients' trust. We implement comprehensive security measures that reflect industry best practices and exceed standard requirements to protect all information in our custody. Our security approach is multi-layered, continuously monitored, and regularly updated to address evolving threats.

    Technical Security Measures

    Encryption and Cryptographic Protection: We employ strong encryption protocols to protect data both in transit and at rest. All sensitive information is encrypted using industry-standard algorithms, including AES-256 for data at rest and TLS 1.3 for data in transit. We are actively preparing for the post-quantum cryptography era and are implementing quantum-resistant encryption methods to ensure long-term security.

    Access Controls and Authentication: We implement robust access control systems that ensure only authorized personnel can access information based on their role and need-to-know basis. This includes multi-factor authentication, privileged access management, role-based access controls, and regular access reviews. All access to sensitive systems and data is logged and monitored.

    Network Security: Our network infrastructure is protected by multiple layers of security controls, including firewalls, intrusion detection and prevention systems, network segmentation, and continuous monitoring. We employ our own threat intelligence and behavioral analytics capabilities to protect our infrastructure from cyber threats.

    Endpoint Protection: All devices used to access or process information are protected with advanced endpoint security solutions, including anti-malware protection, device encryption, remote wipe capabilities, and continuous monitoring for suspicious activities.

    Infrastructure Security

    Secure Data Centers: Our data is hosted in secure, certified data centers that meet or exceed industry standards for physical security, environmental controls, and operational resilience. These facilities are protected by multiple layers of physical security, including biometric access controls, 24/7 monitoring, and redundant power and cooling systems.

    Cloud Security: When utilizing cloud services, we select providers that demonstrate strong security practices and compliance with relevant standards. We implement additional security controls and monitoring to ensure that cloud-hosted data receives the same level of protection as on-premises data.

    Backup and Recovery: We maintain secure, encrypted backups of critical data and systems to ensure business continuity and data recovery capabilities. Our backup systems are regularly tested, and recovery procedures are documented and practiced to ensure rapid restoration in case of incidents.

    Redundancy and Resilience: Our systems are designed with redundancy and resilience in mind, including geographically distributed infrastructure, failover capabilities, and disaster recovery procedures to ensure continuous availability and protection of data.

    Operational Security Measures

    Security Monitoring and Incident Response: We operate a 24/7 security operations center that continuously monitors our systems and data for security threats and incidents. Our incident response procedures are regularly tested and updated to ensure rapid detection, containment, and remediation of security events.

    Vulnerability Management: We conduct regular vulnerability assessments, penetration testing, and security audits to identify and address potential security weaknesses. Our vulnerability management program includes automated scanning, manual testing, and prompt remediation of identified issues.

    Security Awareness and Training: All personnel receive comprehensive security awareness training and regular updates on emerging threats and security best practices. We maintain a culture of security consciousness and ensure that all team members understand their role in protecting information.

    Vendor and Third-Party Security: We carefully evaluate the security practices of all vendors and third parties who may have access to information. We require appropriate security controls, conduct security assessments, and monitor third-party compliance with our security requirements.

    Administrative Security Controls

    Security Policies and Procedures: We maintain comprehensive security policies and procedures that govern all aspects of information handling, system access, and security operations. These policies are regularly reviewed and updated to reflect changing threats and regulatory requirements.

    Personnel Security: We conduct thorough background checks on all personnel who have access to sensitive information and systems. Our personnel security program includes ongoing monitoring, regular training, and clear accountability for security responsibilities.

    Change Management: All changes to systems, applications, and security controls are managed through a formal change management process that includes security review, testing, and approval procedures to ensure that changes do not introduce security vulnerabilities.

    Compliance and Audit: We regularly conduct internal and external security audits to verify compliance with our security policies and applicable regulations. We maintain detailed audit trails and documentation to demonstrate our security practices and compliance efforts.

    Industry Standards and Certifications

    Standards Compliance: Our security program is designed to comply with relevant industry standards and frameworks, including ISO 27001, NIST Cybersecurity Framework, SOC 2, and other applicable security standards. We regularly assess our compliance and make necessary improvements to maintain adherence to these standards.

    Regulatory Compliance: We ensure that our security practices meet or exceed the requirements of applicable data protection regulations, including GDPR, CCPA, PDPA, and other relevant privacy and security laws in the jurisdictions where we operate.

    Continuous Improvement: We continuously evaluate and improve our security measures based on threat intelligence, industry best practices, regulatory changes, and lessons learned from security incidents. Our security program is dynamic and adaptive to address evolving threats and requirements.

    Incident Response and Breach Notification

    Incident Response Plan: We maintain a comprehensive incident response plan that outlines procedures for detecting, containing, investigating, and remediating security incidents. Our incident response team is trained and equipped to handle various types of security events, from minor incidents to major breaches.

    Breach Notification: In the event of a data breach that may affect personal information, we will notify affected individuals and relevant authorities in accordance with applicable legal requirements. We are committed to transparent communication about security incidents and will provide timely updates on our response efforts.

    Forensic Capabilities: As a cybersecurity company specializing in advanced forensics, we have sophisticated capabilities to investigate security incidents, preserve evidence, and conduct detailed analysis to understand the scope and impact of any security events.

    Client-Specific Security Measures

    Customized Security Controls: We work with clients to implement customized security controls that meet their specific requirements and risk profiles. This may include additional encryption, specialized access controls, or enhanced monitoring based on client needs.

    Security Reporting: We provide regular security reports to clients that detail the security measures protecting their information, any relevant security events, and ongoing security improvements. This transparency helps clients understand and verify the protection of their data.

    Collaborative Security: We collaborate with clients on security matters, sharing relevant threat intelligence, coordinating incident response activities, and working together to enhance overall security posture.

    Data Retention

    We retain information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our data retention practices are designed to balance operational needs, legal requirements, and privacy principles while ensuring that information is not kept longer than necessary.

    General Retention Principles

    Purpose-Based Retention: We retain information based on the specific purpose for which it was collected and processed. When the original purpose is fulfilled and there are no other legitimate reasons for retention, we take steps to securely delete or anonymize the information.

    Legal and Regulatory Requirements: We retain information for periods required by applicable laws and regulations in the jurisdictions where we operate. This includes compliance with data protection laws, financial regulations, employment laws, and other legal requirements that specify minimum retention periods.

    Business Necessity: We may retain information longer than the original purpose when there is a legitimate business need, such as ongoing security monitoring, threat intelligence analysis, or maintaining historical records for security research and development.

    Specific Retention Periods

    Personal Contact Information: Contact information such as names, email addresses, and phone numbers is retained for the duration of our business relationship plus an additional period as required by applicable laws or legitimate business interests. For prospective clients, contact information is typically retained for up to three years unless consent is withdrawn earlier.

    Client Service Data: Information related to our cybersecurity services, including security configurations, incident reports, and service records, is retained for the duration of the service agreement plus an additional period to support ongoing security monitoring and compliance requirements. This period typically ranges from three to seven years depending on the nature of the service and applicable regulations.

    Threat Intelligence Data: Threat intelligence information, including indicators of compromise, attack patterns, and malicious signatures, may be retained indefinitely as it continues to provide value for ongoing threat detection and security research. However, any personal information within this data is anonymized or pseudonymized to protect individual privacy.

    Security Logs and Monitoring Data: Security logs, network traffic data, and monitoring information are retained based on their security value and legal requirements. High-level security logs may be retained for up to seven years, while detailed technical logs are typically retained for shorter periods ranging from six months to two years.

    Communication Records: Records of communications with clients and other parties are retained for periods necessary to support ongoing relationships, resolve disputes, and comply with legal requirements. Email communications are typically retained for three to seven years, while meeting notes and other informal communications may be retained for shorter periods.

    Financial and Billing Information: Financial records, billing information, and payment data are retained in accordance with applicable financial regulations and tax requirements. This typically involves retention periods of seven to ten years depending on the jurisdiction and type of financial record.

    Retention Review and Disposal

    Regular Review Process: We conduct regular reviews of retained information to assess whether continued retention is necessary and appropriate. These reviews consider changes in business needs, legal requirements, and the ongoing value of the information for legitimate purposes.

    Secure Disposal: When information reaches the end of its retention period and is no longer needed for any legitimate purpose, we ensure its secure disposal using appropriate methods. This includes secure deletion of electronic data, physical destruction of paper records, and proper disposal of storage media.

    Anonymization and Pseudonymization: Where possible, we anonymize or pseudonymize information that has ongoing value for research, analytics, or security purposes but no longer requires personal identification. This allows us to retain valuable insights while protecting individual privacy.

    Client-Requested Deletion: We honor client requests for deletion of their information, subject to any legal obligations or legitimate business interests that require continued retention. When deletion is requested, we provide clear information about what can be deleted and any limitations based on legal or operational requirements.

    Special Considerations for Cybersecurity Data

    Threat Intelligence Lifecycle: Threat intelligence data has unique retention considerations due to its ongoing security value. While specific threat indicators may become obsolete, historical threat data provides valuable context for understanding attack evolution and developing defensive strategies.

    Incident Response Records: Information related to security incidents and forensic investigations may be retained for extended periods to support ongoing security monitoring, legal proceedings, and lessons learned analysis. The retention period for incident data is determined based on the severity of the incident, legal requirements, and ongoing security relevance.

    Behavioral Analytics Data: Behavioral patterns and analytics data may be retained in aggregated and anonymized form to support ongoing security research and algorithm development. Individual behavioral data is typically retained only for the period necessary to provide active security monitoring services.

    Compliance and Audit Data: Information required for regulatory compliance and audit purposes is retained for periods specified by applicable regulations. This may include extended retention periods for certain types of security and compliance data.

    International Considerations

    Cross-Border Data Retention: Given our international operations, we ensure that data retention practices comply with the laws of all relevant jurisdictions. Where different jurisdictions have conflicting requirements, we apply the most protective standard or seek appropriate legal guidance.

    Data Localization Requirements: We comply with data localization requirements that may affect where information is stored and how long it must be retained in specific jurisdictions. This includes ensuring that locally required data remains accessible to relevant authorities as required by law.

    Client Control and Transparency

    Retention Transparency: We provide clients with clear information about our data retention practices, including specific retention periods for different types of information and the factors that influence these periods.

    Client Retention Preferences: Where legally permissible, we work with clients to accommodate their specific retention preferences and requirements. This may include shorter retention periods for certain types of data or specific disposal procedures.

    Data Portability: Upon request and where technically feasible, we provide clients with copies of their data in a portable format before deletion, allowing them to maintain their own records if desired.

    Retention Policy Updates

    Regular Policy Review: We regularly review and update our data retention policies to ensure they remain current with legal requirements, business needs, and industry best practices. Changes to retention policies are communicated to relevant stakeholders and implemented with appropriate transition periods.

    Impact Assessment: Before implementing changes to retention periods, we conduct impact assessments to understand the implications for ongoing operations, legal compliance, and client relationships.

    Your Rights and Choices

    We respect your privacy rights and are committed to providing you with meaningful control over your personal information. Depending on your location and applicable laws, you may have various rights regarding your personal information. We strive to honor these rights regardless of your location, subject to legal limitations and legitimate business interests.

    Access Rights

    Right to Access: You have the right to request access to the personal information we hold about you. This includes the right to obtain confirmation of whether we are processing your personal information, details about the purposes of processing, categories of data involved, and information about recipients or categories of recipients.

    Information Provided: When you exercise your right of access, we will provide you with a copy of your personal information in a commonly used electronic format. We will also provide additional information about our processing activities, including the source of the information, the retention period, and your other rights.

    Response Timeframe: We will respond to access requests within the timeframes required by applicable law, typically within 30 days of receiving a valid request. In complex cases, we may extend this period by an additional 60 days with appropriate notification.

    Correction and Update Rights

    Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information. We encourage you to keep your information current and accurate, and we provide mechanisms for you to update your information directly where possible.

    Verification Process: When processing correction requests, we may need to verify the accuracy of new information and may request supporting documentation. We will make corrections promptly once we have verified the accuracy of the new information.

    Notification of Corrections: When we make corrections to your personal information, we will notify any third parties to whom we have disclosed the information, unless this proves impossible or involves disproportionate effort.

    Deletion Rights

    Right to Erasure: You have the right to request deletion of your personal information in certain circumstances, including when the information is no longer necessary for the original purpose, when you withdraw consent, or when the information has been unlawfully processed.

    Limitations on Deletion: We may not be able to delete your information in certain circumstances, such as when retention is required by law, necessary for legal claims, or essential for ongoing security monitoring. We will clearly explain any limitations on deletion when responding to your request.

    Secure Deletion Process: When we delete personal information, we use secure deletion methods to ensure that the information cannot be recovered or reconstructed. This includes overwriting electronic data and physically destroying storage media when necessary.

    Data Portability Rights

    Right to Data Portability: Where technically feasible and legally required, you have the right to receive your personal information in a structured, commonly used, and machine-readable format. You also have the right to transmit this information to another organization without hindrance.

    Scope of Portability: Data portability rights typically apply to information you have provided to us and that we process based on consent or contract. This may not include all information we hold about you, particularly information derived from our security analysis or threat intelligence activities.

    Technical Limitations: We will make reasonable efforts to provide portable data, but technical limitations may affect the format or completeness of portable data, particularly for complex security data or proprietary analysis results.

    Objection and Restriction Rights

    Right to Object: You have the right to object to processing of your personal information in certain circumstances, particularly when processing is based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

    Right to Restrict Processing: You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the information, when processing is unlawful but you prefer restriction to deletion, or when you need the information for legal claims.

    Marketing Opt-Out: You can opt out of marketing communications at any time by using the unsubscribe mechanisms provided in our communications or by contacting us directly. We will honor opt-out requests promptly and ensure that you do not receive further marketing communications.

    Withdrawal of Consent: Where our processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

    Granular Consent: Where possible, we provide granular consent options that allow you to consent to specific types of processing while declining others. This gives you more control over how your information is used.

    Consent Records: We maintain records of consent, including when and how consent was obtained, the scope of consent, and any subsequent changes or withdrawals. This helps us demonstrate compliance and honor your consent preferences.

    Rights for Specific Jurisdictions

    GDPR Rights (European Union): If you are located in the European Union, you have additional rights under the General Data Protection Regulation, including enhanced rights to access, rectification, erasure, restriction, objection, and data portability. You also have the right to lodge a complaint with a supervisory authority.

    CCPA Rights (California): If you are a California resident, you have rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to delete personal information, the right to opt-out of the sale of personal information, and the right to non-discrimination.

    PDPA Rights (Singapore): If you are located in Singapore, you have rights under the Personal Data Protection Act, including rights to access and correct your personal information and to withdraw consent for certain types of processing.

    Exercising Your Rights

    How to Submit Requests: You can exercise your privacy rights by contacting us using the contact information provided in this Privacy Policy. We may require verification of your identity before processing requests to protect against unauthorized access to your information.

    Verification Process: To verify your identity, we may request additional information such as government-issued identification, account information, or other details that help us confirm your identity and authority to make the request.

    No Charge for Requests: We do not charge fees for processing privacy rights requests unless the requests are manifestly unfounded, excessive, or repetitive. In such cases, we may charge a reasonable fee or refuse to act on the request.

    Response and Follow-Up: We will acknowledge receipt of your request and provide a substantive response within the timeframes required by applicable law. If we cannot fully comply with your request, we will explain the reasons and any alternative options available.

    Automated Decision-Making and Profiling

    Automated Processing: We may use automated processing, including machine learning and behavioral analytics, to analyze security threats and user behavior. You have the right to information about such automated processing and, in certain circumstances, the right not to be subject to decisions based solely on automated processing.

    Human Review: For significant decisions that may affect you, we ensure that human review is available and that you can express your point of view and contest the decision. This is particularly important for security-related decisions that may affect your access or services.

    Special Considerations for Security Data

    Security Limitations: Some privacy rights may be limited when exercising them would compromise security measures, ongoing investigations, or the protection of others. We will clearly explain any such limitations and provide alternative measures where possible.

    Aggregated Data: Rights may not apply to aggregated or anonymized data that cannot be linked back to you. However, we will consider requests related to such data and provide explanations about our processing activities.

    Support and Assistance

    Privacy Support: We provide dedicated support for privacy-related inquiries and requests. Our privacy team is trained to assist you with understanding your rights and navigating the process of exercising them.

    Language Support: We can provide assistance in multiple languages to help you understand and exercise your privacy rights effectively.

    Accessibility: We are committed to making our privacy processes accessible to individuals with disabilities and will provide reasonable accommodations to ensure that everyone can effectively exercise their privacy rights.

    International Data Transfers

    Given our global operations with offices in the United States, Singapore, and Turkey, and our international client base, we may transfer personal information across borders to provide our cybersecurity services effectively. We are committed to ensuring that all international data transfers are conducted with appropriate safeguards to protect your privacy and comply with applicable data protection laws.

    Adequacy Decisions: We rely on adequacy decisions made by relevant data protection authorities when transferring personal information to countries that have been deemed to provide an adequate level of data protection. We monitor changes in adequacy status and adjust our transfer mechanisms accordingly.

    Standard Contractual Clauses: For transfers to countries without adequacy decisions, we use Standard Contractual Clauses (SCCs) approved by relevant data protection authorities. These clauses provide contractual safeguards that ensure transferred data receives appropriate protection equivalent to that required in the originating jurisdiction.

    Binding Corporate Rules: We are developing Binding Corporate Rules (BCRs) to facilitate transfers within our corporate group while ensuring consistent data protection standards across all our offices and operations.

    Certification and Codes of Conduct: We participate in relevant certification schemes and codes of conduct that provide additional safeguards for international data transfers, particularly in the cybersecurity industry.

    Transfer Safeguards and Protections

    Technical Safeguards: All international data transfers are protected by strong encryption both in transit and at rest. We use secure communication channels, VPNs, and other technical measures to ensure that data remains protected during transfer and storage in different jurisdictions.

    Organizational Safeguards: We implement organizational measures to protect transferred data, including access controls, staff training, confidentiality agreements, and regular audits of our international operations. Our global privacy and security policies ensure consistent protection standards across all locations.

    Contractual Protections: Our contracts with international service providers, partners, and clients include specific data protection clauses that require appropriate safeguards, limit the use of transferred data, and provide for audit rights and breach notification procedures.

    Local Compliance: We ensure that our data processing activities in each jurisdiction comply with local data protection laws and regulations, even when those requirements exceed the standards of the originating jurisdiction.

    Specific Transfer Scenarios

    Client Service Delivery: We may transfer client data between our offices to provide comprehensive cybersecurity services, coordinate incident response activities, and ensure 24/7 security monitoring. Such transfers are conducted under appropriate legal frameworks and with client notification where required.

    Threat Intelligence Sharing: Our global threat intelligence operations may involve transferring anonymized and aggregated threat data across borders to enhance collective security. Personal information within such data is protected through anonymization, pseudonymization, or other appropriate safeguards.

    Cloud and Infrastructure Services: We may use cloud services and infrastructure providers located in different countries to support our operations. We carefully select providers that offer appropriate data protection safeguards and enter into appropriate data processing agreements.

    Vendor and Partner Collaboration: Our work with international vendors, partners, and subcontractors may involve data transfers necessary for service delivery. We ensure that all such transfers are covered by appropriate legal mechanisms and contractual protections.

    Regional Considerations

    European Union Transfers: For transfers from the European Union, we comply with GDPR requirements and use appropriate transfer mechanisms such as adequacy decisions, Standard Contractual Clauses, or other approved safeguards. We conduct transfer impact assessments where required and implement additional safeguards when necessary.

    United States Operations: Our operations in the United States are conducted in compliance with applicable federal and state privacy laws, including sector-specific regulations that may apply to our cybersecurity services. We implement appropriate safeguards for data transferred to and from the United States.

    Asia-Pacific Region: Our Singapore operations serve as a hub for our Asia-Pacific activities, and we ensure compliance with the Personal Data Protection Act of Singapore and other relevant regional data protection laws. We implement appropriate safeguards for transfers within the Asia-Pacific region.

    Emerging Markets: As we expand our services to emerging markets, we carefully assess the data protection landscape in each jurisdiction and implement appropriate transfer mechanisms and safeguards to ensure continued protection of personal information.

    Transfer Impact Assessments

    Risk Assessment: We conduct transfer impact assessments to evaluate the risks associated with international data transfers, particularly when transferring data to jurisdictions with different legal frameworks or potential government access requirements.

    Supplementary Measures: Based on our transfer impact assessments, we implement supplementary technical and organizational measures when necessary to ensure that transferred data receives adequate protection. This may include additional encryption, access controls, or contractual safeguards.

    Ongoing Monitoring: We continuously monitor the legal and practical circumstances surrounding our international data transfers and adjust our safeguards as necessary to maintain appropriate protection levels.

    Transparency: We are committed to transparency regarding government access to data and will notify affected individuals and organizations when legally permitted to do so. We maintain records of government requests and our responses to such requests.

    Legal Challenge: We will challenge government requests for data access when we believe such requests are overly broad, legally unfounded, or inconsistent with applicable data protection laws. We work with legal counsel to ensure appropriate responses to government requests.

    Data Minimization: We limit the scope of data transfers to minimize exposure to government access requests and implement technical measures that make it difficult for unauthorized parties to access transferred data.

    Client Control and Notification

    Transfer Notification: We provide clients with information about international data transfers that may affect their data, including the countries involved, the legal basis for transfer, and the safeguards in place to protect their information.

    Client Preferences: Where possible, we accommodate client preferences regarding international data transfers, including restrictions on transfers to specific countries or requirements for additional safeguards.

    Data Localization: We work with clients who have data localization requirements to ensure that their data remains within specified jurisdictions while still enabling effective cybersecurity services.

    Compliance and Monitoring

    Regular Review: We regularly review our international data transfer practices to ensure continued compliance with evolving legal requirements and to identify opportunities for improvement.

    Audit and Verification: We conduct regular audits of our international operations and transfer mechanisms to verify compliance with our policies and applicable legal requirements.

    Documentation: We maintain comprehensive documentation of our international data transfers, including the legal basis for each transfer, the safeguards in place, and any assessments or reviews conducted.

    Future Developments

    Legal Evolution: We monitor developments in international data transfer law and adjust our practices accordingly. This includes staying current with new adequacy decisions, changes to standard contractual clauses, and emerging transfer mechanisms.

    Technology Innovation: We explore new technologies and approaches that can enhance the protection of data during international transfers, including advanced encryption techniques, privacy-enhancing technologies, and secure multi-party computation methods.

    Cookies and Tracking Technologies

    We use cookies and similar tracking technologies on our website to enhance user experience, analyze website performance, and understand visitor behavior. This section provides detailed information about the types of tracking technologies we use, their purposes, and how you can control them.

    Types of Tracking Technologies

    Cookies: Cookies are small text files that are stored on your device when you visit our website. They contain information that can be read by our web server when you return to the site. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a specified period).

    Web Beacons: Web beacons, also known as pixel tags or clear GIFs, are small graphic images embedded in web pages or emails. They work in conjunction with cookies to collect information about your interactions with our website and communications.

    Local Storage: We may use local storage technologies, such as HTML5 local storage and Flash Local Shared Objects (LSOs), to store information on your device. These technologies can store larger amounts of data than traditional cookies and may persist even after you clear your browser cookies.

    Analytics Tools: We use web analytics tools that employ various tracking technologies to collect information about website usage, user behavior, and performance metrics. These tools help us understand how visitors interact with our website and identify areas for improvement.

    Categories of Cookies

    Strictly Necessary Cookies: These cookies are essential for the operation of our website and cannot be disabled. They enable core functionality such as security features, network management, and accessibility. Without these cookies, services you have requested cannot be provided.

    Performance and Analytics Cookies: These cookies collect information about how visitors use our website, including which pages are visited most often, how long visitors spend on the site, and any error messages encountered. This information is used to improve website performance and user experience.

    Functionality Cookies: These cookies allow our website to remember choices you make and provide enhanced, more personalized features. They may be set by us or by third-party providers whose services we have added to our pages.

    Marketing and Advertising Cookies: These cookies are used to deliver relevant advertisements and marketing communications. They track your browsing activity across websites to build a profile of your interests and show you relevant content.

    Specific Uses of Tracking Technologies

    Website Analytics: We use analytics cookies to understand how visitors interact with our website, including page views, session duration, bounce rates, and navigation patterns. This information helps us optimize our website design and content to better serve our visitors.

    Security Monitoring: We use certain tracking technologies to monitor for security threats, detect suspicious activity, and protect our website from malicious attacks. This is particularly important given our cybersecurity focus and the sensitive nature of our services.

    Performance Optimization: We use performance cookies to monitor website loading times, identify technical issues, and optimize our website's performance across different devices and browsers.

    User Experience Enhancement: We use functionality cookies to remember your preferences, such as language settings, display preferences, and other customization options that enhance your browsing experience.

    Communication Tracking: We may use tracking technologies in our email communications to understand engagement rates, delivery success, and the effectiveness of our communications. This helps us improve our communication strategies and provide more relevant content.

    Third-Party Tracking Technologies

    Analytics Providers: We work with third-party analytics providers who may place their own cookies and tracking technologies on our website. These providers help us understand website usage and performance through their specialized analytics platforms.

    Content Delivery Networks: We use content delivery networks (CDNs) to improve website performance and reliability. These services may place their own cookies to optimize content delivery and monitor performance.

    Security Services: We may use third-party security services that employ tracking technologies to protect our website from threats, monitor for suspicious activity, and ensure the security of our online presence.

    Social Media Integration: If we integrate social media features on our website, the social media platforms may place their own cookies and tracking technologies to enable these features and track interactions.

    Browser Settings: Most web browsers allow you to control cookies through their settings. You can typically view, delete, and block cookies through your browser's privacy or security settings. However, disabling certain cookies may affect the functionality of our website.

    Opt-Out Mechanisms: We provide mechanisms for you to opt out of certain types of tracking, particularly for marketing and analytics purposes. These opt-out preferences are typically managed through cookie consent banners or preference centers on our website.

    Third-Party Opt-Outs: For third-party tracking technologies, you may need to visit the respective third-party websites to manage your preferences or use industry opt-out tools that allow you to opt out of multiple tracking services simultaneously.

    Do Not Track Signals: We respect Do Not Track signals sent by your browser and will adjust our tracking practices accordingly where technically feasible and legally required.

    Consent Management: Where required by applicable law, we obtain your consent before placing non-essential cookies on your device. We provide clear information about the types of cookies we use and their purposes before requesting consent.

    Granular Control: We strive to provide granular control over different categories of cookies, allowing you to accept some types while declining others based on your preferences and comfort level.

    Consent Withdrawal: You can withdraw your consent for cookies at any time by adjusting your browser settings, using our cookie preference center, or contacting us directly. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

    Regular Consent Review: We may periodically ask you to review and update your cookie preferences, particularly when we introduce new types of tracking technologies or change our cookie practices.

    Data Collected Through Tracking Technologies

    Technical Information: Tracking technologies may collect technical information about your device and browser, including IP address, browser type and version, operating system, screen resolution, and device identifiers.

    Usage Information: We collect information about how you use our website, including pages visited, time spent on pages, click patterns, search queries, and navigation paths through the site.

    Referral Information: We collect information about how you arrived at our website, including referring websites, search engines used, and marketing campaigns that directed you to our site.

    Interaction Data: We may collect information about your interactions with specific website elements, such as forms, downloads, video content, and other interactive features.

    Security and Privacy Protection

    Data Minimization: We collect only the information necessary for the specified purposes and avoid collecting excessive or irrelevant data through our tracking technologies.

    Security Measures: We implement appropriate security measures to protect data collected through tracking technologies, including encryption, access controls, and secure data transmission protocols.

    Anonymization and Aggregation: Where possible, we anonymize or aggregate data collected through tracking technologies to protect individual privacy while still gaining valuable insights for website improvement.

    Regular Review: We regularly review our use of tracking technologies to ensure they remain necessary, proportionate, and aligned with our privacy principles and legal obligations.

    Updates and Changes

    Technology Evolution: As tracking technologies evolve, we may update our practices to take advantage of new capabilities or to address emerging privacy concerns. We will update this section of our Privacy Policy to reflect any significant changes.

    Legal Compliance: We monitor changes in laws and regulations related to tracking technologies and adjust our practices accordingly to ensure continued compliance with applicable requirements.

    Industry Best Practices: We stay current with industry best practices for the use of tracking technologies and implement improvements to enhance privacy protection and user control.

    Third-Party Services

    In the course of providing our cybersecurity services and maintaining our website, we work with various third-party service providers. This section describes how we handle information when working with these third parties and the protections we have in place.

    Types of Third-Party Services

    Cloud Infrastructure Providers: We use cloud infrastructure services to host our systems, store data, and provide scalable computing resources. These providers are carefully selected based on their security capabilities, compliance certifications, and data protection practices.

    Security Tool Vendors: We integrate with various cybersecurity tools and platforms to enhance our service capabilities. These integrations may involve sharing relevant data with tool providers to enable effective security monitoring and threat detection.

    Analytics and Monitoring Services: We use third-party analytics and monitoring services to understand website performance, user behavior, and system health. These services help us improve our offerings and maintain high service quality.

    Communication Platforms: We use third-party communication platforms for email delivery, customer support, and other business communications. These platforms are selected based on their security features and privacy protections.

    Data Sharing with Third Parties

    Limited Purpose Sharing: We share information with third parties only for specific, limited purposes related to service delivery, and we ensure that such sharing is covered by appropriate contractual protections and legal safeguards.

    Data Processing Agreements: All third-party service providers who may have access to personal information are required to enter into data processing agreements that specify their obligations regarding data protection, security, and confidentiality.

    Security Requirements: We require third-party providers to implement appropriate technical and organizational security measures to protect any information they may access or process on our behalf.

    Audit Rights: Our agreements with third-party providers include audit rights that allow us to verify their compliance with data protection requirements and security standards.

    Third-Party Privacy Policies

    Independent Policies: Third-party service providers have their own privacy policies that govern their collection and use of information. We encourage you to review the privacy policies of any third-party services you may interact with directly.

    No Control Over Third Parties: While we carefully select our third-party providers and require appropriate protections, we do not control their privacy practices beyond our contractual agreements with them.

    Direct Relationships: If you have a direct relationship with any of our third-party providers, your interactions with them are governed by their privacy policies and terms of service, not this Privacy Policy.

    Children's Privacy

    Our cybersecurity services are designed for business and professional use and are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16 years of age.

    Age Verification

    No Intentional Collection: We do not intentionally collect personal information from individuals under 16 years of age. Our services are marketed to and designed for business professionals, government agencies, and organizations.

    Parental Notification: If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly and notify the child's parent or guardian if contact information is available.

    Verification Procedures: If we have reason to believe that a user may be under 16, we may request age verification or parental consent before allowing continued use of our services.

    Educational and Research Contexts

    Academic Partnerships: We may work with educational institutions on cybersecurity research and education initiatives. In such cases, we ensure that any involvement of students under 18 is conducted with appropriate parental consent and institutional oversight.

    Compliance with Educational Laws: When working with educational institutions, we comply with applicable laws such as the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA) where relevant.

    Changes to This Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or other factors. We are committed to providing notice of significant changes and ensuring that you have the opportunity to review updated policies.

    Types of Changes

    Service Evolution: As our cybersecurity services evolve and expand, we may need to update this Privacy Policy to reflect new data collection practices, processing activities, or service features.

    Legal Requirements: Changes in applicable laws and regulations may require us to modify our privacy practices and update this Privacy Policy accordingly.

    Industry Standards: We may update our practices to align with evolving industry standards and best practices for privacy and data protection in the cybersecurity sector.

    Notification of Changes

    Advance Notice: We will provide advance notice of material changes to this Privacy Policy through our website, email communications, or other appropriate channels. The notice period will be at least 30 days for significant changes that may affect your rights or our processing activities.

    Effective Date: All changes to this Privacy Policy will include a new effective date, and we will maintain previous versions for reference to help you understand what has changed.

    Continued Use: Your continued use of our services after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you may discontinue use of our services.

    Significant Changes

    Enhanced Rights: Changes that enhance your privacy rights or provide additional protections will generally be implemented without requiring additional consent.

    New Processing Activities: If we introduce new types of data processing that are not covered by this Privacy Policy, we will seek appropriate consent or provide additional notice as required by applicable law.

    Third-Party Changes: If we begin working with new categories of third-party providers or change our data sharing practices significantly, we will update this Privacy Policy and provide appropriate notice.

    Contact Information

    We are committed to addressing your privacy concerns and questions promptly and thoroughly. Please do not hesitate to contact us regarding any aspect of this Privacy Policy or our privacy practices.

    Privacy Inquiries

    Primary Contact: For all privacy-related inquiries, requests, and concerns, please contact us at:

    Email: [email protected]
    Subject Line: Please include "Privacy Inquiry" in the subject line to ensure prompt routing to our privacy team.

    Data Protection Officer

    Designated Contact: Our Data Protection Officer is responsible for overseeing privacy compliance and can be reached at:

    Email: [email protected]
    Responsibilities: Our DPO can assist with privacy rights requests, compliance questions, and concerns about our data processing activities.

    Regional Offices

    United States Office:
    Sceptive LLC
    1111B S Governors Ave STE 20575
    Dover, DE 19904
    Phone: +1 (302) 730 7138
    Email: [email protected]

    Response Timeframes

    Acknowledgment: We will acknowledge receipt of your privacy inquiry within 2 business days.

    Substantive Response: We will provide a substantive response to privacy requests within 30 days, or within the timeframes required by applicable law.

    Complex Requests: For complex requests that require additional time, we may extend our response period by up to 60 additional days with appropriate notification.

    Regulatory Authorities

    If you believe that our processing of your personal information violates applicable data protection laws, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

    European Union: If you are located in the EU, you can contact your local data protection authority or file a complaint with the European Data Protection Board.

    United States: For US-based concerns, you may contact relevant federal or state authorities, including the Federal Trade Commission or your state's attorney general's office.

    Singapore: If you are located in Singapore, you can contact the Personal Data Protection Commission (PDPC).

    Document Information:

    • Effective Date: [To be inserted upon implementation]
    • Last Updated: [To be updated with each revision]
    • Version: 1.0
    • Document Owner: Sceptive Privacy Team
    • Review Frequency: Annual or as required by legal/business changes

    This Privacy Policy represents our commitment to protecting your privacy and maintaining transparency in our data processing activities. We encourage you to review this policy regularly and contact us with any questions or concerns.