1. Introduction
At SecureSphereLabs, we are committed to maintaining the confidentiality, integrity, and availability of the data entrusted to us. This Privacy Policy outlines our data collection, handling, and retention practices, specifically tailored for our enterprise and regulated clients.
2. Information Collection
We collect only the minimum data necessary to perform authorized security services and maintain business operations:
- Client Contact Information: Names, business emails, and phone numbers for communication.
- Engagement Data: Scope details, IP addresses, system configurations, and logs provided by the client for testing or monitoring purposes.
- Technical Artifacts: Data captured during authorized penetration testing or SOC monitoring (e.g., packet captures, log files), which is handled strictly under NDA.
3. Usage of Information
Data collected is used exclusively for:
- Delivering contracted security services (Penetration Testing, SOC Monitoring).
- Generating technical reports and executive summaries.
- Legal and regulatory compliance.
We do not sell, trade, or share client data with third parties for marketing purposes.
4. Security Controls
We implement defense-in-depth security measures to protect your data, including:
- AES-256 encryption for data at rest and TLS 1.3 for data in transit.
- Strict Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) for all internal systems.
- Regular internal security audits and background checks for all personnel.
5. Data Retention
We adhere to a strict data retention policy:
- Engagement Data: Retained for the duration of the engagement + 30 days, then securely purged unless required for compliance.
- Reports: Final reports are retained for 7 years to satisfy audit trails, stored in encrypted archives.
6. GDPR & Compliance
SecureSphereLabs acts as a Data Processor for our EU clients and complies with GDPR requirements. We facilitate Data Subject Access Requests (DSARs) and ensure cross-border data transfer mechanisms are compliant.
7. Contact
For privacy inquiries or to report a security concern, please contact our Security Office:
Email: security@securespherelabs.com
Address: Grzybowska 9, Warszawa, Poland