Privacy Policy - CSPM.io

At CSPM.io, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud security posture management platform and services.

1. Information We Collect

1.1 Information You Provide

Account Information: Name, email address, company name, job title, phone number
Payment Information: Billing details (processed securely through third-party payment processors)
Cloud Infrastructure Data: Information about your cloud resources, configurations, and security findings
Communications: Content of messages you send us through contact forms, support tickets, or email

1.2 Information Automatically Collected

Usage Data: Pages visited, features used, time spent on platform
Technical Data: IP address, browser type, device information, operating system
Analytics Data: Performance metrics, error logs, crash reports

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain our security platform
Analyze your cloud infrastructure for security vulnerabilities and compliance
Improve, personalize, and expand our services
Communicate with you about your account, updates, and security alerts
Process your transactions and billing
Send you marketing communications (with your consent)
Detect, prevent, and address technical issues and security incidents
Comply with legal obligations and protect our rights

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers: Third-party vendors who perform services on our behalf (cloud hosting, payment processing, analytics)
Business Transfers: In connection with a merger, acquisition, or sale of assets
Legal Requirements: When required by law or to protect our rights and safety
With Your Consent: When you explicitly authorize us to share your information

                Your Cloud Data: We only access your cloud infrastructure data to the extent necessary to provide
                security analysis services. We implement strict access controls and use this data solely for security analysis,
                not for any other purpose.
            

4. Data Security

We implement industry-standard security measures to protect your information:

Encryption in transit (TLS/SSL) and at rest (AES-256)
Multi-factor authentication (MFA) for account access
Role-based access control (RBAC)
Regular security audits and penetration testing
SOC 2 Type II compliance (in progress)
Data isolation and multi-tenancy protections

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services. When you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal or compliance purposes.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information
Portability: Request a copy of your data in a structured, machine-readable format
Opt-Out: Unsubscribe from marketing communications at any time
Object: Object to processing of your personal information

To exercise these rights, please contact us at privacy@cspm.io

7. Cookies and Tracking

We use cookies and similar tracking technologies to:

Maintain your session and preferences
Analyze usage patterns and improve our platform
Personalize your experience
Measure marketing campaign effectiveness

You can control cookies through your browser settings. Note that disabling cookies may affect platform functionality.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) where applicable.

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Third-Party Services

Our platform may integrate with third-party services (AWS, GCP, Azure, Slack, Jira, etc.). Your use of these services is governed by their respective privacy policies. We are not responsible for the privacy practices of third-party services.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

Right to know what personal information is collected, used, shared, or sold
Right to delete personal information
Right to opt-out of the sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising your CCPA rights

12. GDPR Compliance (European Users)

If you are in the European Economic Area (EEA), we process your data under the following legal bases:

Contract Performance: To provide services under our agreement with you
Legitimate Interests: To improve our platform and prevent fraud
Consent: For marketing communications (you may withdraw consent at any time)
Legal Obligation: To comply with applicable laws

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our platform. Your continued use of our services after changes indicates acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Email: privacy@cspm.io
Support: support@cspm.io
General: hello@cspm.io

Data Protection Officer: For privacy-related inquiries specific to GDPR compliance, you can contact our Data Protection Officer at dpo@cspm.io