Privacy Policy

SocialEye ("we," "us," "our," or the "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our threat intelligence and security research platform (the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the data practices described, you should not use the Service.

This Privacy Policy applies to all users of our Service, including users in the European Economic Area (EEA), United Kingdom, California, and other jurisdictions with specific privacy regulations.

2.1 Information You Provide:

• Account Information: Email address, password (hashed), name, organization name, and billing information when you create an account or subscribe
• Search Queries: The queries you submit to our Service for threat intelligence lookups
• Communications: Information you provide when contacting support or providing feedback
• Payment Information: Payment details processed through secure third-party payment processors (we do not store full card numbers)

2.2 Information Collected Automatically:

• Usage Data: Pages visited, features used, search frequency, and interaction patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, error logs, and referring URLs
• Cookies: Session cookies for authentication and preferences (see Cookie Policy below)

2.3 Information We Do NOT Collect:

• Social Security numbers or government ID numbers
• Biometric data
• Health or medical information
• Information about children under 18

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve the Service
• Account Management: To create and manage your account, process transactions, and send administrative communications
• Security: To detect, prevent, and address fraud, abuse, security risks, and technical issues
• Analytics: To understand how users interact with our Service and improve user experience
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Communications: To respond to inquiries and send service-related notifications

Legal Basis (GDPR): Our legal bases for processing include: performance of contract, legitimate interests, compliance with legal obligations, and your consent where applicable.

We may share information only in the following circumstances:

• Service Providers: With trusted third-party vendors who assist us in operating the Service (hosting, payment processing, analytics), bound by confidentiality agreements
• Legal Requirements: When required by law, subpoena, court order, or government request
• Protection of Rights: To protect our rights, privacy, safety, or property, or that of our users or the public
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users
• With Consent: With your explicit consent for any other purpose

We implement industry-standard security measures to protect your information:

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Controls: Role-based access, multi-factor authentication for administrative access
• Infrastructure: Secure cloud infrastructure with regular security audits and penetration testing
• Password Security: Passwords are hashed using bcrypt with appropriate work factors
• Monitoring: Real-time security monitoring and intrusion detection

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

We retain your information only as long as necessary:

• Account Data: Retained while your account is active, deleted within 30 days of account deletion request
• Search History: Retained for 90 days for service improvement, then anonymized or deleted
• Usage Logs: Retained for 12 months for security and analytics
• Payment Records: Retained as required by tax and accounting laws (typically 7 years)
• Support Communications: Retained for 2 years or as needed for ongoing issues

After the retention period, data is securely deleted or anonymized so it can no longer be associated with you.

7.1 All Users Have the Right To:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data
• Export: Request your data in a portable format
• Opt-Out: Unsubscribe from marketing communications

7.2 Additional Rights for EEA/UK Residents (GDPR):

• Right to restriction of processing
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

7.3 California Residents (CCPA/CPRA):

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell)
• Right to non-discrimination for exercising your rights

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days (or as required by applicable law).

We use the following types of cookies:

• Essential Cookies: Required for authentication and basic functionality (cannot be disabled)
• Analytics Cookies: Help us understand how users interact with our Service (can be disabled)
• Preference Cookies: Remember your settings and preferences

Managing Cookies: You can control cookies through your browser settings. Disabling certain cookies may affect Service functionality.

Do Not Track: We currently do not respond to "Do Not Track" signals as there is no industry standard for compliance.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with appropriate security requirements
• Transfers to countries with adequate data protection (as determined by relevant authorities)

10.1 We are not the original controller of third-party data displayed in search results. This data originates from public sources, data breaches, and other publicly accessible information.

10.2 If you believe your personal information appears in our database and you wish to request removal, please contact us with verification of your identity. We will process legitimate removal requests in accordance with applicable law.

10.3 Users are responsible for using third-party data in compliance with applicable laws and our Terms of Service.

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending an email notification for significant changes

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 days.