Privacy Policy

1.1 Account Information

When creating your account, we collect:

• Full name and contact information (professional email address)
• Company information (name, size, industry sector)
• Billing and payment information
• Login credentials (username, encrypted password)

1.2 System Monitoring Data

To provide our EDR protection services, we collect and analyze:

• System process metadata (name, PID, execution path, timestamp)
• Network activities (incoming/outgoing connections, IP addresses, ports)
• File and system registry modifications
• Security events and alerts generated by our system
• File analysis results and detected suspicious behaviors

Important: We do NOT collect the content of your personal files, your passwords, your sensitive financial data, or the content of your communications. We only analyze metadata and behaviors necessary for threat detection.

1.3 Usage Data

We collect information about your use of the Service:

• Access and authentication logs
• Interactions with the user interface and AI advisor
• Configuration preferences and settings
• Reports and alerts viewed

1.4 Technical Data

• IP address and approximate location information
• Operating system type and version
• Hardware information (processor, memory, disk)
• Installed EDR agent version
• Cookies and similar tracking technologies

We use your information to:

• Provide and improve the Service: Real-time monitoring, threat detection, report generation, and AI advisor operation
• Security and fraud prevention: Detection and prevention of malicious activities, protection of your system and our infrastructure
• Communication: Sending security alerts, important notifications, and responses to your support requests
• Billing and account management: Payment processing, subscription management, and account administration
• Legal compliance: Compliance with legal and regulatory obligations, response to legitimate judicial requests
• AI improvement: Training and improvement of our threat detection AI models (with data anonymization)

We never sell your personal data. We may share your information only in the following cases:

• Service providers: With trusted third-party providers who help us operate the Service (hosting, payment, support), under strict confidentiality agreements
• Legal obligations: When required by law, court order, or legitimate government request
• Protection of our rights: To protect our rights, property, security, or that of our users
• With your consent: In any other case, only with your explicit consent

We implement robust technical and organizational security measures to protect your data:

• Encryption: Encryption in transit (TLS 1.3) and at rest (AES-256) for all sensitive data
• Restricted access: Data access limited to authorized employees requiring this information for their functions
• Continuous monitoring: 24/7 monitoring of our systems to detect and prevent unauthorized access
• Strong authentication: Multi-factor authentication for administrative access
• Regular audits: Penetration testing and periodic security audits
• Secure backups: Regular backups with geographic replication

Despite our efforts, no system is completely secure. We cannot guarantee absolute security, but we commit to promptly notifying affected users in case of data breach in accordance with applicable regulations.

In accordance with GDPR and data protection laws, you have the following rights:

• Right of access: Obtain a copy of your personal data that we hold
• Right to rectification: Correct your inaccurate or incomplete data
• Right to erasure: Request deletion of your data under certain circumstances
• Right to portability: Receive your data in a structured and commonly used format
• Right to object: Object to the processing of your data for certain purposes
• Right to restriction: Request limitation of the processing of your data
• Right to withdraw consent: Withdraw your consent at any time when processing is based on consent

To exercise these rights, contact us at privacy@kerbes.us. We will respond to your request within one month.