Privacy Policy

At CNSEC AB ("CNSEC", "we", "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud security platforms and services, including CSPM and Certova.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, company name, job title, phone number
• Payment Information: Billing details processed securely through third-party payment processors
• Cloud Infrastructure Data: Information about your cloud resources, configurations, and security findings
• Communications: Content of messages you send us through contact forms, support tickets, or email

1.2 Information Automatically Collected

• Usage Data: Pages visited, features used, time spent on platform
• Technical Data: IP address, browser type, device information, operating system
• Analytics Data: Performance metrics, error logs

2. How We Use Your Information

• Provide, operate, and maintain our security platforms
• Analyze your cloud infrastructure for security vulnerabilities and compliance
• Improve, personalize, and expand our services
• Communicate with you about your account, updates, and security alerts
• Process your transactions and billing
• Send you marketing communications (with your consent)
• Detect, prevent, and address technical issues and security incidents
• Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We may share your information with:

• Service Providers: Third-party vendors who perform services on our behalf (cloud hosting, payment processing, analytics)
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Legal Requirements: When required by law or to protect our rights and safety
• With Your Consent: When you explicitly authorize us to share your information

4. Data Security

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Multi-factor authentication for account access
• Role-based access control
• Regular security audits
• Data isolation and multi-tenancy protections
• EU-hosted infrastructure by default

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services. When you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal or compliance purposes.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a structured format
• Opt-Out: Unsubscribe from marketing communications
• Object: Object to processing of your personal information

To exercise these rights, contact us at privacy@cnsec.io

7. GDPR Compliance

As a Swedish company, we are fully committed to GDPR compliance. We process your data under the following legal bases:

• Contract Performance: To provide services under our agreement with you
• Legitimate Interests: To improve our platform and prevent fraud
• Consent: For marketing communications (you may withdraw at any time)
• Legal Obligation: To comply with applicable laws

8. International Data Transfers

Your information is primarily processed within the European Economic Area (EEA). Where transfers outside the EEA are necessary, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs).

9. Cookies

We use essential cookies to maintain your session and preferences. We do not use third-party tracking cookies without your consent.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our platform.

11. Contact Us

• Email: privacy@cnsec.io
• General: hello@cnsec.io