Privacy Policy

Information you provide. When you contact us through our website, request a security assessment, or engage our services, we collect information you voluntarily provide — including your name, email address, company name, phone number, and any details you share about your security environment.

Service telemetry. For active ARIA clients, our platform collects security telemetry from monitored systems. This includes endpoint process and network events, authentication and access logs, email metadata (headers, sender/recipient information, delivery paths), and cloud application activity logs. This data is used exclusively to detect threats and deliver the managed SOC service.

Website usage data. We collect standard server log information when you visit our website, including IP address, browser type, pages visited, and referral source. This information is used to maintain and improve the website.

We use the information we collect to:

• Respond to inquiries, sales requests, and support tickets
• Deliver, operate, and improve the ARIA managed SOC service
• Detect security threats and protect our clients' environments
• Generate compliance reports and security documentation for clients
• Send service-related communications (alerts, reports, account notices)
• Comply with legal obligations and respond to lawful requests

We do not sell your personal information. We do not use your information for advertising targeting or share it with third parties for marketing purposes.

We implement administrative, technical, and physical safeguards designed to protect the information we collect against unauthorized access, disclosure, alteration, or destruction.

Specific controls include:

• Encryption of data at rest (AES-256) and in transit (TLS 1.3)
• Access restricted to authorized personnel on a need-to-know basis
• Multi-factor authentication required for all system access
• Client security telemetry stored in logically isolated tenant environments
• Security controls aligned with the NIST Cybersecurity Framework
• Regular internal security reviews and vulnerability assessments

No security system is impenetrable. If we become aware of a security breach affecting your information, we will notify you as required by applicable law.

For clients who are HIPAA covered entities or business associates, SeenProtect acts as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We execute a Business Associate Agreement (BAA) with all HIPAA-covered clients at no additional cost.

Security telemetry collected from HIPAA-covered clients that may include or relate to electronic Protected Health Information (ePHI) is handled in accordance with our BAA and the HIPAA Security Rule. We do not use ePHI for any purpose outside of providing the contracted security monitoring service.

We use a limited set of third-party services to operate our website and deliver our service:

• Vercel — website hosting and deployment. See vercel.com/legal/privacy-policy.

These providers are bound by contractual obligations to protect any information shared with them and are prohibited from using it for their own commercial purposes.

Our website uses essential cookies required for basic site functionality. We do not use third-party advertising cookies or cross-site tracking technologies. You may disable cookies in your browser settings; doing so may affect certain website functionality.

We retain information for the following periods:

• Prospect and contact data: Retained until you request deletion, or three years after last contact, whichever comes first.
• Client security telemetry: Retained for a minimum of 12 months from collection. Enterprise plans support longer retention periods as configured.
• Post-contract: Upon termination of service, client data is deleted or returned within 90 days per the terms of the service agreement.

Depending on your location, you may have rights with respect to your personal information, including the right to access, correct, delete, or receive a copy of data we hold about you. Arizona residents may have additional rights under applicable state law.

To exercise any of these rights, or to ask questions about our data practices, contact us at hello@seenprotect.com. We will respond to verifiable requests within the timeframe required by applicable law.

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. Material changes will be communicated to active clients by email. The “Last updated” date at the top of this page reflects when this policy was last revised. Continued use of our website or services after the effective date of a revised policy constitutes your acceptance of the changes.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: