Aegis Sentinel

Privacy Policy

 

Privacy Policy – Aegis Technologies Inc.

Aegis Sentinel® Privacy Policy

Last Updated: December 7, 2025

Introduction

Aegis Technologies Inc., a Delaware corporation (“Aegis,” “we,” “us,” or “our”), is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Aegis Sentinel® cybersecurity platform and related services (the “Service”).

This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Connecticut Data Privacy Act (CTDPA), Delaware Personal Data Privacy Act (DPDPA), and other applicable data protection laws across all U.S. states and territories.

Key Commitment: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We honor Global Privacy Control (GPC) signals. We provide transparent AI processing with opt-out capabilities.

1. Information We Collect

1.1 Information You Provide Directly

Account Information:

  • Name, email address, and phone number
  • Company name, business address, and job title
  • Billing information (credit card details, billing address) – processed securely through third-party payment processors
  • Account credentials (username, password – stored using industry-standard encryption)

1.2 Information Collected Automatically

Service Usage Data:

  • Log data (IP addresses, browser type, operating system, timestamps)
  • Device information (device identifiers, hardware model, operating system version)
  • Usage patterns (features accessed, time spent, actions taken, API calls)
  • Performance data (errors, crashes, response times, system metrics)

Network and Device Data (Customer Environment):

  • Network traffic metadata and flow data (source/destination IPs, ports, protocols)
  • Device identifiers, characteristics, and inventory information
  • Security event logs, alerts, and threat detection data
  • Vulnerability assessments and security posture metrics

1.3 Sensitive Personal Information

Under applicable privacy laws, certain categories of personal information are classified as “sensitive.” We do not intentionally collect sensitive personal information (such as precise geolocation, health information, Social Security numbers, or government-issued identification) through normal use of the Service. If network traffic monitored by the Service incidentally contains sensitive information, such data is processed only for security monitoring purposes and is subject to the same protections as other personal information.

WHERE REQUIRED BY LAW (CALIFORNIA, CONNECTICUT, DELAWARE, AND OTHER APPLICABLE JURISDICTIONS), WE OBTAIN YOUR EXPLICIT CONSENT BEFORE USING SENSITIVE PERSONAL INFORMATION FOR PURPOSES BEYOND SECURITY MONITORING.

2. How We Use Your Information

2.1 Service Provision and AI-Powered Analysis

We use your information for:

  • Delivering the Aegis Sentinel® platform and all features
  • Processing and analyzing network security data using artificial intelligence and machine learning systems
  • Training, refining, and improving AI threat detection models and algorithms using aggregated data
  • Generating security alerts, risk scores, and automated recommendations
  • Conducting research and analytics to enhance threat detection accuracy
  • Processing payments and managing your account
  • Providing customer support and responding to inquiries
  • Sending service-related communications (account notifications, security alerts, product updates)
  • Complying with legal obligations and enforcing our Terms of Service

2.2 AI/ML Transparency Notice

IMPORTANT DISCLOSURE ABOUT AUTOMATED PROCESSING:
Our Service uses automated processing and AI-driven decision-making for threat detection and security scoring. These AI systems analyze network traffic patterns, device behaviors, and threat indicators to generate security alerts and risk assessments. While our AI models are continuously improved, they may produce false positives (identifying benign activity as threats) or false negatives (missing actual threats). You retain the ability to review all AI-generated outputs and make final security decisions independently.

2.3 Opt-Out of AI Model Training

You may opt out of having your Customer Data used to train and improve our AI models by contacting privacy@aegissentinel.io or submitting a request at https://aegissentinel.io/privacy-request. Please note that opting out may affect the accuracy and effectiveness of threat detection for your account, as the AI models will not be able to learn from your specific environment and threat patterns.

3. Legal Bases for Processing (GDPR)

For individuals in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on the following legal grounds:

  • Performance of Contract: Processing necessary to provide the Service, process payments, and deliver customer support
  • Legitimate Interests: Improving the Service, ensuring security, preventing fraud, conducting analytics, and marketing (where not requiring consent), balanced against your data protection rights
  • Legal Obligation: Complying with tax, accounting, and legal requirements; responding to valid legal requests
  • Consent: Where required by law for marketing communications, certain cookies, and processing sensitive personal data. You may withdraw consent at any time.

4. Data Sharing and Disclosure

4.1 We Do Not Sell Personal Information

WE DO NOT SELL YOUR PERSONAL INFORMATION. WE DO NOT SHARE YOUR PERSONAL INFORMATION FOR CROSS-CONTEXT BEHAVIORAL ADVERTISING.

4.2 Service Providers and Business Partners

We may share personal information with trusted third-party service providers who assist us in operating the Service:

  • Cloud Infrastructure Providers: AWS for hosting and data storage
  • Payment Processors: Stripe for payment processing
  • Communication Services: Email delivery and customer support platforms
  • Analytics Providers: For Service improvement and performance monitoring

All service providers are contractually required to protect your information and use it only for the purposes we specify.

4.3 Legal Requirements and Business Transfers

We may disclose personal information when required by law, court order, or government request, or to protect our rights, property, or safety. In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity, subject to this Privacy Policy.

5. Data Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, and reporting requirements.

Data Category Retention Period Rationale
Account Information Duration of account + 3 years Legal and business requirements
Security Logs 2 years Security analysis and compliance
Network Traffic Data 90 days (default) Threat detection and analysis
Anonymized Analytics Indefinitely Research and improvement

Upon account termination, Customer Data is retained for 90 days to allow data export, then securely deleted unless longer retention is required by law or legitimate business purposes (such as resolving disputes or complying with legal obligations).

6. Your Privacy Rights

6.1 Universal Rights (All Jurisdictions)

  • Right to Access: Request a copy of personal information we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal information (subject to legal exceptions)
  • Right to Object: Object to processing for direct marketing or based on legitimate interests
  • Right to Lodge a Complaint: File a complaint with your data protection supervisory authority

6.2 California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Categories and specific pieces of personal information collected, sources, business purposes, and categories of third parties with whom we share
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Delete: Request deletion of personal information (subject to exceptions)
  • Right to Opt-Out: Opt out of the sale or sharing of personal information
  • Right to Limit Use of Sensitive Personal Information: Limit use of sensitive personal information to necessary purposes
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights
  • Authorized Agent: Designate an authorized agent to submit requests on your behalf

DO NOT SELL OR SHARE MY PERSONAL INFORMATION
We do not sell your personal information and do not share it for cross-context behavioral advertising. However, California residents may exercise their right to opt out of any future sales or sharing by contacting privacy@aegissentinel.io or submitting a request at https://aegissentinel.io/privacy-request.

6.3 Connecticut Privacy Rights (CTDPA)

Connecticut residents have rights under the Connecticut Data Privacy Act (CTDPA) effective July 1, 2023:

  • Right to confirm whether we process your personal data and access such data
  • Right to correct inaccuracies in your personal data
  • Right to delete personal data
  • Right to obtain a copy of personal data in a portable format
  • Right to opt out of targeted advertising, sale of personal data, and profiling
  • Right to appeal our decision regarding your privacy rights request

Appeals Process: If we deny your request, you may appeal by contacting appeals@aegissentinel.io within a reasonable period. We will respond within 45 days. If we deny your appeal, you may contact the Connecticut Attorney General at https://portal.ct.gov/AG.

6.4 Delaware Privacy Rights (DPDPA)

Delaware residents have rights under the Delaware Personal Data Privacy Act (DPDPA) effective January 1, 2025:

Delaware residents have similar rights to those described for Connecticut residents above. DPDPA has a lower threshold (35,000 consumers) and includes expanded sensitive data definitions covering pregnancy status, transgender/nonbinary status, and citizenship/immigration status. To exercise your rights, contact privacy@aegissentinel.io or submit a request at https://aegissentinel.io/privacy-request.

6.5 Other State Privacy Rights

Residents of the following states have similar privacy rights under their respective state laws: Virginia, Colorado, Utah, Montana, Oregon, Texas, Iowa, Indiana, Tennessee, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey, Kentucky, and Rhode Island. Contact privacy@aegissentinel.io or submit a request at https://aegissentinel.io/privacy-request to exercise these rights.

Note for Texas and Nebraska Residents: Your state privacy laws apply to all businesses conducting business in your state, regardless of business size. We comply with all applicable requirements.

6.6 Global Privacy Control (GPC)

WE HONOR GLOBAL PRIVACY CONTROL (GPC) SIGNALS AS REQUIRED BY CONNECTICUT, CALIFORNIA, COLORADO, AND OTHER APPLICABLE JURISDICTIONS.

If your browser sends a GPC signal, we will treat it as a request to opt out of the sale or sharing of your personal information and targeted advertising. To learn more about GPC and how to enable it, visit https://globalprivacycontrol.org.

7. Security Measures

We implement comprehensive security measures to protect your personal information:

  • Encryption: AES-256 encryption at rest, TLS 1.3 encryption in transit
  • Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA)
  • Network Security: Firewalls, intrusion detection systems, network segmentation
  • Security Monitoring: 24/7 security monitoring, incident response procedures
  • Compliance Certifications: SOC 2 Type II certification (in progress), NIST Cybersecurity Framework compliance
  • Regular Assessments: Vulnerability scans, penetration testing, security audits

For detailed information about our security practices, visit https://aegissentinel.io/security.

8. International Data Transfers

Aegis Technologies Inc. is incorporated in Delaware with operations in Connecticut, United States. Your information may be transferred to, stored, and processed in the United States or other countries where we or our service providers operate.

8.1 EU-U.S. Data Privacy Framework

Aegis Technologies Inc. is evaluating certification under the EU-U.S. Data Privacy Framework (DPF) as approved by the European Commission. For current certification status, please contact privacy@aegissentinel.io or visit www.dataprivacyframework.gov.

8.2 Standard Contractual Clauses

For transfers of personal data from the EEA, UK, or Switzerland to the United States where DPF certification is not in place, we use Standard Contractual Clauses (SCCs) approved by the European Commission, along with supplementary measures including encryption, access controls, and contractual commitments to resist overbroad government requests.

8.3 Transfer Impact Assessments

We have conducted Transfer Impact Assessments (TIAs) for international data transfers as required by Schrems II and EU data protection authorities. Copies of our TIA methodology and conclusions are available to customers upon request by contacting dpo@aegissentinel.io.

9. Children’s Privacy

Aegis Sentinel® is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact privacy@aegissentinel.io.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience with the Service. For detailed information about the cookies we use, your cookie preferences, and how to opt out, please review our Cookie Policy at https://aegissentinel.io/cookies.

  • Essential Cookies: Required for the Service to function properly (authentication, security, session management)
  • Analytics Cookies: Help us understand how you use the Service and improve performance (with your consent where required)
  • Marketing Cookies: We do not currently use marketing or advertising cookies

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Privacy Policy at https://aegissentinel.io/privacy
  • Updating the “Last Updated” date at the top of this Privacy Policy
  • Sending an email notification to your registered account email at least 30 days before the effective date of material changes

Your continued use of the Service after the effective date of changes constitutes your acceptance of the revised Privacy Policy. If you do not agree to the changes, you must discontinue use of the Service.

12. Contact Us

To exercise your privacy rights or for questions about this Privacy Policy:

General Privacy Inquiries:
Email: privacy@aegissentinel.io
Online Form: https://aegissentinel.io/privacy-request

Data Protection Officer:
Email: dpo@aegissentinel.io

Appeals (Connecticut Residents):
Email: appeals@aegissentinel.io

California Residents (Toll-Free):
Phone: (860) 326-4095

Mailing Address:
Aegis Technologies Inc.
A Delaware Corporation
Attn: Privacy Team
24 School St.
East Windsor, Connecticut 06088

Website: https://aegissentinel.io
Privacy Portal: https://aegissentinel.io/privacy

© 2025 Aegis Technologies Inc. All rights reserved.