Privacy Policy

Last Updated: May 30, 2025

Introduction

Welcome to the Intruex App Privacy Policy. Intruex (“we,” “us,” or “our”) is an AI-driven platform used by Security Operation Centers (SOCs), businesses, and enterprises to analyze security events and alerts. We are committed to protecting your privacy and handling all personal information with care. This Privacy Policy describes what information we collect, how we use and protect it, and the rights you have regarding your data. We do not sell or share your data with unauthorized third parties. By using the Intruex app, you agree to the practices described in this policy.

Information We Collect

We collect only the information necessary to provide and improve our services. This includes:

  • User Input: Any data you enter into the Intruex app, such as queries, prompts, feedback, or other content. This may include free-form text or documents you submit for analysis.
  • Personal Identifiers: Information that can identify you or your account. For example, account registration details (name, work email address, job title, username, etc.), and any identifiers you provide when using the app. We may also collect contact information if you communicate with us for support.
  • SIEM Alert Data: Security Information and Event Management (SIEM) alerts and related data from your environment that you send to or integrate with the Intruex app. This can include log details, incident reports, timestamps, IP addresses, user IDs involved in security events, or other security telemetry. This data is collected and stored in our database to provide our services and for model tuning as described below.
  • Optional Enterprise Data: With your explicit consent and agreement, we may collect additional enterprise data from your environment specifically for the purpose of further tuning and optimizing our AI models to your specific needs and threat landscape. The scope and nature of this data will be clearly defined and agreed upon before collection.

We do not intentionally collect sensitive personal data (such as financial information, health information, or data about children) through the Intruex app. The service is intended for enterprise use, and any personal information in the data is generally business-related (e.g. employee or user account information in logs).

How We Use Your Information

Intruex uses the collected information for the following purposes:

  • Providing and Improving the Service: We use your information to operate the app’s core functionalities – for example, analyzing SIEM alerts and user inputs to generate security insights, alerts, or recommendations. We also use data to troubleshoot issues, ensure the service is working correctly, and improve its performance and accuracy over time.
  • AI Model Training: Your SIEM Alert Data, User Input, and any Optional Enterprise Data you provide may be used to train, refine, and enhance our artificial intelligence models and algorithms. Whenever feasible, we remove or anonymize personal identifiers before using data for training to protect individual privacy. This helps Intruex continuously learn and provide better threat detection and analysis. We ensure that any AI model training involving personal data is done in compliance with applicable laws and ethical guidelines.
  • Analytics and Product Development: We analyze usage patterns, trends, and aggregate data to understand how the app is used and to inform our product development. This includes measuring performance, monitoring the efficacy of threat detections, and finding ways to optimize user experience. These analytics may be performed on anonymized or aggregated data (we do not use them to profile individual users for marketing).
  • Communication and Support: We might use contact information (like your email) to send you service-related communications. This can include important updates or alerts about the app, security notifications, responses to support inquiries, and information about new features or improvements. We will not send you marketing emails unrelated to the Intruex service unless you have opted in.
  • Security and Compliance: Information may be used to enhance the security of our services and our customers. For example, we may use certain data to identify and prevent fraudulent behavior, cyber-attacks, or misuse of the app. We also may use personal information as necessary to comply with legal obligations or enforce our terms (see Compliance and Legal Obligations below).

We will not use your personal information for any purpose outside of those outlined in this policy without obtaining your consent. In particular, we do not use your data for third-party advertising purposes.

Data Storage and Security

  • Storage Location: Data that Intruex collects and processes, including SIEM Alert Data, User Input, and Optional Enterprise Data, is stored in a secure cloud database hosted on Amazon Web Services (AWS). All customer data stored on our AWS servers is protected in accordance with AWS’s robust data protection standards, with stringent security measures to ensure compliance. Our servers are typically located in AWS data centers in the United States (or in other regions as required for service delivery or compliance). We maintain contractual agreements with AWS to ensure your data is handled under strict confidentiality and security commitments, meeting the high standards required by applicable data protection laws.
  • Security Measures: We take security seriously and implement industry-standard measures to safeguard your data. These measures include encryption of data in transit (e.g., HTTPS/TLS for data transfer) and at rest in our databases, firewalls and network security controls, access controls and authentication mechanisms, and continuous monitoring for vulnerabilities or unauthorized access. Access to personal data is restricted to authorized personnel with a legitimate need, and those individuals are bound by strict confidentiality obligations. We also periodically review our security practices to adapt to new threats and ensure ongoing protection. However, please be aware that no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information with strong measures, we cannot guarantee absolute security of data at all times. In the event of a data breach affecting your personal information, we will notify you and the appropriate authorities as required by law.
  • Data in Your Environment vs. Data in Intruex Systems: While original raw logs and extensive enterprise datasets may remain primarily within your IT environment, the SIEM alerts and any Optional Enterprise Data you explicitly send to or integrate with Intruex are collected, stored, and processed on our secure systems as described above to enable our analysis and AI model tuning. You retain ownership of your data, and we process it according to this policy and our agreements with you.
  • Data Retention: We retain personal data, including SIEM Alert Data and Optional Enterprise Data stored on our systems, only as long as necessary for the purposes described in this policy, for the duration of your service agreement, or as required by our contractual or legal obligations. In practice, this means we keep your account information while your organization is an active customer and for a reasonable period thereafter to fulfill any post-termination requirements. Data used for analysis and model improvement (such as alert details or input queries) may be stored in our logs or databases for a limited time to support the functionality and enhance our models, but we will not keep it longer than needed for these purposes. When data is no longer required, we will securely delete or anonymize it. We also honor deletion requests (see User Rights and Data Control below). Backup copies may persist for a short period, but are also governed by strict retention and deletion policies.

Data Sharing and Disclosure

We understand the importance of keeping your information private. Intruex does not share your personal data with third parties for their own independent marketing or other purposes. We do not sell your information to data brokers or advertisers. We only disclose your information in a few limited circumstances, described below:

  • Service Providers (Processors): We may share data with trusted third-party service providers that perform services on our behalf, only to the extent necessary to support our operations and provide the app’s functionality. For example, we use AWS to host our databases and cloud infrastructure, and we may use other providers for services like email delivery or customer support. These service providers act under our instructions as “data processors” and are contractually obligated to protect your information. They must implement security measures and confidentiality at least as strict as ours, and they are not permitted to use your data for any purpose other than carrying out the work we have asked them to do. (For instance, AWS will process your stored data only to run our cloud services, in accordance with our agreements and data protection laws, and not for any other purpose.)
  • Legal Compliance: We may disclose personal information if we are required to do so by law or lawful order (for example, in response to a subpoena, court order, or government demand). We will also share information if we believe in good faith that such disclosure is necessary to comply with applicable laws, to fulfill our legal obligations, or to respond to a valid legal process. Additionally, we may disclose data if necessary to investigate fraud, security incidents, or violations of our terms, or to protect the rights, property, and safety of Intruex, our customers, or others. This includes cooperating with law enforcement or regulators regarding security matters and threats.
  • Business Transfers: If Intruex or its parent company undergoes a business transaction such as a merger, acquisition, corporate reorganization, or sale of all or a portion of its assets, your data (as part of the business assets) may be transferred to the acquiring or succeeding entity. In such cases, we will ensure that the new owner will continue to be bound by privacy safeguards consistent with those described in this policy, or we will notify you and obtain consent if required by law.
  • With Your Consent or Instructions: We may share your information with third parties when you explicitly request or consent to such sharing. For example, if you choose to integrate the Intruex app with another tool or service and that integration requires sending certain data to that third party (such as exporting a report you generated to a third-party storage service), we will do so only with your authorization. Likewise, if you ask us to collaborate with a partner or consultant and share data with them, we will share based on your instructions. In any such case, we will make sure you understand what information will be shared and with whom, and we will require the third party to protect that information appropriately.

Outside of the scenarios above, we will not disclose your personal information to any third party. In particular, we do not provide your data to advertisers or unrelated companies for their independent use. If in the future we need to share data for any new purpose, we will update this Privacy Policy and, if legally required, obtain your permission.

User Rights and Data Control

We believe in transparency and giving users control over their own data. Depending on your role (e.g., an individual user, an employee of a customer company) and the laws that apply to your data, you have certain rights regarding the personal information we hold about you. These rights may include:

  • Right to Access: You have the right to request confirmation of whether we are processing personal information about you, and to obtain a copy of that information, as well as supplementary details about how and why it is processed. This is sometimes called a “Data Subject Access Request.” We will provide you with the relevant personal data in a structured, commonly used format.
  • Right to Rectification: If any of your personal information is inaccurate or incomplete, you have the right to request that we correct or update it. We encourage you to keep your account information up-to-date, and you may update certain profile data via the app interface or by contacting us.
  • Right to Deletion: You have the right to request that we delete your personal data from our systems (also known as the “right to be forgotten”). Upon your request, we will erase or anonymize the personal information we hold about you, except for data we are required or permitted to retain by law or for legitimate business purposes (for example, records of transactions, or data needed to prevent fraud or resolve disputes). If data was shared with our service providers, we will instruct them to delete it as well. Note: For SIEM alerts and Optional Enterprise Data stored by Intruex, you can request deletion from our systems. If the original data also resides in your employer’s environment, deletion of those source records may need to be performed by your organization.
  • Right to Data Portability: You have the right to request an export of your personal data in a machine-readable format, so that you can transfer it to another service or keep it for your own records. We will assist in providing your data in a structured, commonly used format (typically JSON or CSV) upon request, covering the information that you have provided to us.
  • Right to Restrict or Object (EU/UK users): If you are in the European Union, United Kingdom, or certain other jurisdictions, you have the right to object to certain processing of your data or request that we restrict processing. For example, you can object to processing that is based on our legitimate interests, including any profiling, and we will evaluate your request. You can also ask us to temporarily limit processing of your personal data (for instance, while we verify an accuracy or objection claim).
  • Right to Withdraw Consent: In cases where we rely on your consent to process personal data (e.g., for the collection of Optional Enterprise Data), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it will not affect processing of data under other legal bases.
  • California Privacy Rights (CCPA/CPRA): If you are a California resident, you are entitled to specific rights under the California Consumer Privacy Act (CCPA) and its amendments (such as CPRA). These include the right to know what personal information we collect, use, and disclose, the right to access the information we hold about you, the right to request deletion of your information, the right to correct inaccurate information, and the right to opt-out of the “sale” or “sharing” of your personal information. Note: As stated, Intruex does not sell personal information, nor do we share it for cross-context behavioral advertising. If that ever changes, we will implement a Do Not Sell/Share mechanism as required by law. California users also have the right not to receive discriminatory treatment for exercising their privacy rights. This Privacy Policy is intended to comply with the CCPA by disclosing our practices; if you have any questions or requests regarding your California rights, please contact us (see Contact Information below).
  • Other Jurisdictions: Similarly, if other privacy laws apply to our processing of your data (such as state laws in Virginia, Colorado, etc., or other country-specific laws), we will honor the equivalent rights provided under those laws. For instance, residents of certain jurisdictions may have rights to appeal a refusal to take action on a rights request, or to lodge a complaint with a regulator – we will inform you of such options if applicable.

Exercising Your Rights: To exercise any of your data rights, please contact us using the information in the Contact Information section. Typically, an administrator of your organization’s Intruex account can also contact us on your behalf. We will verify your identity (or authority, if you are making a request on behalf of someone else) before fulfilling the request, to protect privacy. We will respond to your request within a reasonable timeframe and in accordance with the deadlines set by applicable law (for example, within 30 days for most GDPR requests, with the possibility of a lawful extension). There is no fee for making a request, unless it is excessive or unfounded, in which case we will explain the situation. We are committed to honoring your rights and giving you control. In many cases, you can directly control your data through the app: for example, you may be able to view and export logs or results within the interface, or delete certain items you have uploaded. For anything you cannot do yourself, our team is here to help via the contact methods below. Keep in mind that if you are an end-user of Intruex through an enterprise (for example, you are an employee using Intruex at the direction of your employer), some requests (like deletion or access of SIEM data) may need to be coordinated or authorized by your employer who is the primary account holder. We will assist our enterprise customers in fulfilling individual rights requests as needed, in our role as a data processor.

Compliance and Legal Obligations

Intruex operates in compliance with applicable data protection laws and regulations. We recognize that our customers and users may be in different jurisdictions, and we strive to meet the strictest standards of privacy. Below are key legal frameworks that guide our data practices:

  • General Data Protection Regulation (GDPR): If you are in the European Economic Area (EEA) or the United Kingdom, the GDPR (and UK GDPR) applies to the processing of your personal data. Intruex complies with the GDPR’s requirements for lawful processing, transparency, and individuals’ rights. This means we have a legal basis for processing personal data (for example, processing that is necessary for us to perform our contract with you, to fulfill our legitimate interests in improving our service, or to comply with a legal obligation; in certain cases, we rely on your consent). We also adhere to principles of data minimization, purpose limitation, and security as mandated by GDPR. Importantly, for enterprise usage, Intruex often acts as a data processor on behalf of our customer (the data controller) for any content you input or SIEM alerts we analyze. We will sign Data Processing Agreements (DPAs) with our customers upon request or when required, ensuring that we only process personal data under your instruction and in accordance with Article 28 of the GDPR. For personal data that we control (like account registration info or analytics data), Intruex is the data controller and takes on all corresponding legal obligations. We support GDPR rights (as detailed in User Rights and Data Control) and maintain procedures for data breach notification and Data Protection Impact Assessments (DPIAs) when applicable.
  • California Consumer Privacy Act (CCPA) and US State Laws: For users in California, we adhere to the CCPA (as amended by the CPRA) which grants consumers specific rights over their personal information. Although Intruex provides a B2B service, we acknowledge that personal data (such as employee information) may be covered under these laws. We do not “sell” personal information as defined by the CCPA, and we extend the rights to access, deletion, and correction to California residents. We treat any personal data we handle with the transparency and fairness that these laws require. Similarly, we comply with other state privacy laws (such as Virginia’s CDPA, Colorado’s CPA, etc.) to the extent they apply, affording individuals comparable rights and protections. Where we act as a “service provider” under such laws (processing data on behalf of a business, i.e., our customer), we contractually commit to restrictions on retaining, using, or disclosing personal information except as needed to provide the service.
  • International Data Transfers: Intruex is based in the United States, and the data we collect may be processed and stored on servers in the U.S. or other countries. If you are located outside of the United States, in particular in the EEA or other regions with data protection laws, please note that your personal information may be transferred to a jurisdiction (such as the U.S.) that may not provide the same level of data protection as your home country. In such cases, we take appropriate safeguards to ensure your personal data remains protected. These safeguards include the use of Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers from the EEA/UK to the U.S., and adherence to the requirements of those clauses. We also implement additional technical and organizational measures as needed (for example, encryption and access controls, as described in Data Storage and Security) to protect data during transfer and processing. Our agreements with service providers (like AWS) also incorporate equivalent data transfer protections. This way, we ensure that EU/UK personal data, when transferred internationally, receives a level of protection in line with EU/UK law.
  • Other Regulations: We comply with other relevant legal obligations related to privacy and security. For example, if Intruex processes certain types of data, we abide by sector-specific laws (such as confidentiality of communications, or data breach notification laws). Our platform is not intended for children under 16, and we do not knowingly collect information from children (COPPA, the U.S. Children’s Online Privacy Protection Act, is not applicable to our enterprise-focused service). If we were to engage in automated decision-making that has legal or similarly significant effects on individuals, we would ensure compliance with any legal requirements for fairness and transparency. Additionally, as a company dealing with cybersecurity, we observe applicable export control and surveillance laws where relevant to our operations.

In summary, Intruex is committed to meeting its legal and compliance obligations. We continually monitor the evolving regulatory landscape to ensure that our privacy and security practices remain up-to-date and effective. This includes keeping our staff trained on data protection requirements and, where necessary, consulting with legal experts (or appointing a Data Protection Officer) to oversee compliance efforts. If you have any questions about how a particular law applies to your data, please contact us and we will be happy to provide more information.

Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make significant changes, we will notify you through appropriate channels – for example, by emailing account administrators or by placing a prominent notice within the app or on our website. We will also update the “Last Updated” date at the bottom of this policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Intruex app after any changes to this policy will signify your acknowledgement of the updated terms.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or how Intruex handles your data, please do not hesitate to contact us:

Intruex – Privacy Team
Email: privacy@intruex.com (for general privacy inquiries or to exercise your rights)
Alternate Email: security@intruex.com (for security concerns or to report a vulnerability)
Address: Intruex Inc. 8 The Green STE B, Dover, DE 19901
Data Protection Officer: You can direct inquiries or concerns to our Data Protection Officer at dpo@intruex.com.

We will respond to your inquiries as promptly as possible, generally within a few business days. If you are an EU/UK individual and feel that we have not adequately addressed your privacy concern, you have the right to lodge a complaint with your country’s data protection supervisory authority. For other regions, you may contact your relevant privacy regulator. Of course, we would appreciate the chance to address your concerns first, so please reach out to us with any issues.

Thank you for trusting Intruex with your organization’s security and data. We are dedicated to keeping that trust by safeguarding your privacy every step of the way.