Privacy Policy
Last updated: March 2026
Effective date: March 2026
Version: 2.0
1. Introduction
Intelsieve, LLC ("Intelsieve", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our threat intelligence platform, APIs, and related services (collectively, the "Services").
This Privacy Policy applies to all users of our Services, including visitors to our website, registered users, and API consumers. By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller Information
Intelsieve, LLC is the data controller responsible for your personal data.
- Company: Intelsieve, LLC
- Jurisdiction: State of Wyoming, United States
- Privacy Contact: privacy@intelsieve.com
- Data Protection Inquiries: dpo@intelsieve.com
For users in the European Economic Area (EEA), our EU representative can be contacted at privacy@intelsieve.com.
3. Information We Collect
3.1 Information You Provide Directly
- Account information: Name, email address, company name, job title, and phone number
- Billing information: Payment card details and billing address (processed securely via Stripe; we do not store full card numbers)
- Monitoring configuration: Keywords, domains, IP addresses, email addresses, and executive names you choose to monitor
- Support communications: Messages, attachments, and metadata from support requests
- Legal agreement acceptance: Timestamps, IP addresses, and versions of agreements you accept
3.2 Information We Collect Automatically
- Usage data: Features used, search queries performed, pages viewed, and interaction patterns
- Device information: Browser type and version, operating system, screen resolution, and device identifiers
- Log data: IP addresses, access timestamps, referring URLs, HTTP request methods, and response codes
- Cookie data: Essential session cookies and optional analytics cookies (see our Cookie Policy)
3.3 Information from Third Parties
- Authentication providers: We use WorkOS for authentication and may receive profile information from your identity provider (SSO)
- Payment processors: Stripe provides us with limited payment status information (no full card numbers)
- Threat intelligence sources: We aggregate data from publicly available sources, dark web monitoring services, and commercial threat feeds; this data may include references to your organization's domains or assets
4. Legal Basis for Processing (GDPR)
For users in the EEA, UK, and Switzerland, we process personal data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and management | Performance of contract (Art. 6(1)(b)) |
| Providing threat intelligence services | Performance of contract (Art. 6(1)(b)) |
| Payment processing | Performance of contract (Art. 6(1)(b)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Service improvement and analytics | Legitimate interest (Art. 6(1)(f)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
| Cookie-based analytics | Consent (Art. 6(1)(a)) |
5. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain our Services
- Process your subscriptions and transactions
- Send you threat alerts, notifications, and service communications
- Monitor your configured assets for security threats
- Improve our platform, develop new features, and conduct internal analytics
- Respond to your support requests and communications
- Enforce our Terms of Service and Acceptable Use Policy
- Comply with legal obligations, including responding to lawful requests from authorities
- Detect, prevent, and address technical issues, fraud, and abuse
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after deletion |
| Billing records | 7 years (tax/accounting requirements) |
| Threat intelligence data | Per your plan's retention period (7 days to unlimited) |
| Search query logs | 90 days |
| Legal agreement acceptance records | Duration of account + 7 years |
| Support communications | 3 years after resolution |
| Server access logs | 90 days |
After the retention period expires, data is securely deleted or anonymized. You may request earlier deletion subject to our legal obligations (see Section 10).
7. Data Security
We implement industry-standard security measures to protect your data:
- Encryption at rest: AES-256 encryption for all stored data
- Encryption in transit: TLS 1.3 for all data transmissions
- Multi-tenant isolation: Strict row-level data isolation between organizations
- Access controls: Role-based access control (RBAC) with principle of least privilege
- Regular security audits: Periodic internal and third-party security assessments
- SOC 2 Type I compliance: In progress
- Incident response: Documented incident response procedures with defined notification timelines
8. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information.
We may share data with the following categories of recipients:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Cloud infrastructure providers | Hosting and storage | DPA, SOC 2 certified |
| Stripe | Payment processing | PCI DSS Level 1 |
| WorkOS | Authentication | SOC 2 Type II |
| Analytics providers | Service improvement | Anonymized/aggregated data only |
| Legal authorities | When required by law, subpoena, or court order | Minimum disclosure necessary |
| Business partners | Only with your explicit consent | DPA in place |
In the event of a merger, acquisition, or asset sale, your personal data may be transferred to the acquiring entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.
8.1 Sub-processors
We maintain a list of sub-processors that process personal data on our behalf. This list is available upon request by contacting privacy@intelsieve.com. We will notify you of any new sub-processors at least 30 days before they begin processing your data.
9. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:
- We will notify affected users without undue delay, and in any event within 72 hours of becoming aware of the breach (as required by GDPR)
- We will notify relevant supervisory authorities where required by applicable law
- Notifications will include: the nature of the breach, categories of data affected, likely consequences, and measures taken to address the breach
- For U.S. users, we comply with state-specific breach notification requirements
10. Your Rights
Depending on your location, you may have the following rights:
10.1 All Users
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data (subject to legal retention requirements)
- Data portability: Request your data in a machine-readable format (JSON)
- Withdraw consent: Withdraw consent for optional processing at any time
10.2 EEA, UK, and Swiss Users (GDPR)
In addition to the above:
- Restriction: Request restriction of processing
- Object: Object to processing based on legitimate interests
- Automated decisions: Not be subject to decisions based solely on automated processing
- Complaint: Lodge a complaint with your local supervisory authority
10.3 California Residents (CCPA/CPRA)
- Right to Know: Request disclosure of categories and specific pieces of personal information collected
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: We do not sell personal information; however, you may opt out of any future sharing by contacting us
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
- Categories of PI collected: Identifiers, commercial information, internet activity, professional information
- Categories of PI disclosed for business purposes: Identifiers and commercial information (to service providers only)
Do Not Sell or Share My Personal Information: Intelsieve does not sell or share (as defined by the CCPA/CPRA) your personal information.
To exercise any of these rights, contact us at privacy@intelsieve.com. We will respond within 30 days (or within the timeframe required by applicable law).
11. International Data Transfers
We offer data residency options in the United States and European Union. Your data is processed in the region you select during account setup.
For transfers of personal data outside the EEA:
- We rely on Standard Contractual Clauses (SCCs) approved by the European Commission
- We conduct Transfer Impact Assessments where required
- We implement supplementary measures as necessary to ensure adequate protection
12. Children's Privacy
Our Services are not directed to individuals under the age of 16 (or 13 in jurisdictions where that is the applicable age). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@intelsieve.com.
13. Automated Decision-Making
We use automated systems to:
- Correlate threat intelligence data to identify potential security risks
- Score and prioritize security findings based on severity
- Detect anomalous patterns in monitored assets
These automated processes assist in delivering our Services but do not make decisions that produce legal effects or similarly significant effects on individuals. If you have concerns about automated processing, contact us at privacy@intelsieve.com.
14. Cookies and Tracking Technologies
We use cookies and similar technologies as described in our Cookie Policy. In summary:
- Essential cookies: Required for platform operation (session management, authentication)
- Analytics cookies: Optional, used to improve our Services (require consent where applicable)
- No advertising cookies: We do not use advertising or tracking cookies
You can manage cookie preferences through your browser settings or our cookie consent banner.
15. Third-Party Links
Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with any personal information.
16. Content Removal
If you believe data accessible through our Services belongs to you and you would like it removed, you may submit a removal request:
Email: takedowns@intelsieve.com
See our Content Removal Policy for the full procedure.
17. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last updated" date at the top of this page
- We will notify you via email and/or through an in-platform notification at least 30 days before the changes take effect
- Continued use of our Services after the effective date constitutes acceptance of the updated policy
- We maintain an archive of previous versions available upon request
18. Contact Us
If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights:
- Privacy inquiries: privacy@intelsieve.com
- Data protection officer: dpo@intelsieve.com
- Content removal requests: takedowns@intelsieve.com
- General legal: legal@intelsieve.com