Soteria Privacy Policy

If you'd like to view and/or download this document as a pdf, click here

Owner and Data Controller

Soteria LLC
4401 Leeds Ave
North Charleston, SC 29405
Owner contact email: [email protected]
Soteria, we, and us refers to Soteria LLC.

Soteria's mission is to leverage our cybersecurity knowledge and expertise to provide safe passage to our partners on their digital journeys. Our mission requires Soteria to collect and process data. Ensuring your data is used only in a manner consistent with your expectations is our responsibility.

This Privacy Policy describes how we collect, use, and disclose information you provide to us, including personal information, by which we mean information that may allow us to determine your identity when you engage with us. For example, we may receive your information when you use our websites, products, or services or otherwise interact with us. In addition, this Privacy Policy covers the information we may collect indirectly.

This Privacy Policy also describes the choices available to you regarding our use of your personal information and how you can access and update this information. We encourage you to read this Privacy Policy carefully when providing information to us through our websites, products, and services. You understand that by using our websites, products, and services, you are accepting our practices as described in this Privacy Policy.

Types of Information we collect

Information you provide directly to us

Among the types of information Soteria collects, by itself or through third parties, may include, but is not limited to, email address, first name, last name, phone number, company name, Trackers, and Usage Data.
Personal information may be directly provided by you, or, in cases of Trackers and Usage Data, collected automatically when you use Soteria products and services.
Any use of Cookies - or of other tracking tools — by Soteria products and services or by third-party services used by Soteria products and services serves the purpose of providing the service required by you, in addition to any other purposes described in this policy and in the Cookie Policy.

Information we collect to deliver and improve our solutions and services

In order to provide our solutions and services, we collect certain information automatically. This also helps us to ensure that our solutions and services are operating correctly. The types of information we collect include:

• Device and network data
• User and system behavior
• Application logs
• Application logs
• Security configuration data
• Organizational information
• Other relevant machine data

We also collect information about the Soteria products and services that you use and how you use them, such as how often you access our products and which features you use most frequently. We collect this information to improve our services and solutions and your experience with them. For example, we may use this information to reach out to you if you seem “stuck” on a certain process within the solution, to make our solutions more intuitive, or to enhance the solution's most popular features.

Information from third-parties

We receive various types of information from third-parties on occasions, such as when we jointly offer services or sponsor events. We also collect data from third-party security providers and online databases in connection with our research activities that relate to active or historic threats, vulnerabilities, and risks around the world. This can include data like domain names, IP addresses, email accounts, and usernames that are associated with security risks (for example, known compromised accounts and usernames), and we use this information to enhance the security services and solutions we provide to you. Additionally, we also collect certain information from publicly available third party sources, including the dark web, in connection with our research activities, solutions, and services, in particular to identify and help our customers protect against the likes of historic and/or future security threats, vulnerabilities, and risks.This information can include the likes of domain names, IP addresses, email addresses, and usernames and any other data that might be associated with the applicable security risks of issues identified (for example, known compromised accounts and usernames).

Using the information we collect

The information concerning you is collected to allow Soteria to provide its products and services, communicate with you, comply with its legal obligations, respond to law enforcement requests, protect its rights and interests (or those of its Users or third parties), and detect any malicious or fraudulent activity

Deliver and improve our products and services

We are able to deliver our solutions and services, understand the behavior of threat actors, and better help our customers keep their environments safe by using the information we collect. In general, we process our customers' information to deliver our offerings on their behalf. Although we may collect the information listed above, we do not access information that we process on our customer's behalf, such as user, network, vulnerability, incident, or asset information, unless our customers have requested we do so to investigate issues with our solution or carry out a service.
Soteria utilizes Google Analytics, a web analysis service provided by Google LLC (“Google”), on our marketing website hosted at https://soteria.io. Google utilizes the Data collected to track and examine the use of this site, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network. Soteria uses the Data to analyze traffic patterns on our marketing website to understand the impact of our marketing efforts and to inform decisions made by our marketing team.

Contacting you

By using our products and services, registering for mailing lists or newsletters, filling out forms on our website, and other interactions can cause your email address and other information to be added to our contact lists. Individuals on our contact lists may receive email messages containing information of commercial or promotional nature concerning Soteria products and services.
By providing your contact information to Soteria in a variety of ways, you authorize Soteria to use these details to reply to requests for information, quotes or other kinds of requests from you.

Analytics and research

The vast majority of the data we collect through our research initiatives is data that is publicly available or is anonymized information gathered through our products and services. It is collected to enrich the security community, and foster secure adoption of technology for our customers. For example, one of our research initiatives uses the metadata from SaaS product configuration scans to identify common misconfigurations in popular enterprise, critical systems. This aggregated metadata is shared with the security community in various ways to educate and improve security postures for a broad variety of organizations.

Processing the information we collect

Methods of processing

Soteria takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to Soteria, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of Soteria products and services (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by Soteria. The updated list of these parties may be requested from Soteria at any time.

Place of processing

The Data is processed at Soteria's operating offices and in any other places where the parties involved in the processing are located. Depending on your location, data transfers may involve transferring your Data to a country other than your own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of personal information.

How we share the information we collect

With third-party vendors, consultants, service providers, or other business partners

Some third parties provide services on our behalf and may require access to your information to carry out that work, including billing, customer support, etc. These service providers are authorized to use your information only as necessary to provide the services and solutions in scope and are subject to strict contractual controls to protect the confidentiality and security of your information.

California Consumer Privacy Act

We do not sell our customers' personal information (as that term is defined in the California Consumer Privacy Act) and we will not sell such personal information without providing any required notice and/or right to opt-out of such sale.

Retention time

Unless specified otherwise in this document, personal information shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation, an order of an authority, or based on the Users' consent. When we have no ongoing legitimate business reason to process your information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your information and isolate it from any further processing until deletion is possible.

Legal basis of processing

Soteria may process personal information relating to Users if one of the following applies:

• Users have given their consent for one or more specific purposes.
• provision of Data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof;
• processing is necessary for compliance with a legal obligation to which Soteria is subject;
• processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in Soteria;
• processing is necessary for the purposes of the legitimate interests pursued by Soteria or by a third party.

In any case, Soteria will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

The rights of Users based on the General Data Protection Regulation (GDPR)

Users may exercise certain rights regarding their Data processed by Soteria.
In particular, Users have the right to do the following, to the extent permitted by law:

• Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their personal information.
• Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.
• Access their Data. Users have the right to learn if Data is being processed by Soteria, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
• Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
• Restrict the processing of their Data. Users have the right to restrict the processing of their Data. In this case, Soteria will not process their Data for any purpose other than storing it.
• Have their personal information deleted or otherwise removed. Users have the right to obtain the erasure of their Data from Soteria.
• Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.
• Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Users are also entitled to learn about the legal basis for Data transfers abroad, including to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by Soteria to safeguard their Data.

Details about the right to object to processing

Where personal information is processed for a public interest, in the exercise of an official authority vested in Soteria or for the purposes of the legitimate interests pursued by Soteria, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their personal information be processed for direct marketing purposes, they can object to that processing at any time, free of charge and without providing any justification. Where you object to processing for direct marketing purposes, the personal information will no longer be processed for such purposes. To learn whether Soteria is processing personal information for direct marketing purposes, Users may refer to the relevant sections of this document.

How to exercise these rights

Any requests to exercise User rights can be directed to Soteria through the contact details provided in this document. Such requests are free of charge and will be answered by Soteria as early as possible and within one month, providing Users with the information required by law. Any rectification or erasure of personal information or restriction of processing will be communicated by Soteria to each recipient, if any, to whom the personal information has been disclosed unless this proves impossible or involves disproportionate effort. At the Users' request, Soteria will inform them about those recipients.

Additional information about Data collection and processing

Cookie Policy

Soteria websites use Trackers. To learn more, Users may consult the Cookie Policy.

Legal action

Your personal information may be used for legal purposes by Soteria in Court or in the stages leading to possible legal action arising from improper use of Soteria products and services.
You declare to be aware that Soteria may be required to reveal personal information upon request of public authorities.

Additional information about User's personal information

In addition to the information contained in this privacy policy, Soteria products and services may provide you with additional and contextual information concerning particular services or the collection and processing of personal information upon request.

System logs and maintenance

For operation and maintenance purposes, Soteria products and services and any third-party services may collect files that record interaction with Soteria products and services (System logs) or use other personal information (such as the IP Address) for this purpose.

Information not contained in this policy

More details concerning the collection or processing of personal information may be requested from Soteria at any time. Please see the contact information at the beginning of this document.

Changes to this privacy policy

Soteria reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within Soteria websites and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to Soteria. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.
Should the changes affect processing activities performed on the basis of your consent, Soteria shall collect new consent from you, where required.

Definitions and legal references

Personal Data (or Data or Information)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

Usage Data
Information collected automatically through Soteria websites, products, and services (or third-party services employed in Soteria websites, products, and services), which can include: the IP addresses or domain names of the computers utilized by the Users who use Soteria websites, products, and services, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

User
The individual using Soteria websites, products, and services who, unless otherwise specified, coincides with the Data Subject.

Data Subject
The natural person to whom the Personal Data refers.

Data Processor (or Processor)
The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of Soteria websites, products, and services. The Data Controller, unless otherwise specified, is the Soteria.

European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

Cookie
Cookies are Trackers consisting of small sets of data stored in the User's browser.

Tracker
Tracker indicates any technology - e.g Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of Users, for example by accessing or storing information on the User's device.

---

Latest update: October 2, 2023