If you'd like to view and/or download this document as a pdf, click here
4401 Leeds Ave
North Charleston, SC 29405
Owner contact email: [email protected]
Soteria, we, and us refers to Soteria LLC.
Soteria's mission is to leverage our cybersecurity knowledge and expertise to provide safe passage to our partners on their digital journeys. Our mission requires Soteria to collect and process data. Ensuring your data is used only in a manner consistent with your expectations is our responsibility.
Among the types of information Soteria collects, by itself or through third parties, may include, but is not limited to, email address, first name, last name, phone number, company name, Trackers, and Usage Data.
Personal information may be directly provided by you, or, in cases of Trackers and Usage Data, collected automatically when you use Soteria products and services.
In order to provide our solutions and services, we collect certain information automatically. This also helps us to ensure that our solutions and services are operating correctly. The types of information we collect include:
We receive various types of information from third-parties on occasions, such as when we jointly offer services or sponsor events. We also collect data from third-party security providers and online databases in connection with our research activities that relate to active or historic threats, vulnerabilities, and risks around the world. This can include data like domain names, IP addresses, email accounts, and usernames that are associated with security risks (for example, known compromised accounts and usernames), and we use this information to enhance the security services and solutions we provide to you. Additionally, we also collect certain information from publicly available third party sources, including the dark web, in connection with our research activities, solutions, and services, in particular to identify and help our customers protect against the likes of historic and/or future security threats, vulnerabilities, and risks.This information can include the likes of domain names, IP addresses, email addresses, and usernames and any other data that might be associated with the applicable security risks of issues identified (for example, known compromised accounts and usernames).
The information concerning you is collected to allow Soteria to provide its products and services, communicate with you, comply with its legal obligations, respond to law enforcement requests, protect its rights and interests (or those of its Users or third parties), and detect any malicious or fraudulent activity
We are able to deliver our solutions and services, understand the behavior of threat actors, and better help our customers keep their environments safe by using the information we collect. In general, we process our customers' information to deliver our offerings on their behalf. Although we may collect the information listed above, we do not access information that we process on our customer's behalf, such as user, network, vulnerability, incident, or asset information, unless our customers have requested we do so to investigate issues with our solution or carry out a service.
Soteria utilizes Google Analytics, a web analysis service provided by Google LLC (“Google”), on our marketing website hosted at https://soteria.io. Google utilizes the Data collected to track and examine the use of this site, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network. Soteria uses the Data to analyze traffic patterns on our marketing website to understand the impact of our marketing efforts and to inform decisions made by our marketing team.
By using our products and services, registering for mailing lists or newsletters, filling out forms on our website, and other interactions can cause your email address and other information to be added to our contact lists. Individuals on our contact lists may receive email messages containing information of commercial or promotional nature concerning Soteria products and services.
By providing your contact information to Soteria in a variety of ways, you authorize Soteria to use these details to reply to requests for information, quotes or other kinds of requests from you.
The vast majority of the data we collect through our research initiatives is data that is publicly available or is anonymized information gathered through our products and services. It is collected to enrich the security community, and foster secure adoption of technology for our customers. For example, one of our research initiatives uses the metadata from SaaS product configuration scans to identify common misconfigurations in popular enterprise, critical systems. This aggregated metadata is shared with the security community in various ways to educate and improve security postures for a broad variety of organizations.
Soteria takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to Soteria, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of Soteria products and services (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by Soteria. The updated list of these parties may be requested from Soteria at any time.
The Data is processed at Soteria's operating offices and in any other places where the parties involved in the processing are located. Depending on your location, data transfers may involve transferring your Data to a country other than your own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of personal information.
Some third parties provide services on our behalf and may require access to your information to carry out that work, including billing, customer support, etc. These service providers are authorized to use your information only as necessary to provide the services and solutions in scope and are subject to strict contractual controls to protect the confidentiality and security of your information.
We do not sell our customers' personal information (as that term is defined in the California Consumer Privacy Act) and we will not sell such personal information without providing any required notice and/or right to opt-out of such sale.
Unless specified otherwise in this document, personal information shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation, an order of an authority, or based on the Users' consent. When we have no ongoing legitimate business reason to process your information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your information and isolate it from any further processing until deletion is possible.
Soteria may process personal information relating to Users if one of the following applies:
Users may exercise certain rights regarding their Data processed by Soteria.
In particular, Users have the right to do the following, to the extent permitted by law:
Where personal information is processed for a public interest, in the exercise of an official authority vested in Soteria or for the purposes of the legitimate interests pursued by Soteria, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their personal information be processed for direct marketing purposes, they can object to that processing at any time, free of charge and without providing any justification. Where you object to processing for direct marketing purposes, the personal information will no longer be processed for such purposes. To learn whether Soteria is processing personal information for direct marketing purposes, Users may refer to the relevant sections of this document.
Any requests to exercise User rights can be directed to Soteria through the contact details provided in this document. Such requests are free of charge and will be answered by Soteria as early as possible and within one month, providing Users with the information required by law. Any rectification or erasure of personal information or restriction of processing will be communicated by Soteria to each recipient, if any, to whom the personal information has been disclosed unless this proves impossible or involves disproportionate effort. At the Users' request, Soteria will inform them about those recipients.
Your personal information may be used for legal purposes by Soteria in Court or in the stages leading to possible legal action arising from improper use of Soteria products and services.
You declare to be aware that Soteria may be required to reveal personal information upon request of public authorities.
For operation and maintenance purposes, Soteria products and services and any third-party services may collect files that record interaction with Soteria products and services (System logs) or use other personal information (such as the IP Address) for this purpose.
More details concerning the collection or processing of personal information may be requested from Soteria at any time. Please see the contact information at the beginning of this document.
Should the changes affect processing activities performed on the basis of your consent, Soteria shall collect new consent from you, where required.
Personal Data (or Data or Information)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through Soteria websites, products, and services (or third-party services employed in Soteria websites, products, and services), which can include: the IP addresses or domain names of the computers utilized by the Users who use Soteria websites, products, and services, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
The individual using Soteria websites, products, and services who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
Data Processor (or Processor)
Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of Soteria websites, products, and services. The Data Controller, unless otherwise specified, is the Soteria.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Cookies are Trackers consisting of small sets of data stored in the User's browser.
Tracker indicates any technology - e.g Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of Users, for example by accessing or storing information on the User's device.
Latest update: October 2, 2023