Privacy Policy
How Peak Defence collects, uses, and protects your personal information
1. Introduction
This Privacy Policy applies to the Virtual CISO services provided by Peak Defence (“Services”). It explains how we handle data in the course of providing these Services.
2. Data Processing and Personal Data
The Services are designed not to process personal data. There is no expectation or requirement for users to upload personal data into the product and this would contradict the Terms of service.
3. Data Hosting and Processing
The Services are hosted on AWS infrastructure located within the European Union (EU) - or in other regions if specifically contracted with customers. AWS acts as a data processor on behalf of Peak Defence. Langfuse is another data processor used for the hosted service (for deployments under Starter package, starting from Scaleup and Enterprise packages a different deployment model can be negotiated), under strict data protection agreements - they receive the queries data made against the service and responses to the queries, but not the original data / documents used to create answers. Users have the option to run a local version of the Services on AWS, or for Enterprise versions, a hosted version where no data leaves the customer’s premises.
4. Data Security
Peak Defence implements robust security measures to protect data integrity and prevent unauthorized access. In order to protect the data Peak Defence is using an information security management system built on top of ISO/IEC 27001:2022 standard requirements.
5. Data Retention
Data is retained only as long as necessary for providing the Services and in compliance with applicable legal requirements. Overall Data retention is up to 30 days for the following data: Backups of data to enable proper recovery of data in cases of disasters (backups kept for up to 90 days) Logging to ensure security of solution (logs kept for up to 90 days) # 6. Your Rights Since the Services do not process personal data, traditional rights under data protection laws, such as access, rectification, or deletion of personal data, may not be applicable.
7. Changes to This Policy
Peak Defence reserves the right to modify this Privacy Policy at any time. Any changes will be posted on our website and effective immediately.
8. Contact Information
For any questions regarding this Privacy Policy, please contact Peak Defence at csupport[at]peakdefence.com.
Related Information
- Terms of Service
Our terms governing the use of Peak Defence services
- Cookie Policy
How we use cookies and similar technologies
- GDPR Compliance
Our approach to European data protection regulations
Questions?
If you have any questions about our privacy practices, please don't hesitate to contact our Data Protection Officer.
Email Our DPO