Privacy Policy

Last updated: January 2025. Applies to all SecureSom services.

What We Collect

We collect only the information necessary to provide institutional monitoring and compliance services: your institution name, email domain, monitored system endpoints (URLs and IP addresses), and incident logs entered by your staff. We do not collect personal data unrelated to your institutional use.

How We Protect Your Data

All data is encrypted in transit (TLS 1.3) and at rest. Access is controlled by role-based permissions. Only your institution's authorised users can view your data. SecureSom staff cannot access your incident logs or compliance reports without explicit written consent.

Data Storage & Location

Primary infrastructure is hosted within the EU with redundancy. We use enterprise-grade cloud providers with SOC 2 Type II and ISO 27001 certifications. Backup data is encrypted and geographically distributed.

Data Retention & Deletion

You retain full ownership of your data. Upon account closure, all associated data is permanently deleted within 30 days. You may export your data at any time via the dashboard. Compliance reports generated within your account remain yours.

Contact

For privacy-related inquiries, data access requests, or to report a concern, contact us at privacy@securesom.org. We respond to all requests within 72 hours.