Infiltra ("we," "us," or "our") understands the importance of protecting the privacy of an individual’s personal data. This Privacy Policy sets out how Infiltra protects your privacy, your rights in relation to the personal data we manage, and the ways we collect, hold, use, and disclose that data.
In handling your personal data, Infiltra complies with all applicable international data protection laws and privacy frameworks relevant to our operations and your location. This policy is reviewed regularly and may be updated from time to time to reflect regulatory shifts, international compliance standards, or changes in our operational technologies.
Infiltra collects and holds personal information from clients, customers, employees, contractors, and other individuals necessary for core business and cybersecurity operations. The main types of information Infiltra may collect and hold include:
Where practicable and legally permissible, we will provide you with the option of interacting with us anonymously or via a pseudonym.
Generally, Infiltra collects your personal information directly from you through online forms, portal registrations, emails, phone calls, face-to-face meetings, or direct interactions with our platform.
There may be occasions when Infiltra collects personal information from third parties or automated sources, including:
We use cookies and similar tracking pixels to optimize website performance and analyze traffic patterns. You may restrict or disable cookies through your browser settings, though some portal features may lose functionality.
We collect personal data directly from you whenever possible. However, we may also receive data from third-party sources (such as business communication platforms, corporate partners, or publicly available databases) where permitted by law and necessary to provide or optimize our services.
Infiltra collects, holds, uses, and discloses personal information where it is reasonably necessary for the following primary purposes:
Infiltra won't use customer data, inputs, prompts, or generated outputs to train or fine-tune any AI/ML models without your prior permission or instruction. Infiltra explicitly guarantees that personal data or proprietary data ingested during security assessments is structurally isolated.
Infiltra’s data sharing is restricted to these four legal categories:
Infiltra restricts internal access to personal information to personnel who require it to deliver services or perform administrative duties. We only disclose personal information externally to facilitate business operations, satisfy legal requirements, or execute services on your behalf.
Infiltra utilizes highly secure, distributed cloud environments to host platforms and manage data backup infrastructure. Consequently, your personal information may be stored or processed in servers located outside your country of residence.
Data protection environments vary globally. Before transferring any personal data across borders, Infiltra takes contractually enforceable, reasonable steps to ensure that the overseas recipient maintains privacy controls as required by law.
Infiltra treats data security as a core operational mandate. We implement industry-aligned technical and organizational measures—including end-to-end encryption for data in transit and at rest, strict logical access controls, multi-factor authentication, and continuous monitoring—to safeguard information against loss, misuse, modification, or unauthorized access.
Personal information is retained only as long as necessary to fulfill its original business or legal purpose. When no longer required, Infiltra securely de-identifies or destroys the data using rigorous cryptographic or physical erasure standards.
In the event of an unauthorized data access, disclosure, or loss that meets the threshold of an eligible data breach, Infiltra will execute its formal Incident Response Plan. We will promptly notify affected individuals and relevant statutory bodies.
Depending on your geographic location and local statutory provisions, you possess specific rights regarding your personal data. These generally include the right to:
If you believe Infiltra has compromised your privacy or mishandled your personal data, please direct your formal complaint to the Partner managing your account relationship or contact our Privacy Officer.
All privacy complaints are handled with strict confidentiality, treated with high operational priority, and investigated promptly without impacting your existing commercial arrangements or service agreements.
Our Privacy Officer will endeavor to:
For privacy inquiries, exercise of data rights, or escalation of compliance complaints, please contact our privacy office at: contact@infiltra.ai