Privacy Policy

Introduction

Infiltra ("we," "us," or "our") understands the importance of protecting the privacy of an individual’s personal data. This Privacy Policy sets out how Infiltra protects your privacy, your rights in relation to the personal data we manage, and the ways we collect, hold, use, and disclose that data.

In handling your personal data, Infiltra complies with all applicable international data protection laws and privacy frameworks relevant to our operations and your location. This policy is reviewed regularly and may be updated from time to time to reflect regulatory shifts, international compliance standards, or changes in our operational technologies.


2. Types of Personal Information Infiltra May Collect

Infiltra collects and holds personal information from clients, customers, employees, contractors, and other individuals necessary for core business and cybersecurity operations. The main types of information Infiltra may collect and hold include:

  • Personally Identifiable Information (PII): Name, email address, Mobile numbers.
  • Corporate & Professional Details: Job titles, organization name, taxation details (including Tax File Numbers where legally authorized), and financial services billing data.
  • Technical & Network Telemetry: IP addresses, device identifiers, browser types, access logs, and website activity data collected via cookies or analytics scripts.
  • Operational & Security Data: System logs, network configurations, or metadata exposed during authorized security assessments and penetration testing activities.
  • Interaction Data: Social media handles, communications records, and notes from meetings or technical consultations.

Where practicable and legally permissible, we will provide you with the option of interacting with us anonymously or via a pseudonym.


3. Collection of Personal Information

Generally, Infiltra collects your personal information directly from you through online forms, portal registrations, emails, phone calls, face-to-face meetings, or direct interactions with our platform.

There may be occasions when Infiltra collects personal information from third parties or automated sources, including:

  • An entity you represent (such as an employer or a company of which you are an officer), where necessary to provision services to that organization.
  • Publicly available registers, corporate listings, and open-source intelligence platforms (OSINT) used legally during authorized perimeter security evaluations.
  • Credit reporting bodies, background screening providers, and professional reference checks (primarily for recruitment or sub-contractor vetting).
  • Government or regulatory agencies.

We use cookies and similar tracking pixels to optimize website performance and analyze traffic patterns. You may restrict or disable cookies through your browser settings, though some portal features may lose functionality.

We collect personal data directly from you whenever possible. However, we may also receive data from third-party sources (such as business communication platforms, corporate partners, or publicly available databases) where permitted by law and necessary to provide or optimize our services.


4. Use of Personal Information & AI Processing

Infiltra collects, holds, uses, and discloses personal information where it is reasonably necessary for the following primary purposes:

  • Provisioning, managing, and maintaining our security services and automated platforms.
  • Responding to technical support inquiries, sales requests, and general communication.
  • Accounting, billing, risk management, and internal corporate administration.
  • Assessing applications for employment, contracting, or consulting engagements.
  • Complying with legal, regulatory, or law enforcement obligations.
  • Direct marketing to share security insights, product upgrades, or relevant industry events. You may opt out of marketing materials at any time via integrated unsubscribe links or direct contact.

AI and Automated Processing Notice

Infiltra won't use customer data, inputs, prompts, or generated outputs to train or fine-tune any AI/ML models without your prior permission or instruction. Infiltra explicitly guarantees that personal data or proprietary data ingested during security assessments is structurally isolated.


5. Disclosure of Information

Infiltra’s data sharing is restricted to these four legal categories:

  • No Commercial Data Sharing: Infiltra does not use your data to build advertising profiles, never used for ad targeting, and is never sold to any third party.
  • "For external processing" (Vendors & Sub-processors): Infiltra may disclose data to its corporate affiliates and trusted third-party service providers who operate its data centers, provide customer support, or help manage internal business systems. These third parties are bound by strict contractual confidentiality clauses and are prohibited from using the data for their own independent purposes.
  • "With domain administrators": Your domain administrator will have full legal visibility and control over your account activity, statistics, and saved data.
  • "For legal reasons" (Government & Law Enforcement): Infiltra will disclose personal information if it has a good-faith belief that access is necessary to:
    • Comply with applicable laws, legal processes, or enforceable government subpoenas (documented in their public Transparency Report).
    • Enforce terms of service and investigate violations.
    • Detect, prevent, or address active fraud, security threats, or technical vulnerabilities.

Infiltra restricts internal access to personal information to personnel who require it to deliver services or perform administrative duties. We only disclose personal information externally to facilitate business operations, satisfy legal requirements, or execute services on your behalf.


6. Cross-Border Data Transfers

Infiltra utilizes highly secure, distributed cloud environments to host platforms and manage data backup infrastructure. Consequently, your personal information may be stored or processed in servers located outside your country of residence.

Data protection environments vary globally. Before transferring any personal data across borders, Infiltra takes contractually enforceable, reasonable steps to ensure that the overseas recipient maintains privacy controls as required by law.


7. Data Security & Mandatory Breach Notification

Infiltra treats data security as a core operational mandate. We implement industry-aligned technical and organizational measures—including end-to-end encryption for data in transit and at rest, strict logical access controls, multi-factor authentication, and continuous monitoring—to safeguard information against loss, misuse, modification, or unauthorized access.

Data Retention

Personal information is retained only as long as necessary to fulfill its original business or legal purpose. When no longer required, Infiltra securely de-identifies or destroys the data using rigorous cryptographic or physical erasure standards.

Data Breach Response

In the event of an unauthorized data access, disclosure, or loss that meets the threshold of an eligible data breach, Infiltra will execute its formal Incident Response Plan. We will promptly notify affected individuals and relevant statutory bodies.


8. Your Global Privacy Rights

Depending on your geographic location and local statutory provisions, you possess specific rights regarding your personal data. These generally include the right to:

  • Access & Portability: Request a copy of the personal data we hold about you in a structured, portable format.
  • Correction & Rectification: Request corrections to inaccurate, incomplete, or outdated profiles.
  • Erasure ("Right to be Forgotten"): Request the permanent deletion of your personal data where legal retention grounds no longer apply.
  • Restriction & Objection: Object to, or request that we restrict, the processing of your data under certain conditions (such as direct marketing).
  • Withdraw Consent: Withdraw your consent at any time for processing activities that rely purely on consent.

9. Privacy Complaints & Contact Details

If you believe Infiltra has compromised your privacy or mishandled your personal data, please direct your formal complaint to the Partner managing your account relationship or contact our Privacy Officer.

All privacy complaints are handled with strict confidentiality, treated with high operational priority, and investigated promptly without impacting your existing commercial arrangements or service agreements.

Our Privacy Officer will endeavor to:

  • Provide an initial response to your query or complaint within 15 Business Days, and
  • Investigate and attempt to resolve your query or complaint within 45 Business Days or such longer period as is necessary and notified to you by our Data Privacy Officer.

Contact Information

For privacy inquiries, exercise of data rights, or escalation of compliance complaints, please contact our privacy office at: contact@infiltra.ai