Privacy Policy - SafeKeyLab

Last updated: January 2025

SCOPE: This Privacy Policy applies to SafeKeyLab, Inc. ("SafeKeyLab," "we," "us," or "our") and describes how we collect, use, disclose, and protect information when you visit our website, use our services, or otherwise interact with us. By using our Services, you consent to the practices described in this Policy.

1. Information We Collect

1.1 Information You Provide

Account Information: Name, email address, company name, job title, phone number, and billing address when you create an account or request information.
Payment Information: Credit card or payment details processed through our third-party payment processors (Stripe). We do not store complete payment card numbers.
Communications: Information you provide when contacting support, submitting inquiries, or participating in surveys.
Employment Applications: Resume, work history, and related information if you apply for employment.

1.2 Information Collected Automatically

Log Data: IP address, browser type, operating system, referring URLs, pages viewed, and access times.
Device Information: Device identifiers, hardware model, and operating system version.
Usage Data: API call volumes, feature usage patterns, and performance metrics.
Cookies and Tracking: We use essential cookies for authentication and session management. See Section 9 for details.

1.3 Customer Data

Important: When you use our AI security services, you may submit data for processing ("Customer Data"). Customer Data is processed solely to provide the Services and is governed by our Terms of Service and any applicable Data Processing Agreement. We do not:

Use Customer Data to train machine learning models
Share Customer Data with third parties except as necessary to provide Services
Retain Customer Data beyond the processing request unless configured for audit logging
Access Customer Data except as necessary for support or as directed by you

2. How We Use Information

Purpose	Legal Basis (GDPR)
Provide and operate the Services	Contract performance
Process payments and billing	Contract performance
Send service notifications and updates	Legitimate interest
Respond to support requests	Contract performance
Detect and prevent fraud or abuse	Legitimate interest
Comply with legal obligations	Legal obligation
Improve and develop Services	Legitimate interest
Marketing communications (with consent)	Consent

3. Information Sharing and Disclosure

We do not sell personal information. We may share information in the following circumstances:

3.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including:

Cloud infrastructure providers (AWS, Google Cloud)
Payment processors (Stripe)
Analytics providers
Customer support tools

All service providers are contractually bound to protect your information and may only use it to provide services to us.

3.2 Legal Requirements

We may disclose information if required by law, subpoena, court order, or government request. Where legally permitted, we will attempt to notify you before disclosure. We may also disclose information to:

Comply with legal process or government requests
Enforce our Terms of Service
Protect our rights, privacy, safety, or property
Respond to emergency situations

3.3 Business Transfers

In connection with a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred. We will notify you of any such change and any choices you may have.

3.4 With Your Consent

We may share information with third parties when you have given explicit consent.

4. Data Security

We implement comprehensive security measures to protect your information:

Encryption: AES-256 encryption at rest, TLS 1.3 encryption in transit
Access Controls: Role-based access, multi-factor authentication, least privilege principles
Infrastructure: SOC 2 Type II certified, regular penetration testing, vulnerability scanning
Monitoring: 24/7 security monitoring, intrusion detection, audit logging
Personnel: Background checks, security training, confidentiality agreements

Despite our efforts, no security measures are completely impenetrable. If you believe your account has been compromised, contact us immediately at security@safekeylab.com.

5. Data Retention

Data Type	Retention Period
Account information	Duration of account + 7 years
Customer Data (API processing)	Transient (not retained) unless audit logging enabled
Audit logs (if enabled)	Per customer configuration (default: 30 days)
Payment records	7 years (legal requirement)
Support communications	3 years after resolution
Log data	90 days

Upon account termination, we delete or anonymize your data within 30 days unless legally required to retain.

6. International Data Transfers

SafeKeyLab is based in the United States. If you access our Services from outside the U.S., your information may be transferred to and processed in the United States or other countries where our service providers operate.

For transfers from the European Economic Area (EEA), UK, or Switzerland, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data Processing Agreements with appropriate safeguards
Your explicit consent where required

Data Residency: Enterprise customers may request deployment in specific regions (US, EU, APAC) to meet data residency requirements. Contact sales for details.

7. Your Rights and Choices

7.1 All Users

Access: Request a copy of personal information we hold about you
Correction: Request correction of inaccurate information
Deletion: Request deletion of your personal information
Opt-out: Unsubscribe from marketing communications at any time
Data Portability: Request your data in a machine-readable format

7.2 European Users (GDPR)

If you are in the EEA, UK, or Switzerland, you have additional rights:

Right to object to processing based on legitimate interests
Right to restrict processing
Right to withdraw consent
Right to lodge a complaint with your local data protection authority

7.3 California Residents (CCPA/CPRA)

California residents have specific rights under the California Consumer Privacy Act:

Right to Know: Request disclosure of personal information collected, used, and shared
Right to Delete: Request deletion of personal information
Right to Opt-Out: We do not sell personal information
Right to Non-Discrimination: We will not discriminate against you for exercising your rights
Right to Correct: Request correction of inaccurate personal information
Right to Limit: Limit use of sensitive personal information

To exercise your rights, contact privacy@safekeylab.com. We will verify your identity before processing requests.

8. Children's Privacy

Our Services are not directed to children under 16. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 16, we will delete it promptly. If you believe we have collected information from a child, contact us at privacy@safekeylab.com.

9. Cookies and Tracking Technologies

We use the following types of cookies:

Type	Purpose	Duration
Essential	Authentication, security, session management	Session
Functional	Remember preferences and settings	1 year
Analytics	Understand usage patterns (if consented)	2 years

You can control cookies through your browser settings. Disabling essential cookies may affect service functionality.

Do Not Track: We honor Do Not Track browser signals where technically feasible.

10. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

Posting the updated policy with a new "Last Updated" date
Sending email notification to account holders for material changes
Displaying a prominent notice on our website

Your continued use of the Services after changes constitutes acceptance of the updated Policy.

12. Data Protection Officer

For privacy-related inquiries or to exercise your rights, contact our Data Protection team:

SafeKeyLab, Inc.
Attn: Privacy Team
1111B South Governors Avenue #28057
Dover, DE 19904
Email: privacy@safekeylab.com

13. Regulatory Information

EU Representative: For users in the European Economic Area, our EU representative can be contacted at eu-representative@safekeylab.com.

UK Representative: For users in the United Kingdom, our UK representative can be contacted at uk-representative@safekeylab.com.

Data Processing Agreement: Enterprise customers processing personal data through our Services should contact sales@safekeylab.com to execute a Data Processing Agreement (DPA) that includes Standard Contractual Clauses and additional safeguards as required.