Legal

Privacy Policy

How we collect, use, and protect personal data.

Version 2025-06-01 · Intellescope, Inc.

Template legal documents for product implementation. Have counsel review and customize before customer contracts or regulatory filings. Contact legal@intellescope.io for executed agreements.

Introduction

This Privacy Policy describes how Intellescope, Inc. ("Intellescope, Inc.", "we", "us") processes personal data when you use Intellescope, our threat intelligence platform (the "Service").

Effective date: June 1, 2025. This policy is designed for business customers whose organizations are typically the data controller for workforce user accounts. Where your employer engages us, your organization controls account provisioning and we act as a processor for organizational data subject to our Data Processing Agreement.

Who is responsible for your data

For workforce accounts created by your employer, your organization is generally the data controller and Intellescope, Inc. is the processor. Contact your organization's administrator for access, correction, or deletion requests.

For website visitors and sales inquiries not yet under contract, Intellescope, Inc. may act as controller for contact details you provide. Contact privacy@intellescope.io for questions.

Data we process

Account data: name, work email, job title, team, role, and authentication identifiers from your identity provider (e.g., Microsoft Entra ID).

Security operations data: indicators of compromise, cases, audit entries, integration metadata, and analyst actions submitted in the Service.

Technical data: IP addresses for API key usage and audit accountability, session cookies, and rate-limit counters.

We do not intentionally collect special categories of personal data (e.g., health, biometric) through the Service.

Purposes and lawful bases

Provide and secure the Service (contract; legitimate interests in cybersecurity).

Authenticate users and enforce tenant isolation (contract; legitimate interests).

Maintain audit trails and comply with legal obligations (legal obligation; legitimate interests).

Improve reliability and abuse prevention (legitimate interests).

Sharing and subprocessors

We use infrastructure and enrichment subprocessors listed at /legal/subprocessors. We do not sell personal data.

We may disclose data when required by law or to protect rights, safety, and security.

International transfers

Data may be processed in the United States and other regions where we or subprocessors operate. Where required, we implement appropriate safeguards such as Standard Contractual Clauses via our DPA.

Retention

Account data is retained while your organization maintains your user and as required by contract or law.

Audit and security logs follow your organization's configured retention (see audit destination settings).

Cached vendor enrichment and brief data expire per platform TTL defaults (typically seven days).

Your rights

Depending on jurisdiction, you may have rights to access, rectify, erase, restrict, object, or port personal data.

Workforce users should contact their employer (controller) first. You may also contact privacy@intellescope.io.

EU/UK users may lodge a complaint with a supervisory authority.

California residents: we do not sell personal information. See your organization's notice for CCPA/CPRA rights exercised through your employer.

Security

We implement administrative, technical, and organizational measures including encryption in transit, tenant isolation, access controls, and audit logging. See docs/data-security.md in our security documentation pack.

Children

The Service is not directed to individuals under 16 and we do not knowingly collect children's data.

Changes

We may update this policy. Material changes will be communicated to customer administrators and may require re-acceptance in the Service.

Questions: privacy@intellescope.io.