Privacy Policy

Effective Date: 29 January 2025

Introduction

At Secgra.com, your privacy and data security are at the core of everything we do. Our AI-powered platform provides comprehensive visibility and insights across SaaS, on-premise systems, browsers, and hybrid infrastructures to optimize operations, enhance security, and ensure compliance. This Privacy Policy outlines our data collection, usage, and protection practices, reflecting our commitment to safeguarding your data across all operational touchpoints.

---

Information Collection

Secgra collects only the data necessary to deliver and improve our services. This includes:

Personal Identifiers: Names, email addresses, and organization-specific details to personalize your experience.

Operational Data: Information on assets, such as users, devices, subscriptions, and integrations across SaaS, on-premises, and hybrid systems.

Interaction Data: Generated by our platform for operational analytics, including compliance checks, risk scores, security configurations, and usage patterns.

System Health Monitoring: Our tools monitor the health and configuration of your IT stack. Only failure or misconfiguration data is transmitted to ensure that sensitive information is never exposed unnecessarily.

Our browser extension respects privacy by operating primarily on the client side. Only specific violations, such as shadow IT detection or compliance misconfigurations, are transmitted to the platform for analysis.

---

Purpose of Data Collection

Secgra collects data to:

Optimize Performance: Deliver and maintain platform functionality for seamless operations.

Enhance Security: Identify and address vulnerabilities across SaaS, on-premise systems, and hybrid environments.

Ensure Compliance: Automate regulatory adherence and streamline documentation.

Generate Insights: Provide actionable intelligence for cost management, security improvements, and risk reduction.

---

Security Measures

Our platform is built with industry-leading security protocols to protect your data:

Encryption: Data is encrypted both in transit and at rest using advanced encryption standards.

Data Sharding: Tenant data is isolated through sharding to prevent cross-tenant access.

Secure Access Controls: Role-based access ensures that only authorized personnel can view or manage your data.

Browser Privacy: Extensions are client-focused, avoiding telemetry or invasive data collection.

Regular Security Audits: We conduct continuous penetration testing and vulnerability scans to proactively identify and mitigate risks.

Secgra operates on a zero-trust model, ensuring that every system and user interaction is verified to prevent unauthorized access.

---

Chrome Browser Privacy Policy

Our Chrome browser extension is designed to protect user privacy:

No Telemetry: We do not collect browsing activity or usage telemetry.

Limited Scope: The extension detects security issues (e.g., misconfigurations, unauthorized access) and reports violations only to the extent necessary.

Client-Side Focus: The extension operates locally, ensuring minimal data exposure and respecting user autonomy.

---

Data Usage and Marketing

Secgra adheres to the highest standards of data protection:

Your data is never sold or shared for marketing purposes.

Any data processing is strictly to enhance platform functionality and deliver value to users.

---

Data Management and User Rights

Secgra empowers you with full control over your data, offering:

Access: Retrieve a copy of your stored data.

Correction: Request corrections for inaccuracies.

Deletion: Permanently delete your data. This will end your access to our services and is irreversible.

Portability: Export your data in a portable format for use elsewhere.

Objection: Challenge certain data processing practices, with due consideration of operational needs.

To exercise these rights, contact us at privacy@secgra.commailto:privacy@secgra.com.

---

Policy Updates

We commit to transparency. Any updates to this Privacy Policy will be shared on our blog and through direct notifications where applicable. Please review periodically to stay informed.

---

Data Sharing

Secgra does not share data with third parties. Your data is isolated and securely managed to protect its integrity and confidentiality.

---

Global Compliance and Certifications

Secgra is committed to meeting the highest standards of data privacy and security. While we are actively working toward full compliance with globally recognized frameworks, including GDPR, CCPA, ISO 27001, and SOC 2, we take significant measures today to align with their principles. These include:

Data Minimization: Collecting only the data necessary for service delivery and ensuring it is handled responsibly.

User Control: Offering rights such as access, correction, deletion, and portability in line with global privacy principles.

Secure Operations: Implementing robust encryption, access controls, and regular security audits to safeguard data.

Privacy by Design: Incorporating privacy and security considerations into every aspect of our platform.

We are actively pursuing certifications and compliance verifications as part of our commitment to your data's safety and privacy. While we are not yet fully certified, we are transparent about our efforts and will share updates as we progress.

---

For privacy-related questions, concerns, or requests, please email privacy@secgra.commailto:privacy@secgra.com. Our team is ready to address your concerns and ensure your data is treated with the utmost care.