Privacy Policy

ThreatTrace is built for individual users and small teams. It is not an enterprise-managed or MDM-controlled product, and it does not send device activity to an employer or customer-managed security platform.

Data handled on device

ThreatTrace may analyze security-relevant information on your device, such as network indicators, suspicious configuration signals, jailbreak or debugger indicators, app security settings, scan results, alert decisions, and user-selected preferences. This processing is used to show alerts, improve local detection accuracy, and support the app features you choose to enable.

Data that may leave the device only with opt-in or user action

• Anonymous or pseudonymous telemetry, if you choose to enable it, may include security event type, coarse device and app version information, detection metadata, rule identifiers, timestamps, and user feedback such as true-positive or false-positive markings.
• Threat-intelligence lookups, if enabled, may send the minimum indicator needed to check a domain, host, URL host component, IP address, file hash, or similar security indicator.
• Support requests or feedback you send to us may include the contact information and message content you provide.
• Subscription and purchase status may be processed by Apple or the applicable app marketplace. We do not receive or store full payment card numbers.

Data ThreatTrace does not collect

• Contacts, calendars, photos, videos, microphone audio, or camera content.
• SMS, iMessage, call history, voicemail, or private message contents.
• Precise location or street-level location history.
• Passwords, authentication tokens, private keys, or payment card numbers.
• Full web browsing content or full URL paths beyond what is needed for user-enabled security checks.

When telemetry is enabled, we apply data minimization and filtering intended to avoid collecting personal content, secrets, and unnecessary identifiers. You can change ThreatTrace privacy and telemetry settings in the app where supported.

We collect information to provide and improve our Website, Services, and Applications. We limit collection to what is necessary and only process it for legitimate purposes.

Personal Information

Personal Information is any data that identifies you as an individual, such as:

• Name, email address, phone number, postal address, or job title (provided voluntarily via contact forms, consultation requests, or service inquiries).
• Professional details, such as organization name, role in cybersecurity, or industry sector (relevant for tailoring Services like SOC build-outs or threat intelligence consulting).
• Payment information (e.g., billing details for paid Services, processed securely via third-party providers).
• Account credentials (e.g., usernames and passwords) if you create an account for ongoing Services or Applications.

We collect Personal Information only when you voluntarily submit it, such as:

• Filling out contact or consultation forms on the Website.
• Subscribing to newsletters or requesting a custom security plan.
• Engaging with Services (e.g., during breach response or maturity assessments, where we may process client-provided data under contract).
• Registering for webinars, demos, or support in Applications.

For Services involving monitoring or response (e.g., 24x7x365 Threat Monitoring or Incident Response), we may process Personal Information from your organization's environment only with your explicit consent and under a service agreement. This does not include unsolicited data collection from third parties.

Non-Personal Information

We automatically collect non-identifying information to enhance user experience and site functionality, including:

• Log data: IP address, browser type/version, device information (e.g., operating system, screen resolution), pages visited, time and date of access, and referral sources.
• Usage analytics: Session duration, clickstream data, and interaction patterns (e.g., which Services pages you view).
• Cookies and similar technologies: See Section 7 for details.

We do not require Personal Information to browse the Website.

International Visitors

Our Applications, including ThreatTrace, are available globally through the Apple App Store and (when released) the Google Play Store. If you are accessing our Applications from outside the United States, providing information means transferring it to the United States, where data protection laws may differ from your jurisdiction. We use appropriate safeguards, including standard contractual clauses where applicable, for such transfers.

We use collected information solely for the purposes disclosed at the time of collection or as permitted by law. Common uses include:

• Providing and Improving Services and Applications: Responding to inquiries, delivering consultations, building SOC processes, conducting threat detection assessments, or performing breach response. For Applications, this includes enabling local security features, privacy settings, support workflows, and user-enabled telemetry.
• Communication: Sending updates, service notifications, or marketing materials (with opt-out options) via email or phone.
• Analytics and Security: Analyzing site usage to optimize performance, diagnose issues, or detect threats. In our cybersecurity Services, we use data to identify vulnerabilities without creating individual profiles.
• Compliance and Legal: Fulfilling contractual obligations, complying with laws, or protecting against legal risks.
• Business Operations: Internal training, auditing SOC maturity programs, or aggregating anonymized data for industry reports (no Personal Information is included in aggregates).

We never use your information for commercial marketing unrelated to our Services or sell it to third parties. All processing is based on your consent, contractual necessity, or legitimate business interests.

We do not sell, rent, or trade Personal Information. Sharing is limited and purposeful:

• Service Providers: With trusted third parties (e.g., cloud hosts, email services, payment processors) who assist in operations and are contractually bound to protect data.
• Business Partners: For joint Services, only with your consent and anonymized where possible.
• Legal Requirements: If required by law, subpoena, or government agency; to protect rights, safety, or property.
• Client Environments: For monitoring or response, we access data solely under service agreements and NDAs, never shared externally without authorization.
• App Marketplaces: For ThreatTrace subscriptions, Apple or the applicable marketplace may process purchase, subscription, refund, and entitlement information under its own terms and privacy notices.

We do not create individual profiles or share with private organizations for marketing. International transfers use standard contractual clauses to ensure equivalent protection where applicable.

As a cybersecurity firm, we prioritize robust protections:

• Technical Measures: Encryption, access controls, firewalls, intrusion detection, Zero Trust architecture, and regular vulnerability scans.
• Organizational Measures: Employee training, data minimization, incident response plans, and Privacy Impact Assessments for new Services or Applications.
• Retention: Personal Information is retained only as long as needed for the purposes described in this Policy or as required by law, then securely deleted or anonymized.
• Breach Response: We notify affected individuals and authorities as required by applicable law and remediate swiftly.

Despite these efforts, no system is infallible. We cannot guarantee absolute security but commit to notifying you of any material breaches as required by law.

You have control over your information:

• Access and Correction: Request details about the Personal Information we hold about you, or request updates.
• Deletion: Request removal of your Personal Information (subject to legal retention requirements).
• Opt-Out: Unsubscribe from marketing emails or object to processing by contacting admin@axiom-cyber.com.
• Do Not Sell or Share: We do not sell Personal Information; you may opt out of any future sharing.
• Withdraw Consent: For voluntary submissions, contact us to revoke consent.

To exercise rights, email admin@axiom-cyber.com with your request. We respond within 45 days (or as required by applicable law).

For Services clients, rights extend to data processed on your behalf; we act as a processor under your instructions.

We use cookies on the Website for functionality, analytics, and security. You can manage cookies via browser settings; disabling may limit Website features. We do not use cookies for targeted advertising and respect Do Not Track and Global Privacy Control signals where possible. ThreatTrace does not use browser cookies for mobile app telemetry.

Our Website, Services, and Applications are not directed at children under 13 in the United States (per COPPA) or under the applicable minimum age in other jurisdictions. We do not knowingly collect Personal Information from children below these ages. If we learn of such collection, we delete it promptly.

We may update this Policy to reflect changes in practices or laws. Significant updates will be posted here with the new effective date. Continued use after changes constitutes acceptance. Check periodically.

For questions, concerns, or rights requests, contact our Privacy Contact:

• Email: admin@axiom-cyber.com
• Mail:
  Axiom Cyber, LLC
  12 Vista Cir. #7481
  Star Valley Ranch, WY 83127

We welcome feedback and aim to resolve issues promptly.

Thank you for trusting Axiom Cyber with your privacy.