Privacy Policy
Introduction
SecureSlate ("SecureSlate", "we", "us", or "our") operates this website and provides an AI-powered continuous compliance and security platform (the "Services"). This Privacy Policy explains how we collect, use, disclose, and protect personally identifiable information ("Personal Data") about visitors to our website and users of our Services.
For the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679) (the "GDPR"), SecureSlate acts as a data controller in respect of Personal Data collected through this website and from prospects, and as a data processor in respect of customer data processed on behalf of our customers through the Services. For the purposes of the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (the "CCPA"), SecureSlate acts as a "business" in respect of data it collects directly from website visitors and prospects, and as a "service provider" in respect of customer data processed on behalf of customers.
By using our Services, you agree to the processing of your Personal Data as described in this Privacy Policy.
Personal Data we collect
We collect the following categories of Personal Data:
- Identifiers: name, email address, username, IP address, and online identifiers.
- Account information: password hashes, company name, job title, and account preferences.
- Commercial information: records of products or services purchased and billing contact details.
- Internet or network activity: pages visited, features used, referring URLs, browser type, device identifiers, and timestamps.
- Location information: approximate location derived from IP address, and, with your permission, precise location if you enable location features on a mobile device.
- Inferences: analytics drawn from the above to understand user preferences and improve the Services.
- Professional or employment-related information: only where you provide it in connection with sales inquiries, employment applications, or partner onboarding.
We do not knowingly collect special categories of Personal Data (as defined under GDPR Article 9) or sensitive personal information (as defined under the CCPA) through our Services.
Cookies and non-identifiable data
We use cookies and similar tracking technologies to operate the Services, analyze usage, and enable certain features (such as session authentication). Some cookies are strictly necessary; others (such as analytics and marketing cookies, including Google Analytics) are only set with your consent where required by applicable law. You can manage your preferences through our cookie consent banner or your browser settings. For more information on Google Analytics, see www.google.com/policies/privacy/partners/.
We honor Global Privacy Control (GPC) signals as a valid opt-out of the sale or sharing of Personal Data under the CCPA. Our website does not otherwise respond to "Do Not Track" signals due to the lack of a common industry standard.
How we use your Personal Data
We use Personal Data for the following purposes:
- To provide, operate, maintain, and secure the Services and respond to user requests.
- To authenticate users, provision accounts, and enforce our Terms of Service.
- To communicate with you about your account, updates to the Services, and security or administrative matters.
- To send marketing communications, where permitted by law, from which you can unsubscribe at any time.
- To understand how users interact with the Services and to improve features and user experience.
- To comply with legal obligations and enforce our rights, including investigating and preventing fraud or abuse.
We do not sell Personal Data for monetary consideration. We may "share" Personal Data for cross-context behavioral advertising (as defined under the CCPA) only where you have consented or as otherwise permitted by law; you can opt out at any time as described in the "Your rights under the CCPA" section below.
Legal basis for processing (GDPR)
Where GDPR applies, we rely on the following legal bases under Article 6 of the GDPR:
- Performance of a contract — to provide the Services to you and administer your account.
- Legitimate interests — to operate, secure, and improve the Services, to prevent fraud, and to communicate with existing customers about similar products and services, where not overridden by your rights and interests.
- Consent — for non-essential cookies, marketing communications to prospects, and any other processing where consent is required. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
- Legal obligation — to comply with applicable law, regulatory requirements, and lawful requests from public authorities.
Disclosure of Personal Data
We may disclose Personal Data to the following categories of recipients, each under appropriate contractual and legal safeguards:
- Service providers and subprocessors (e.g., cloud hosting, analytics, email delivery, customer support tooling, payment processors) that process Personal Data on our behalf.
- Affiliates and related companies for the purposes described in this Privacy Policy.
- Professional advisors (e.g., auditors, lawyers, accountants) when required for our business operations.
- Acquirers or successors in connection with a merger, acquisition, financing, or sale of all or part of our business.
- Public authorities where required by law, court order, or in response to lawful requests.
We do not sell Personal Data. In the 12 months preceding the date of this policy, we have not sold Personal Data for monetary consideration.
Data retention
We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Typical retention periods are:
- Account data: for the duration of your account, plus up to 90 days after closure for backup and recovery.
- Billing and financial records: up to 7 years to comply with applicable tax and accounting laws.
- Marketing contacts: until you unsubscribe or we determine the contact is no longer active.
- Website analytics: up to 26 months, consistent with Google Analytics defaults.
- Security and audit logs: up to 12 months.
International data transfers
SecureSlate is based in the United Kingdom, and our service providers are located in the United Kingdom, the European Economic Area (EEA), and the United States. Where we transfer Personal Data outside the EEA or the United Kingdom, we rely on a valid transfer mechanism under Article 46 of the GDPR, including the European Commission's Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework and the UK's International Data Transfer Addendum. A copy of the relevant safeguards can be requested by contacting us using the details below.
Your rights under the GDPR
If the GDPR applies to our processing of your Personal Data, you have the following rights:
- Right of access (Article 15) — to request confirmation of whether we process your Personal Data and obtain a copy.
- Right to rectification (Article 16) — to have inaccurate or incomplete Personal Data corrected.
- Right to erasure (Article 17) — to request deletion of your Personal Data in certain circumstances.
- Right to restriction of processing (Article 18) — to request that we limit processing in certain circumstances.
- Right to data portability (Article 20) — to receive your Personal Data in a structured, commonly used, and machine-readable format.
- Right to object (Article 21) — to object to processing based on legitimate interests, or to direct marketing, at any time.
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.
- Right to lodge a complaint — with your local supervisory authority.
To exercise any of these rights, contact us at privacy@getsecureslate.com. We will respond within one month, as required by Article 12(3) of the GDPR, and may require information to verify your identity.
Your rights under the CCPA
If you are a California resident, you have the following rights under the CCPA:
- Right to know what categories and specific pieces of Personal Information we have collected, the sources, the purposes of collection, and the categories of recipients.
- Right to delete Personal Information we have collected from you, subject to legal exceptions.
- Right to correct inaccurate Personal Information we hold about you.
- Right to opt out of the sale or sharing of Personal Information. We do not sell Personal Information, and will only "share" Personal Information for cross-context behavioral advertising where you have consented. You can opt out at any time using our "Do Not Sell or Share My Personal Information" link in the website footer or by sending a Global Privacy Control (GPC) signal.
- Right to limit the use of sensitive personal information — we do not use or disclose sensitive personal information for any purpose other than those permitted under CCPA §1798.121.
- Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights.
California residents may exercise these rights by emailing privacy@getsecureslate.com or by using the webform linked from the footer of our website. We will verify your request consistent with the CCPA's verifiable consumer request requirements and respond within 45 days, subject to extensions permitted by law. Authorized agents may submit requests on your behalf with signed authorization and proof of identity.
Children's privacy
The Services are not intended for, and we do not knowingly collect Personal Data from, individuals under the age of 16. If we learn that we have collected Personal Data from a child under 16 without verified parental consent, we will delete it.
Security and breach notification
We implement appropriate technical and organizational measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction, consistent with industry standards (e.g., SOC 2 and ISO 27001). No method of transmission over the Internet is completely secure; however, in the event of a Personal Data breach affecting you, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of it, as required by GDPR Article 33, and will notify affected individuals where required by GDPR Article 34 and applicable state law (including the CCPA).
Links to other websites
The Services may contain links to third-party sites that are not operated by SecureSlate. This Privacy Policy does not apply to those sites; please review the privacy policies of any third-party sites you visit.
Contacting SecureSlate
For questions, requests to exercise your rights, or complaints about this Privacy Policy, please contact us:
- Privacy inquiries: privacy@getsecureslate.com
- General inquiries: info@getsecureslate.com
If you are in the European Economic Area or the United Kingdom and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. If we make a material change, we will provide notice through the Services or by email before the change takes effect. The date of the last update is shown at the top of this Privacy Policy. Your continued use of the Services after the effective date of an updated policy constitutes your acknowledgement of the updated policy.