Privacy Policy

1. Introduction

This privacy policy applies to Defense Station Corp, referred to hereafter as "Defense Station," "we," "our," or "us." Defense Station is committed to protecting your privacy and ensuring the security of your personal data. This policy outlines how we collect, use, disclose, and protect personal information in compliance with GDPR, CCPA, PIPEDA, and PIPA, providing transparency in our data handling practices.

2. Information We Collect

We collect the following types of information:

  • Personal Identifiable Information (PII): Includes your name, email address, phone number, company name, job title, and other contact details that you voluntarily provide when engaging with our services.
  • Technical Information: This includes IP addresses, device identifiers, browser type, operating system, and other device-related data collected automatically when you interact with our website or services. We also collect information through cookies and similar technologies to improve user experience and analyze website traffic.
  • Service Data: Information you provide while using our services, including security assessments, vulnerability data, logs, configuration details, and related data that are necessary for the provision of our security services.
  • Communication Data: Records of your communications with us, including emails, chat transcripts, support requests, and any other information you provide through customer support channels.

3. How We Use Your Information

We use your information to:

  • Provide and Improve Our Services: Your data helps us deliver our security services effectively, customize your experience, and enhance the overall quality of our offerings. We may also use aggregated data to improve our services and develop new features.
  • Communicate with You: We use your contact information to send you updates, notifications, and information related to our services. This includes responding to your inquiries, providing customer support, and sending you relevant marketing communications (with your consent).
  • Analyze Service Usage: We analyze usage patterns to improve the performance, security, and functionality of our services. This includes conducting research and analytics to understand user behavior and preferences.
  • Comply with Legal Obligations: We process your data to comply with applicable laws and regulations, such as responding to legal requests, maintaining records, and fulfilling our contractual obligations.
  • Enforce Our Terms: Your data may be used to enforce our terms and conditions, investigate potential violations, and protect the rights, property, and safety of Defense Station and our users.

4. Legal Basis for Processing (GDPR Compliance)

We process personal data under the following legal bases:

  • Consent: Where you have provided explicit consent for us to process your data for specific purposes, such as marketing communications.
  • Contractual Necessity: To fulfill our contractual obligations with you, such as delivering our services and managing your account.
  • Legitimate Interests: To improve our services, enhance security, prevent fraud, and protect our business interests, provided that these interests do not override your rights and freedoms.
  • Legal Obligation: To comply with legal requirements, such as data retention obligations, and responding to government requests.

5. Your Rights

Under various regulations, you have specific rights regarding your personal data:

  • Right to Access (GDPR, PIPEDA): You can request a copy of the personal data we hold about you and information on how we process it.
  • Right to Rectification (GDPR, PIPEDA): If your data is inaccurate or incomplete, you can request that we correct or update it.
  • Right to Erasure (GDPR): Under certain circumstances, you can request the deletion of your personal data, such as when it is no longer necessary for the purposes for which it was collected.
  • Right to Data Portability (GDPR): You have the right to obtain a copy of your data in a structured, machine-readable format and transfer it to another data controller.
  • Right to Object (GDPR, PIPA): You can object to the processing of your data based on legitimate interests or for direct marketing purposes.
  • Right to Restrict Processing (GDPR): You can request that we limit the processing of your data in certain situations, such as when you contest its accuracy.
  • Right to Withdraw Consent (GDPR, PIPEDA, PIPA): You can withdraw your consent to data processing at any time, where processing is based on consent.

6. Data Retention

We retain your data only as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements. When data is no longer needed, we securely delete or anonymize it.

  • Service Data Retention: Data related to security assessments and other services is retained for a reasonable period to ensure service continuity and comply with legal obligations.
  • Communication Data Retention: Records of communications are retained for quality assurance, legal, and operational purposes.

7. Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your data in the following circumstances:

  • Service Providers: We may share data with trusted third-party service providers who perform functions on our behalf, such as hosting services, data analytics, and customer support. These providers are required to adhere to strict data protection standards and are only allowed to process your data for specified purposes.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, provided that they adhere to the terms of this privacy policy.
  • Legal Requirements: We may disclose your data when required by law, regulation, or legal process, or to protect the rights, property, and safety of Defense Station, our users, and others.

8. Data Security

We implement robust security measures to protect your data, including encryption, multi-factor authentication, and access controls. Regular security assessments and audits are conducted to ensure compliance with industry standards and best practices.

Incident Response: In the event of a security incident, we follow a strict incident response protocol to mitigate any potential damage and restore service integrity.

9. Cross-Border Data Transfers

If your data is transferred outside of your country of residence, we ensure appropriate safeguards are in place to protect your data. This may include:

  • Standard Contractual Clauses (SCCs): For transfers outside the EEA, we implement SCCs approved by the European Commission to ensure adequate protection of your personal data.
  • PIPEDA Compliance: For cross-border transfers involving Canadian data, we adhere to PIPEDA’s requirements to ensure your data remains protected.

10. Data Breach Notification

In the event of a data breach, we will notify affected individuals and relevant authorities promptly, in accordance with GDPR, PIPEDA, PIPA, and other applicable laws. We will provide details about the breach, the potential impact, and the steps we are taking to address it.

11. Compliance with PIPA

For residents of Alberta, British Columbia, and Quebec, we comply with the Personal Information Protection Act (PIPA), which governs how we collect, use, and disclose personal information in these provinces. We ensure your data is handled with care and in compliance with provincial regulations.

12. Children's Privacy

Our services are not directed to children under 13, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it as soon as possible.

13. Updates to this Policy

We may update this policy from time to time to reflect changes in our practices, technologies, or legal requirements. Any updates will be communicated via our website or directly to you where appropriate. We encourage you to review this policy periodically to stay informed about our data practices.

14. Contact Information

If you have any questions or concerns about this privacy policy or our data practices, please contact us at email: info@defensestation.ca