Privacy Policy

1. Introduction

SURGE Security ("SURGE", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, and share information when you use our forensic analysis platform and related services (the "Services").

2. Information We Collect

We collect information you provide directly to us, including:

Account Information: When you create an account, we collect your name, email address, organization name, and billing information.

Forensic Data: When you upload forensic collections for analysis, we process the artifacts contained within. This data is stored in your tenant's isolated storage and is never shared with other customers.

Usage Data: We automatically collect information about how you interact with our Services, including investigation counts, feature usage, and performance metrics.

3. How We Use Your Information

We use the information we collect to provide, maintain, and improve our Services; process and analyze forensic collections you submit; send you technical notices, updates, and support communications; detect, investigate, and prevent security incidents and fraudulent transactions; and comply with legal obligations.

4. Data Security

We implement industry-standard security measures to protect your data. All forensic data is stored in isolated, encrypted storage. Multi-tenant architecture ensures strict data separation between organizations. Access controls and audit logging are enforced at every layer.

5. Data Retention

We retain your forensic data for the duration of your subscription plus 30 days after account closure. Investigation results and reports are retained according to your plan's lookback window. You may request deletion of your data at any time by contacting us.

6. Third-Party Services

We use select third-party services to operate our platform, including cloud infrastructure providers, authentication services, and payment processors. These providers are bound by contractual obligations to protect your data and are only permitted to use it in connection with the services they provide to us.

7. Your Rights

You have the right to access, correct, or delete your personal information; export your investigation data; opt out of non-essential communications; and request information about how your data is processed. To exercise these rights, contact us at info@surge.security.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at info@surge.security.