Data retention policy
This Policy sets out the obligations of Bright Security (hereinafter referred to as the “Company”) regarding retention of personal data collected, held, and processed by the Company in accordance with EU Regulation 2016/679 General Data Protection Regulation (“GDPR”). This Policy sets out the type(s) of personal data held by the Company, the period(s) for which that personal data is to be retained, the criteria for establishing and reviewing such period(s), and when and how it is to be deleted or otherwise disposed of. Customers details – name, address, telephone number, email address Until asked to be removed by customer on-going business transactions M&S/ R&D / Finance/ management CRM - password protected Customers contracts Until asked to be removed by customer on-going business transactions M&S / Finance/ management CRM - password protected Billing system - password protected
Data archiving and removal policy
Customers details – name, address, telephone number, email address Until asked to be removed by customer on-going business transactions M&S/ R&D / Finance/ management CRM - password protected Customers contracts Until asked to be removed by customer on-going business transactions M&S / Finance/ management CRM - password protected Billing system - password protected
Data storage policy
Customer data is stored using RDS, local filesystem and remote file systems. Storage policies are applied for individual users and in compliance with the information that they give. All data is protected with passwords, mfa and SSO access including personal and possible organization information. In case of sensitive information (e.g. access tokens, credit cards) the data is stored encrypted so that in case of data breach the leaked information proves useless.
Data center location(s)
United States
Data hosting details
Cloud hosted
App/service has sub-processors
no