Back to Home

Privacy Policy

Last updated: January 2025

Introduction

Netrisk ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our third-party risk management platform and related services.

Information We Collect

Information You Provide

  • Account information (name, email address, company details)
  • Contact information for communications and support
  • Payment and billing information
  • Information about your vendors and third parties
  • Configuration preferences and settings

Information We Collect Automatically

  • Usage data and analytics about how you interact with our platform
  • Device information, IP addresses, and browser types
  • Log files and session information
  • Cookies and similar tracking technologies

External Data Collection

Our platform collects publicly available information about organizations through external monitoring, including DNS records, SSL certificates, security headers, and threat intelligence feeds. This data is collected passively and does not require direct access to systems.

How We Use Your Information

  • Provide, operate, and maintain our risk management services
  • Analyze third-party security posture and generate risk scores
  • Send alerts and notifications about security findings
  • Process payments and manage subscriptions
  • Improve our platform and develop new features
  • Communicate with you about service updates and support
  • Comply with legal obligations and enforce our terms
  • Detect, prevent, and address security issues or fraud

Data Security

We implement industry-standard security measures to protect your information:

  • AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • Regular security audits and penetration testing
  • Role-based access controls and multi-factor authentication
  • SOC 2 Type II compliance (in progress)
  • Data segregation between customer tenants
  • Regular backups and disaster recovery procedures

Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

  • Service providers who assist in platform operations (hosting, analytics, support)
  • Legal authorities when required by law or to protect rights and safety
  • Business partners with your explicit consent
  • Acquiring entities in the event of a merger or acquisition

Data Retention

We retain your information for as long as your account is active or as needed to provide services. Risk assessment data is retained according to your subscription plan and compliance requirements. You may request deletion of your data at any time, subject to legal retention obligations.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal information
  • Object to or restrict processing of your data
  • Data portability and export
  • Withdraw consent where applicable
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact us at privacy@netrisk.io.

International Data Transfers

Your information may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses for EU data subjects.

Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification. Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us

For questions about this Privacy Policy or our data practices, contact us at:

Netrisk Privacy Team

Email: privacy@netrisk.io

General Inquiries: hello@netrisk.io