DeepTraQ AI Platform Privacy Policy

Effective Date: Aug 15th, 2025

Introduction

This Privacy Policy explains how DeepTraQ AI Platform ("DeepTraQ", "we", "our", or "us", "DeepTraQ AI", "Platform") collects, uses, stores, and protects your personal and organizational data when you use our products, integrations, and services.

By accessing or using DeepTraQ, you agree to the practices described in this Privacy Policy.

What Data Do We Collect?

DeepTraQ collects the following categories of data:

User Data

Name, email address, authentication credentials
Sign-up and login details (via email, Google, GitHub, Microsoft, etc.)

Integration Data

API keys and access tokens for integrations such as AWS, Azure, GCP, GitHub, GitLab, Bitbucket, and others
Configuration details (cloud accounts, repositories, workloads, endpoints, firewalls, etc.)

Scan & Security Data

Vulnerability scan results, remediation details
Logs of scans and evidence for audit traceability
Metadata about vulnerabilities (CVEs, exploitability, severity, context)

Technical Data

IP addresses, browser and device information
Cookies and analytics data (via Google Analytics and similar tools, including approximate location and behavior patterns)

How Do We Collect Your Data?

We collect data directly when you:

Register an account or sign in via supported providers
Connect cloud or code integrations (AWS, Azure, GCP, GitHub, etc.)
Run vulnerability scans or upload configurations
Use or view our website (cookies and analytics tracking)

We may also collect diagnostic and error data to troubleshoot issues and improve our service.

How Will We Use Your Data?

DeepTraQ uses your data to:

Provide security scanning, monitoring, and reporting services
Authenticate integrations and perform scans securely
Generate dashboards, reports, and AI-driven insights
Retain logs and scan results for compliance and audit purposes
Troubleshoot technical problems and improve the platform
Comply with legal obligations (e.g., subpoenas, regulatory requirements)

We will never sell your data to third parties.

Data Retention

Scan & Log Retention: Default retention is 30 days, configurable up to 1 year. Any data exceeding the configured retention period is automatically pruned.

Audit Logging: All scans, user logins, and signups are logged and preserved for auditing purposes. These audit logs are not deleted and remain available for compliance verification.

Account Deletion: When an account is deleted, associated data is retained for 30 days before full removal.

Data Storage & Regions

Root credentials (master or admin login credentials) are stored in a central authentication service hosted in US-East-1 (Virginia, USA).
Platform data (scan results, logs, evidence, integrations) is stored in the region chosen by the user during sign-up (e.g., US, EU, APAC). This ensures data residency compliance.
All sensitive data is encrypted at rest and in transit. Access controls enforce the principle of least privilege.

External Links & Vulnerability References

Our platform may contain links to third-party websites or services. This Privacy Policy does not govern those third parties, and we recommend reviewing their respective privacy policies.

For vulnerability data, we reference external sources such as the National Vulnerability Database (NVD) and CVE records for accuracy and context.

User-Generated Content

Some features may allow you to create, upload, or share content (e.g., reports, dashboards, custom rules). Content you submit may be viewable by others in your organization and, if shared, may be accessible externally. Please use caution when sharing sensitive information.

Analytics & Tracking

We use Google Analytics and similar tools to gather standard internet log information and behavioral patterns, including:

User location (approximate)
Browser and device type
Usage flow and interaction behavior

This helps us improve performance and usability.

For users in the European Economic Area (EEA), DeepTraQ processes personal data under one or more of the following legal bases:

Contractual Necessity – to provide our services
Legitimate Interest – to improve security and functionality
Legal Obligation – to comply with applicable laws
Consent – where you explicitly provide it

Subject to applicable law, you may request:

Access to your personal data
Rectification of inaccurate data
Deletion of your data (subject to retention policies)
Restriction of processing
Data portability
Withdrawal of consent (where processing is based on consent)

Requests can be made via privacy@deeptraq.ai, and we will respond within 30 days.

Data Transfers

Data may be stored and processed outside the EEA (e.g., USA). We use standard contractual clauses (SCCs) or equivalent mechanisms to ensure appropriate safeguards.

Security Measures

Encryption of all sensitive data (in transit and at rest)
Firewalls and access controls with least-privilege policies
Regular vulnerability testing and remediation
Continuous monitoring for suspicious activity

Updates to This Policy

This Privacy Policy may be updated periodically. Changes will be posted on this page, and material changes will be communicated via email or platform notification.

Contact Us

If you have questions about this Privacy Policy or your data rights, contact us at:

Email: privacy@deeptraq.ai

Introduction​

What Data Do We Collect?​

How Do We Collect Your Data?​

How Will We Use Your Data?​

Data Retention​

Data Storage & Regions​

External Links & Vulnerability References​

User-Generated Content​

Analytics & Tracking​

EEA (GDPR) & International Data Transfers​

Your GDPR Rights​

Data Transfers​

Security Measures​

Updates to This Policy​

Contact Us​