Privacy Policy

1. Introduction

ThreatScoreAI™ is operated by Sarrenite ("we", "us", "our"). We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our vulnerability risk scoring API service.

2. Data Controller

Sarrenite is the data controller responsible for your personal data. For any privacy-related enquiries, please contact us at: [email protected]

3. Information We Collect

We collect the following categories of personal data:

• Account Information: Name, email address, and password (encrypted) when you register
• Billing Information: Payment details processed securely through Stripe; we do not store full card numbers
• Usage Data: API requests, timestamps, and vulnerability data submitted for scoring
• Technical Data: IP address, browser type, and device information
• Contact Information: Details provided through our enterprise contact form

4. How We Use Your Data

We process your personal data for the following purposes:

• To provide and maintain our API service
• To process your subscription payments
• To send service-related communications
• To respond to your enquiries and support requests
• To monitor and analyse usage patterns to improve our service
• To detect and prevent fraud or abuse
• To comply with legal obligations

5. Legal Basis for Processing

We process your data under the following legal bases:

• Contract: Processing necessary to fulfil our service agreement with you
• Legitimate Interests: To improve our services, prevent fraud, and ensure security
• Consent: For analytics cookies and marketing communications (where applicable)
• Legal Obligation: To comply with applicable laws and regulations

6. Data Sharing

We may share your data with:

• Stripe: For payment processing (subject to their privacy policy)
• Google Analytics: For website analytics (anonymised data)
• Hosting Providers: To deliver our service infrastructure

We do not sell your personal data to third parties.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. API usage logs are retained for 12 months. After account deletion, we may retain certain data for up to 6 years to comply with legal and regulatory requirements.

8. Your Rights

Under UK GDPR, you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request limitation of processing
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at [email protected]. We will respond within one month.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption, secure servers, and access controls. However, no method of transmission over the internet is 100% secure.

10. International Transfers

Your data may be processed outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the ICO.

11. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our service. Continued use of ThreatScoreAI™ after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy enquiries or to exercise your rights, contact:
Sarrenite
Email: [email protected]