Privacy Policy

Last updated: February 17, 2026

iTriage ("we", "us", "our") operates the iTriage platform and website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

1. Information We Collect

Account Information: When you register or join our waitlist, we collect your name, email address, organization name, role, sector, and any motivation text you provide.

Usage Data: We automatically collect information about how you interact with the platform, including pages visited, features used, timestamps, browser type, and IP address.

Threat Intelligence Data: Data ingested from your configured feeds and sources is processed within your workspace. This includes intelligence feeds, API connections, and any manually submitted intelligence.

Cookies & Similar Technologies: We use essential cookies for authentication and session management. We do not use third-party advertising cookies. See our Cookie Policy for details.

2. How We Use Your Information

  • To provide, operate, and maintain the iTriage platform
  • To process and analyze threat intelligence within your workspace
  • To manage your account and provide customer support
  • To send service-related communications (security alerts, product updates)
  • To improve our platform, including AI model performance
  • To comply with legal obligations and enforce our terms
  • To detect and prevent fraud, abuse, and security incidents

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data on the following legal bases:

  • Contract Performance: Processing necessary to provide the services you requested
  • Legitimate Interest: Platform security, fraud prevention, and service improvement
  • Consent: Marketing communications (you may withdraw consent at any time)
  • Legal Obligation: Compliance with applicable laws and regulations

4. Data Sharing & Third Parties

We do not sell your personal data. We may share information with:

  • Infrastructure Providers: Cloud hosting (Cloudflare, Supabase), email delivery services
  • AI Processing: Anonymized content may be processed by AI providers for entity extraction and analysis. No personal data is sent to AI providers.
  • Payment Processors: Stripe processes billing information directly; we do not store payment card details
  • Legal Requirements: When required by law, court order, or to protect our rights

5. Data Retention

We retain your account data for the duration of your subscription. Threat intelligence data is retained according to your workspace settings. Upon account deletion, personal data is removed within 30 days. Anonymized analytics data may be retained indefinitely.

6. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Workspace isolation with row-level security policies
  • Multi-factor authentication (TOTP)
  • Regular security audits and vulnerability assessments
  • Role-based access control (admin, analyst, viewer)

7. Your Rights

Under GDPR, NIS2, and applicable data protection laws, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw Consent: Where processing is based on consent

To exercise any of these rights, contact us at support@itriage.app. We will respond within 30 days.

8. International Data Transfers

Your data may be processed in the European Union. Where transfers occur outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Children's Privacy

iTriage is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the platform. Continued use of iTriage after changes constitutes acceptance of the updated policy.

11. Contact Us

For questions about this Privacy Policy or your personal data:

iTriage
Email: support@itriage.app

12. Supervisory Authority

If you are in the EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.