1. INTRODUCTION
CyberForce, Inc. (“SOC Jedi.AI,” “we,” “us,” or “our”) is committed to protecting the privacy of our customers and users (“you,” “your”). This Privacy Policy explains how we collect, use, disclose, transfer and safeguard your personal data in connection with our AI-SOC Analyst platform, available as both a cloud-hosted SaaS solution and a fully on-premises deployment.
2. DEFINITIONS
Personal Data means any information relating to an identified or identifiable natural person
Sensitive Personal Data means data revealing racial or ethnic origin, political opinions, religious beliefs, health information or biometric data
Services means our software, APIs, integrations, website, documentation and any related support or professional services
3. SCOPE
This Policy applies to Personal Data processed by SOC Jedi.AI in the course of providing, maintaining and supporting the Services, including data collected via our website, customer portals, APIs, integrations and on-premises installations.
4. DATA WE COLLECT
– Information you provide via forms or API calls, including full name, corporate email, company name, password, user role, comments or promo codes
– Account and authentication data such as administrator and user roles, access logs and session tokens
– Security logs and metadata from SIEM, EDR, XDR, IRP and other sources, including alert data, timestamps, threat indicators and enrichment details
– Device and usage data, including IP address, device identifiers, browser type, operating system, referring URLs, feature usage metrics and telemetry
– Cookies and tracking data via session and persistent cookies, web beacons and similar technologies
– Third-party data you authorize us to retrieve from integration partners or threat intelligence vendors
– We do not collect Sensitive Personal Data except if explicitly provided by you, in which case we process it only with your affirmative consent or as required by law
5. PURPOSES OF PROCESSING
– To provide, maintain, support and secure our SaaS and on-premises Services
– To authenticate users, enforce access controls and manage service configurations
– To automate and orchestrate security investigations and AI-based threat analysis
– To integrate with third-party platforms and virtual AI agents via REST APIs and chatbots
– To train, evaluate and improve our machine learning models and AI agents
– To send service notifications, security alerts, product updates and administrative messages
– To perform internal analytics, detect fraud or security incidents and optimize performance
– To comply with legal obligations, enforce our terms of service and defend our legal rights
6. LEGAL BASIS FOR PROCESSING
– Consent where required for marketing communications and non-essential processing
– Performance of contract to deliver and support the Services you request
– Legitimate interests in improving, securing and optimizing our Services, provided they do not override your rights
– Compliance with legal or regulatory obligations to which SOC Jedi.AI is subject
7. DATA SHARING AND DISCLOSURE
– Integration partners, cloud providers and hosting vendors under stringent confidentiality and security obligations
– Internal SOC Jedi.AI personnel and affiliates for support, development and business operations
– Threat intelligence and enrichment providers under contract
– Legal and regulatory authorities as required by applicable law, court order or to protect our rights
– Prospective acquirers, investors or business partners in connection with mergers, acquisitions or asset sales, subject to confidentiality safeguards
8. INTERNATIONAL DATA TRANSFERS
– SaaS customer data may be processed in the United States, European Union and other jurisdictions where our service providers operate
– On-premises customer data remains within your infrastructure under your sole control
– We implement Standard Contractual Clauses, Binding Corporate Rules or other approved safeguards to ensure compliance with GDPR and similar laws
9. DATA SECURITY
– Encryption of Personal Data at rest using AES-256 and in transit using TLS 1.2 or higher
– Role-based access controls, multi-factor authentication and principle of least privilege for internal access
– Regular third-party penetration tests, vulnerability assessments and security audits
– Network segmentation for SaaS environments and hardening guidelines for on-premises deployments
– Encrypted backups, secure disposal procedures and disaster recovery plans
10. DATA RETENTION
– We retain Personal Data only as long as necessary for the purposes described or to satisfy legal, regulatory or contractual obligations
– Security logs and telemetry are retained for a default period of 90 days, extendable for incident response or compliance needs
– Account and administrative records may be retained up to seven years to comply with financial, tax or audit requirements
– Upon expiry of retention periods, data is securely deleted or irreversibly anonymized
11. COOKIES AND TRACKING TECHNOLOGIES
– Essential cookies enable authentication, load balancing and core functionality
– Analytics cookies help us measure feature usage, performance and user behavior
– You may disable or delete cookies via your browser settings, though certain Service features may become unavailable
12. DO-NOT-TRACK
We do not currently respond to Do-Not-Track browser signals. If a recognized standard is adopted, we will update this Policy accordingly.
13. DATA SUBJECT RIGHTS AND REQUEST PROCEDURES
If you reside in the EEA, UK, California or other applicable jurisdiction, you may request to access and receive a copy of your Personal Data, rectify or update inaccurate data, request deletion or erasure where legally permitted, restrict or object to processing based on legitimate interests, withdraw consent at any time without affecting prior processing, or obtain portability of your Personal Data to another provider. To exercise these rights submit a verifiable request to privacy@socjedi.ai. We may request additional information to confirm your identity. We will respond within applicable legal timeframes and may charge a reasonable fee for manifestly unfounded or excessive requests.
14. DATA BREACH NOTIFICATION
We maintain an incident response program and will notify affected individuals and regulatory authorities of a data breach as required by law, typically within 72 hours of becoming aware of a notifiable breach. Notifications will include the nature of the breach, data categories involved, mitigation steps taken and contact information for inquiries.
15. CALIFORNIA PRIVACY RIGHTS
California residents may request disclosures of categories of Personal Data collected, shared or sold in the prior 12 months, opt-out of any sale of their Personal Data and request deletion of Personal Data subject to statutory exceptions. Submit requests to privacy@socjedi.ai or by mail to our address below.
16. CHILDREN’S PRIVACY
Our Services are not directed to minors under 18. We do not knowingly collect Personal Data from children under 18. If we learn we have inadvertently collected such data, we will delete it promptly.
17. CHANGES TO THIS POLICY
We may update this Policy to reflect changes in our practices or legal requirements. The revised date at the top will indicate when changes take effect. Material updates will be communicated via email or in-product notification.
18. GOVERNING LAW AND JURISDICTION
This Policy and any dispute arising hereunder will be governed by the laws of the State of Delaware without regard to conflict of laws principles. Any legal action shall be brought in the courts of Wilmington, Delaware.
19. CONTACT INFORMATION
For questions, privacy rights requests or concerns, contact CyberForce, Inc at privacy@socjedi.ai or by mail at 251 Little Falls Drive, Wilmington, Delaware 19808, United States.