cisoAI
Sign In
Back to Home

Privacy Policy

Last Updated: January 2, 2026

1. Introduction

cisoAI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our security monitoring service.

2. Information We Collect

We collect information in the following ways:

Account Information

  • Email address
  • Name
  • Company name and domain
  • Industry and company size

Workspace Data (with your permission)

  • User directory information (names, emails, roles)
  • Security configuration settings
  • Authentication and MFA status
  • Application permissions and OAuth grants

External Scan Data

  • DNS records and configuration
  • SSL certificate information
  • Email security settings (SPF, DKIM, DMARC)
  • Website security headers

3. How We Use Your Information

We use the information we collect to:

  • Provide security monitoring and risk assessment services
  • Generate security findings and recommendations
  • Create Proof of Protection documentation
  • Send security alerts and weekly summary emails
  • Improve our services and develop new features
  • Communicate with you about your account

4. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit and at rest, secure authentication, and regular security assessments. All data is hosted on Amazon Web Services (AWS) infrastructure with SOC 2 and ISO 27001 certifications. Access to customer data is restricted to authorized personnel only.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide you services. You may request deletion of your data at any time by contacting us. Upon account deletion, we will remove your data within 30 days.

6. Third-Party Services

We use the following third-party services to operate cisoAI:

  • Amazon Web Services (AWS) - Cloud infrastructure and data hosting (US-East-2 region)
  • Stripe - Payment processing
  • Anthropic (Claude) - AI-powered security guidance
  • Google/Microsoft - Workspace integrations (with your OAuth consent)
  • Resend - Transactional email delivery

Each third-party provider maintains their own privacy policies and security practices. We only share the minimum data necessary for each service to function.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data
  • Opt out of marketing communications
  • Revoke workspace access at any time

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last Updated" date.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at support@cisoai.ai