Privacy Policy

Information We Collect

Website Visitors

Contact Forms: Name, email, phone, company name
Website Analytics: IP address (anonymized), browser type, pages visited
Cookies: Essential cookies for functionality, Microsoft Clarity for usage statistics

MDR Clients

As part of providing security monitoring services, we collect:

Endpoint Logs: Process execution, file hashes, network connections
Network Logs: Firewall logs, DNS queries, VPN access
Identity Logs: Authentication events, login attempts
Cloud Activity: AWS/Azure/GCP audit logs

Important: We only collect security-relevant metadata. We do not intentionally access email content, file contents, or personal communications.

Lawful Basis for Processing

Under GDPR Article 6, we process personal data based on the following legal bases:

Contract Performance (Article 6(1)(b)): Processing MDR client security logs, endpoint data, and identity logs is necessary to fulfill our service agreement with you.
Legitimate Interest (Article 6(1)(f)): Website analytics (anonymized), threat intelligence enrichment, and improving our detection capabilities. We have assessed that these interests do not override individuals' privacy rights.
Consent (Article 6(1)(a)): Contact form submissions and marketing communications. You provide this information voluntarily and can withdraw consent at any time.
Legal Obligation (Article 6(1)(c)): Retaining certain records to comply with applicable laws, respond to legal processes, or meet regulatory requirements.

How We Use Information

We use your information to:

Provide MDR Services: Detect threats, investigate alerts, respond to incidents
Communicate: Respond to inquiries, send security alerts (clients only), provide service updates
Improve Services: Analyze threat trends, improve detection rules, enhance website
Legal Compliance: Meet legal obligations, enforce terms, protect rights

Data Security

We protect your data with industry-standard security measures:

Technical Controls

TLS 1.2+ encryption in transit
AES-256 encryption at rest
Multi-factor authentication (MFA)
Comprehensive audit logging

Organizational Security

Background checks for all analysts
Confidentiality agreements with staff
Regular security training
Annual third-party security audits

Data Retention

Security Logs: 90 days (configurable)
Incident Data: 1 year after closure
Contact Info: 2 years or until deletion requested

Data Sharing & Disclosure

We do not sell, rent, or trade your personal information or security data to third parties.

Service Providers

We may share data with trusted providers who assist in service delivery:

Cloud Infrastructure: AWS, Microsoft Azure, Google Cloud Platform
Security Tools: SIEM, threat intelligence vendors
Communication: Email service providers

All providers are bound by confidentiality agreements and data processing agreements.

Legal Requirements

We may disclose information when required by law (court orders, subpoenas). We will notify you of legal requests unless prohibited.

Your Privacy Rights

GDPR Rights (EU Residents)

Access: Request a copy of your data
Rectification: Correct inaccurate data
Erasure: Request deletion of your data
Portability: Receive your data in machine-readable format
Object: Object to certain types of processing
Withdraw Consent: Where processing is based on consent, you may withdraw it at any time by contacting us at privacy@babartech.com. Withdrawal does not affect the lawfulness of processing performed prior to withdrawal.
Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully. A list of EU supervisory authorities is available at edpb.europa.eu.

CCPA Rights (California Residents)

Know: What information we collect and why
Delete: Request deletion of your information
Opt-Out: We don't sell data (nothing to opt out of)
Non-Discrimination: Equal service regardless of rights exercise

Exercise Your Rights

Contact us at privacy@babartech.com with "Privacy Request" in the subject line. We'll respond within 30 days.

International Data Transfers

We operate globally. Data may be transferred to countries outside your own. We use Standard Contractual Clauses (SCCs) approved by the European Commission for EU data transfers.

Cookies

We use cookies for:

Essential: Website functionality and navigation
Analytics: Microsoft Clarity (anonymized) for usage statistics

You can manage cookies through your browser settings. Learn more at AllAboutCookies.org.

Policy Changes

We may update this policy periodically. Material changes will be communicated via email 30 days in advance. Minor updates will be reflected in the "Last Updated" date above.

Contact Us

For privacy questions or to exercise your rights:

Privacy Team

Email: privacy@babartech.com

Subject Line: "Privacy Request"

Response Time: Within 30 days

Table of Contents