Skip to main content

Soteria Privacy Policy

To view or download this document as a PDF, Click Here

Owner and Data Controller

Soteria LLC
4401 Leeds Ave
North Charleston, SC 29405
Owner contact email: [email protected]

Soteria, we, and us refers to Soteria LLC.

Soteria's mission is to leverage our cybersecurity knowledge and expertise to provide safe passage to our partners on their digital journeys. Our mission requires Soteria to collect and process data. Ensuring your data is used only in a manner consistent with your expectations is our responsibility.

This Privacy Policy describes how we collect, use, and disclose information you provide to us, including personal information — meaning information that may allow us to determine your identity when you engage with us. We may receive your information when you use our websites, products, or services, or otherwise interact with us. This Privacy Policy also covers information we may collect indirectly.

This Privacy Policy describes the choices available to you regarding our use of your personal information and how you can access and update this information. We encourage you to read this Privacy Policy carefully when providing information through our websites, products, and services. By using our websites, products, and services, you accept the practices described herein.

Types of Information We Collect

Information You Provide Directly

Information Soteria collects — by itself or through third parties — may include but is not limited to: email address, first name, last name, phone number, company name, Trackers, and Usage Data. Personal information may be provided directly by you, or in the case of Trackers and Usage Data, collected automatically when you use Soteria products and services. Any use of Cookies or other tracking tools by Soteria or third-party services used by Soteria serves the purpose of delivering the service you require, in addition to any other purposes described in this policy and in the Cookie Policy.

Information Collected to Deliver and Improve Our Services

To provide our solutions and services and ensure they are operating correctly, we collect certain information automatically, including:

  • Device and network data
  • User and system behavior
  • Application logs
  • Security configuration data
  • Organizational information
  • Other relevant machine data

We also collect information about how you use our products and services — such as how often you access them and which features you use most. We use this to improve your experience, make our solutions more intuitive, and enhance the most popular features.

Information from Third Parties

We receive various types of information from third parties, such as when we jointly offer services or sponsor events. We also collect data from third-party security providers and online databases in connection with our research into active or historic threats, vulnerabilities, and risks. This may include domain names, IP addresses, email accounts, and usernames associated with security risks. Additionally, we collect certain information from publicly available sources, including the dark web, to help identify and protect our customers against security threats.

How We Use the Information We Collect

The information we collect allows Soteria to provide its products and services, communicate with you, comply with legal obligations, respond to law enforcement requests, protect our rights and interests, and detect malicious or fraudulent activity.

Delivering and Improving Our Products and Services

We use the information we collect to deliver our solutions, understand threat actor behavior, and help customers keep their environments secure. We process customer information to deliver our offerings on their behalf and do not access information such as user, network, vulnerability, incident, or asset data unless specifically requested to investigate an issue or carry out a service.

Soteria uses Google Analytics — provided by Google LLC — on our marketing website at https://soteria.io. Google uses collected data to track site usage, prepare activity reports, and share data with other Google services. Soteria uses this data to analyze traffic patterns and inform marketing decisions.

Contacting You

When you use our products and services, register for newsletters, fill out forms, or otherwise interact with us, your contact information may be added to our contact lists. Those on our lists may receive commercial or promotional communications about Soteria products and services. By providing your contact details, you authorize Soteria to use them to respond to your requests for information, quotes, or other inquiries.

Analytics and Research

Most data we collect through research initiatives is publicly available or anonymized. It is collected to enrich the security community and foster secure technology adoption. For example, one initiative uses metadata from SaaS configuration scans to identify common misconfigurations in enterprise systems, which is then shared with the broader security community.

Processing the Information We Collect

Methods of Processing

Soteria takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of data. Processing is carried out using computers and IT-enabled tools, following organizational procedures aligned with stated purposes. In some cases, data may be accessible to Soteria personnel (in administration, sales, marketing, legal, or system administration roles) or external parties such as technical service providers, hosting providers, or communications agencies appointed as Data Processors. The current list of such parties may be requested from Soteria at any time.

Place of Processing

Data is processed at Soteria's operating offices and wherever parties involved in processing are located. Depending on your location, your data may be transferred to another country. For more information about where transferred data is processed, refer to the relevant section of this document.

How We Share the Information We Collect

With Third-Party Vendors, Consultants, and Business Partners

Some third parties perform services on our behalf and may require access to your information — for example, for billing or customer support. These service providers are authorized to use your information only as necessary and are subject to strict contractual controls to protect the confidentiality and security of your data.

California Consumer Privacy Act

We do not sell our customers' personal information as defined by the California Consumer Privacy Act, and will not do so without providing any required notice and/or right to opt out.

Retention Period

Unless otherwise specified, personal information is processed and stored for as long as required by the purpose for which it was collected. It may be retained longer due to a legal obligation, authority order, or user consent. When there is no longer a legitimate business reason to process your information, we will delete or anonymize it. Where deletion is not immediately possible (e.g., data stored in backups), we will securely store and isolate your information until deletion is possible.

Legal Basis for Processing

Soteria may process personal information where one of the following applies:

  • You have given your consent for one or more specific purposes.
  • Processing is necessary for the performance of an agreement with you or for pre-contractual obligations.
  • Processing is necessary for compliance with a legal obligation to which Soteria is subject.
  • Processing relates to a task carried out in the public interest or in the exercise of official authority vested in Soteria.
  • Processing is necessary for the legitimate interests pursued by Soteria or a third party.

Soteria will gladly clarify the specific legal basis applicable to any processing activity, including whether the provision of personal information is a statutory or contractual requirement.

Your Rights Under the GDPR

To the extent permitted by law, Users may exercise the following rights regarding their data processed by Soteria:

  • Withdraw consent at any time. Where you have previously consented to processing, you may withdraw that consent.
  • Object to processing. You may object to processing carried out on a legal basis other than consent.
  • Access your data. You may request disclosure of whether and how your data is being processed, and obtain a copy.
  • Seek rectification. You may request that inaccurate data be updated or corrected.
  • Restrict processing. You may request that Soteria limit processing of your data to storage only.
  • Request erasure. You may request deletion or removal of your personal information from Soteria's systems.
  • Data portability. You may request your data in a structured, machine-readable format and, where technically feasible, have it transferred to another controller.
  • Lodge a complaint. You may bring a claim before your competent data protection authority.

Users are also entitled to learn about the legal basis for international data transfers, including to organizations governed by public international law such as the UN, and about the security measures Soteria has in place.

Right to Object — Additional Detail

Where personal information is processed for a public interest, in the exercise of official authority, or for Soteria's legitimate interests, you may object by providing grounds related to your particular situation. Where data is processed for direct marketing, you may object at any time, free of charge and without justification. Upon such objection, your data will no longer be used for direct marketing purposes.

How to Exercise Your Rights

Requests to exercise any of the above rights may be directed to Soteria using the contact details in this document. Requests are free of charge and will be addressed as early as possible and within one month. Soteria will notify relevant recipients of any rectification, erasure, or restriction of processing unless doing so is impossible or involves disproportionate effort.

Additional Information About Data Collection and Processing

Cookie Policy

Soteria websites use Trackers. To learn more, please consult the Cookie Policy.

Legal Action

Your personal information may be used by Soteria for legal purposes in court or in stages leading to possible legal action arising from improper use of our products and services. You acknowledge that Soteria may be required to disclose personal information upon request of public authorities.

Additional Contextual Information

Soteria products and services may provide additional contextual information about data collection and processing for specific services upon request.

System Logs and Maintenance

For operation and maintenance purposes, Soteria products and services — and any third-party services used — may collect system interaction logs or use other personal information such as IP addresses.

Information Not Covered by This Policy

For additional details about data collection or processing not addressed here, please contact Soteria using the information at the beginning of this document.

Changes to This Privacy Policy

Soteria reserves the right to update this Privacy Policy at any time. Users will be notified on this page and, where technically and legally feasible, via available contact information. We recommend checking this page regularly. Where changes affect processing based on your consent, Soteria will collect new consent where required.

Definitions and Legal References

Personal Data (or Data or Information)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

Usage Data
Information collected automatically through Soteria websites, products, and services, including IP addresses, domain names, URI addresses, request times, HTTP methods, file sizes, server response codes, country of origin, browser and OS details, time spent per page, navigation paths, and other device or environment parameters.

User
The individual using Soteria websites, products, and services who, unless otherwise specified, coincides with the Data Subject.

Data Subject
The natural person to whom the Personal Data refers.

Data Processor (or Processor)
The natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Controller, as described in this Privacy Policy.

Data Controller (or Owner)
The natural or legal person, public authority, agency, or other body that determines the purposes and means of processing Personal Data — including security measures related to the operation of Soteria websites, products, and services. Unless otherwise specified, the Data Controller is Soteria.

European Union (or EU)
Unless otherwise specified, all references to the European Union include all current member states of the European Union and the European Economic Area.

Cookie
Cookies are Trackers consisting of small sets of data stored in the User's browser.

Tracker
Any technology — including Cookies, unique identifiers, web beacons, embedded scripts, e-tags, and fingerprinting — that enables the tracking of Users by accessing or storing information on the User's device.