Flash CTI logo
Policy

Privacy Policy

Last updated: October 18, 2025

1. Introduction

Flash CTI (“we,” “us,” or “our”) provides Cyber Threat Intelligence as a Service (CTIaaS). We value your privacy and are committed to protecting your information. This Privacy Policy explains how we collect, use, store, and protect your data, as well as your rights under applicable privacy laws, including the California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR).

2. Information We Collect

  • Business contact details: Name, email address, phone number, organization name, and job title.
  • Inventory and asset data: Information about your systems, vendors, and infrastructure provided to us for analysis.
  • Usage data: Website analytics, such as page visits, session durations, and referral sources, collected through Google Analytics. This information is generic and not tied to individual users.
  • Correspondence data: Communications sent via email, Slack, Teams, or other approved channels.

We do not collect sensitive personal information unrelated to your business context.

3. How We Use Your Information

  • Provide tailored cyber threat intelligence services, including alerts, reports, and bulletins.
  • Communicate with you about service updates or security events.
  • Maintain and improve our products and services.
  • Comply with legal obligations or enforce our service agreements.

We will never sell your personal data.

4. Data Sharing and Disclosure

We do not share identifiable customer data with external parties except when necessary to provide our services. In some cases, we may:

  • Share redacted or anonymized asset data with trusted third parties to perform deeper analysis or validation; this information is generic and not tied to the company of origin.
  • Engage secure infrastructure or cloud providers to host and store data under our direct control.
  • Use communication platforms (e.g., Slack, Teams, Email) for client correspondence.

All such third parties are bound by confidentiality and security commitments consistent with GDPR and CCPA requirements.

5. Data Security

  • Encryption: All data is encrypted at rest and in transit.
  • Access Control: Analyst access is granted strictly on a need-to-know basis.
  • Audit Trails: All access and changes are logged and auditable.
  • Customer Rights: You may request an audit of our security controls upon reasonable notice.

We store customer inventory, asset, and collected data on a secure virtual private server and follow industry standards to keep your data protected.

6. Data Retention and Deletion

  • Customer data is retained for the duration of your active subscription.
  • You may update your data through secure channels at any time.
  • Upon termination of service or written request, your data is permanently deleted from our systems. Backup data may persist for up to 30 days before secure purge.

7. Cookies and Analytics

We use Google Analytics to collect anonymous usage statistics about website performance and visitor behavior. This data is generic and not customer-specific. You can disable cookies in your browser settings or opt out of Google Analytics by visiting Google’s opt-out page.

8. GDPR Legal Bases

Where the GDPR applies, we primarily process personal data on the following legal bases:

  • Contractual necessity (Art. 6(1)(b)): to provide and support the services you request.
  • Legitimate interests (Art. 6(1)(f)): to secure and improve our services, prevent abuse, and protect users.
  • Consent (Art. 6(1)(a)): for optional activities such as certain analytics cookies where required.
  • Legal obligation (Art. 6(1)(c)): to comply with applicable laws.

9. Your Rights

Under the GDPR

  • Access, correct, or delete your personal data.
  • Restrict or object to processing.
  • Request data portability.
  • Withdraw consent at any time without affecting prior processing.
  • Lodge a complaint with a supervisory authority.

Under the CCPA

  • Request disclosure of the categories and specific pieces of personal information we collect.
  • Request deletion of your personal information.
  • Opt out of any sale or sharing of personal information (we do not sell personal information).
  • Non-discrimination for exercising your rights.

To exercise any rights, contact us using the details below. We may verify your identity before fulfilling a request. Authorized agents may submit requests on a consumer’s behalf as permitted by law.

10. International Data Transfers

Our servers are located in the United States. If you access our services from outside the U.S., your information may be transferred to and processed in the U.S. under security measures aligned with GDPR standards and, where required, appropriate safeguards.

11. Children’s Privacy

Our services are not directed to children under 16, and we do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date above will reflect the most recent revision. We encourage you to review this policy periodically.

13. Contact Us

Flash CTI
Email: founder@flashcti.com
Website: https://flashcti.com