AegisAI Privacy Policy

Last Updated: January 8, 2025

THIS PRIVACY POLICY DESCRIBES HOW AEGISAI ("COMPANY," "WE," "US," OR "OUR") COLLECTS, USES, STORES, PROCESSES, AND PROTECTS YOUR INFORMATION WHEN YOU USE OUR EMAIL SECURITY AND THREAT DETECTION SERVICES.

1. INTRODUCTION

At AegisAI, we understand that the security and privacy of your email communications are of paramount importance. Our service is designed to provide robust threat detection while maintaining the highest standards of data privacy and protection. We have developed sophisticated scanning technologies that analyze email content for security threats while implementing stringent privacy controls to ensure that your sensitive information remains confidential and protected.

This Privacy Policy outlines our comprehensive approach to handling your data, with a specific emphasis on our unique email scanning and threat detection capabilities. We have carefully designed our systems to maintain a balance between effective security monitoring and privacy preservation, ensuring that only suspicious content is retained while maintaining the confidentiality of your regular business communications.

Through this policy, we aim to provide complete transparency about our data handling practices, enabling you to make informed decisions about your use of our services. We are committed to maintaining your trust through clear communication about our privacy practices and ongoing dedication to protecting your information.

2. INFORMATION WE COLLECT

2.1 Email Content and Metadata

Our advanced email scanning system processes various components of your email communications to ensure comprehensive threat detection while maintaining privacy. The scanning process is automated and designed to minimize human intervention, operating in real-time to identify and isolate potential threats while allowing legitimate communications to flow unimpeded.

During this process, we collect and analyze:

  • Email headers and metadata: This includes routing information, timestamps, and technical details necessary for threat analysis
  • Email content: Temporarily processed for real-time threat scanning, with only suspicious content being retained
  • Attachments and embedded content: Analyzed for malware, suspicious code, and other potential threats
  • Sender and recipient information: Used to establish communication patterns and identify potential spoofing attempts
  • Email routing information: Analyzed to detect suspicious routing patterns and potential man-in-the-middle attacks
  • Time stamps and technical metadata: Used to identify temporal patterns and technical indicators of compromise

Our scanning process is designed to be minimally invasive, focusing solely on security-relevant aspects of your communications. Regular, non-suspicious email content is processed in memory only and is not permanently stored in our systems.

2.2 System and Technical Data

To maintain optimal security and system performance, our service automatically collects certain technical information about the systems and networks interacting with our service. This data collection is essential for maintaining security baselines and detecting potential anomalies that could indicate security threats.

We systematically collect:

  • IP addresses: Used for security monitoring and threat pattern analysis
  • Device information: Collected to identify potentially compromised devices and ensure secure access
  • Browser type and version: Monitored to prevent exploitation of browser-specific vulnerabilities
  • Operating system details: Used to contextualize security risks and potential vulnerabilities
  • Network information: Analyzed to detect suspicious network patterns and potential security breaches
  • Log files and usage data: Maintained for security auditing and threat pattern analysis

This technical data is collected and processed in a manner that prioritizes security while respecting privacy, with strict controls on data retention and access.

2.3 Account Information

To provide our services effectively and maintain appropriate security controls, we collect and maintain certain account-related information. This information is essential for account management, authentication, and securing access to our services.

When you register and maintain an account with us, we collect:

  • Name and contact information: Used for account identification and essential communications
  • Organization details: Maintained for proper service configuration and security policy implementation
  • Authentication credentials: Stored using industry-standard encryption and security practices
  • Billing information: Processed securely through compliant payment processors
  • Communication preferences: Maintained to respect your choices regarding service-related communications

All account information is stored securely with strict access controls and is never shared with unauthorized parties.

3. HOW WE USE YOUR INFORMATION

3.1 Email Scanning and Threat Detection

Our core service utilizes advanced automated systems to provide comprehensive email security while maintaining strict privacy controls. These systems are designed to identify and protect against a wide range of email-based threats while minimizing exposure of sensitive information.

Our automated systems perform the following functions:

  • Real-time scanning of email content using advanced algorithms to identify potential threats while maintaining privacy
  • Pattern analysis to detect sophisticated phishing attempts and social engineering attacks
  • Advanced malware detection in attachments and embedded content
  • Behavioral analysis to identify anomalous communication patterns that may indicate compromise
  • Continuous threat intelligence gathering to maintain up-to-date protection against emerging threats

These processes are fully automated and operate with minimal human intervention, ensuring that your email content remains private while maintaining robust security protection.

Data from Google Workspace APIs is not used to develop, improve, or train generalized AI and/or ML models.

3.2 Data Retention and Storage

We implement stringent data retention practices designed to minimize data storage while maintaining effective threat protection. Our approach focuses on retaining only the information necessary for security purposes while promptly disposing of non-essential data.

Key aspects of our retention practices include:

  • Selective storage of identified suspicious content with strict access controls
  • Immediate purging of non-suspicious email content following security scanning
  • Secure maintenance of threat detection logs for pattern analysis and security improvement
  • Time-limited retention of account information based on service requirements

3.3 Service Improvement

To continuously enhance our security capabilities, we conduct analysis using aggregated and anonymized data. This process is designed to improve our threat detection capabilities while maintaining strict privacy controls.

We utilize this data to:

  • Enhance threat detection algorithms through pattern analysis and machine learning
  • Optimize service performance and reliability through technical analysis
  • Develop new security features based on emerging threat patterns
  • Generate statistical analyses for threat intelligence purposes

4. DATA PROTECTION AND SECURITY

4.1 Technical Security Measures

We employ a comprehensive, defense-in-depth approach to protecting your data. Our security infrastructure is designed with multiple layers of protection, implementing industry-leading security controls and best practices at every level.

Our security implementation includes:

  • Military-grade encryption for all data, both in transit and at rest, using latest encryption standards
  • Multi-layered DLP systems with advanced content analysis and protection capabilities
  • Robust access control systems with multi-factor authentication and detailed audit logging
  • Regular third-party security audits and continuous security monitoring
  • State-of-the-art data centers with comprehensive physical and environmental security controls

4.2 Data Loss Prevention (DLP)

Our sophisticated DLP system forms a crucial component of our data protection strategy. It employs advanced technologies to prevent unauthorized data access or exfiltration while maintaining efficient service operation.

The DLP system features:

  • Advanced content analysis engines that accurately identify and protect sensitive data
  • Sophisticated pattern matching algorithms for identifying protected information
  • Automated policy enforcement to prevent unauthorized data transfers
  • Real-time monitoring and blocking of potential data leakage
  • Comprehensive audit logging for security compliance and incident investigation

4.3 Access Controls

We maintain strict access controls to ensure that your data is only accessible to authorized personnel and systems. Our access control framework is built on the principle of least privilege and includes comprehensive monitoring and audit capabilities.

Key access control measures include:

  • Granular role-based access control with regular permission reviews
  • Strict enforcement of least privilege principles across all systems
  • Required multi-factor authentication for all privileged access
  • Regular access reviews and automated access revocation
  • Detailed access logging and monitoring for security purposes

5. DATA SHARING AND DISCLOSURE

5.1 No Third-Party Sharing

We maintain a strict policy against sharing your data with third parties. Your email content and personal information are considered confidential and are protected accordingly. Our commitment to privacy means that we do not monetize your data or share it for marketing purposes.

Our non-sharing commitments include:

  • Absolute prohibition on selling email content or personal information
  • No data sharing with third parties for marketing or commercial purposes
  • Strict controls preventing unauthorized external access to email contents
  • Comprehensive safeguards against unauthorized data transfers

5.2 Limited Disclosure Circumstances

While we maintain strict data privacy, there are certain limited circumstances under which we may be required to disclose information. These circumstances are strictly limited and subject to internal review processes.

Disclosure may occur only when:

  • Compelled by valid legal process or court order
  • Necessary to protect our legal rights or prevent immediate harm
  • Explicitly authorized by you through formal written consent
  • Required as part of a corporate transaction, subject to confidentiality agreements

5.3 Service Providers

We carefully select and monitor any service providers who may have access to our systems. These providers are bound by strict contractual obligations and are regularly audited for compliance.

Our service provider requirements include:

  • Legally binding confidentiality agreements with substantial penalties for breach
  • Strictly limited access based on specific service requirements
  • Mandatory compliance with our comprehensive security requirements
  • Regular security audits and compliance assessments

6. USER RIGHTS AND CHOICES

6.1 Access and Control

We empower users with comprehensive control over their data through various tools and mechanisms. These controls are designed to be user-friendly while maintaining robust security.

Your data control rights include:

  • Full access to your stored personal information through secure channels
  • Ability to correct or update any inaccurate data in your profile
  • Options to request complete deletion of your stored data
  • Capabilities to export your data in standard formats
  • Controls to opt-out of specific data processing activities

6.2 Data Retention Preferences

We provide flexible options for managing how your data is retained within our systems. These preferences can be customized to meet your specific security and privacy requirements.

Available retention controls include:

  • Customizable retention periods for different types of suspicious content
  • Options for immediate deletion of specified data categories
  • Automated purge schedules for different data types
  • Capabilities to archive and export historical threat data

7. INTERNATIONAL DATA TRANSFERS

In cases where our services involve international data transfers, we implement comprehensive safeguards to ensure the security and privacy of your data. Our international data handling practices are designed to comply with relevant regulations while maintaining efficient service delivery.

For international transfers, we maintain:

  • Standardized data transfer mechanisms compliant with international regulations
  • Comprehensive technical and organizational security measures
  • Strict compliance with cross-border data protection requirements
  • Regular audits and updates of international compliance certifications

Our international data transfer protocols include detailed monitoring and verification processes to ensure consistent protection of your data regardless of geographic location. We regularly review and update these measures to address evolving international privacy requirements and security standards.