Privacy Policy
Effective Date: September 15, 2025
Last Updated: September 15, 2025
Hummingbird Security, Inc. ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect personal information in connection with our Auth Sentry service ("Service").
By using the Service, you agree to the practices described in this Privacy Policy.
1. Information We Collect
We collect the following types of information:
- Account Information: Name, email, organization, login credentials.
- Service Data: Logs, alerts, and identity-related data necessary to provide detection and response services.
- Payment Information: Billing details if you subscribe to paid features (processed through secure third-party providers).
- Usage Information: Interactions with our Service, device/browser information, and diagnostic data.
- Optional Data: Feedback, support requests, or other information you choose to provide.
2. How We Use Information
We use collected information to:
- Provide, maintain, and improve the Service.
- Detect, investigate, and prevent security incidents.
- Communicate with you about product updates, billing, or support.
- Meet legal, contractual, and regulatory obligations.
- Conduct analytics on an aggregated and anonymized basis.
3. Sharing of Information
We do not sell your personal information. We may share information with:
- Vendors/Service Providers: Cloud hosting, payment processors, and security monitoring partners, under strict contractual obligations.
- Legal/Regulatory Authorities: When required by law, subpoena, or investigation.
- Business Transfers: If we undergo a merger, acquisition, or asset sale, data may be transferred as part of that transaction.
4. Data Protection & Security
- Data is encrypted at rest and in transit.
- Access is restricted to authorized employees with a business need.
- Multi-factor authentication and logging are enforced.
- Regular reviews ensure compliance with SOC 2, GDPR, and CPRA requirements.
5. Your Rights
Depending on where you live, you may have certain rights under GDPR, CCPA, or CPRA:
- Access your personal information.
- Request correction or deletion.
- Restrict or object to processing.
- Data portability (receive a copy in a structured format).
- Opt out of the sale or sharing of personal information (we do not sell data, but CPRA requires this right).
Requests can be made by contacting [email protected]. We will verify requests consistent with applicable law.
6. Data Retention
We retain personal data only as long as necessary for the purposes described above, unless a longer retention period is required by law or contract. Once no longer needed, data is securely deleted or anonymized in accordance with our Data Retention Policy.
7. International Transfers
If you access the Service from outside the United States, your data may be transferred to and processed in the U.S. or other countries with different data protection laws. We implement safeguards to protect your data during these transfers.
8. Children's Privacy
The Service is not directed to children under 16. We do not knowingly collect information from children. If we learn we have collected such data, we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. Continued use of the Service after changes indicates acceptance.
10. Contact Information