Legal

Privacy Policy

Last updated: April 2026

1. What we collect

AWS scan results and validated attack-path metadata from your connected accounts; account and billing information you provide; and usage logs for the XSEE service (sign-in, API requests, and support interactions).

2. How stored

Data is stored in encrypted AWS RDS databases in us-east-1. Encryption in transit uses TLS. Access is restricted to authorized operations staff under least privilege.

3. Retention

Default retention for scan and product data is 12 months, unless a different period is agreed in writing or required by law.

4. Your rights

You may request access, correction, export, or deletion of personal data. For deletion requests, email privacy@xsee.io. We will respond and complete eligible requests within a 30-day SLA.

5. Contact

Questions about this policy: privacy@xsee.io