Privacy Policy

1. Introduction

SecDevOps Innovations SRL ("we", "us", or "our") operates the websites argussec.io and app.argussec.io, as well as the Argus Google Workspace Security Audit platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our websites or use our services.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access our websites or use our services.

2. Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Name
• Organization name (if provided)

Usage Data

We collect anonymized usage data through privacy-focused analytics, including pages visited, referral sources, and general geographic region. This data does not personally identify you.

Google Workspace API Data

When you run a security audit, Argus accesses your Google Workspace configuration data through Google APIs. This data is processed during the audit to generate your security report. It is not stored permanently on our servers for open-source CLI users.

3. How We Use Information

We use the information we collect for the following purposes:

• To provide and maintain our service, including running security audits and generating reports
• To improve and optimize our product based on aggregated, anonymized usage patterns
• To communicate with you about your account, including service updates, security notices, and support responses
• To comply with legal obligations

4. Data Storage and Security

Your data is hosted within the European Union. We implement industry-standard security measures to protect your information:

• All data is encrypted in transit using TLS 1.2 or higher
• Data at rest is encrypted using AES-256 encryption
• Access controls are enforced with role-based permissions and multi-factor authentication for administrative access
• Regular security audits and vulnerability assessments are performed on our infrastructure

5. Google Workspace Data

Argus interacts with Google Workspace APIs to perform security audits of your environment. Here is how we handle this data:

• Open-source CLI users: Audit data is processed in real-time on your local machine. No Google Workspace data is transmitted to or stored on our servers.
• Cloud platform users: Audit data is processed on our EU-hosted infrastructure and retained according to your plan's retention policy. You may request deletion of your audit data at any time.

We do not sell, share, or use your Google Workspace data for advertising or any purpose other than providing the Argus security audit service.

6. Third-Party Services

We use the following third-party services:

• Plausible Analytics —A privacy-focused web analytics platform. Plausible does not use cookies, does not collect personal data, and is hosted in the EU. It is fully compliant with GDPR, CCPA, and PECR.
• Google OAuth —Used for authentication when you sign in with your Google account. We only request the minimum scopes necessary to provide our service.
• Stripe —Used for payment processing. Stripe handles all payment data directly; we do not store your credit card information on our servers.

7. Cookies

We do not use tracking cookies on our websites. Our analytics provider, Plausible, is entirely cookie-free. Essential cookies may be used solely for authentication and session management when you are signed in to the Argus platform.

8. Your Rights (GDPR)

As a company based in the European Union, we comply with the General Data Protection Regulation (GDPR). You have the following rights regarding your personal data:

• Right to access —You can request a copy of the personal data we hold about you.
• Right to rectification —You can request correction of inaccurate or incomplete data.
• Right to erasure —You can request deletion of your personal data.
• Right to restrict processing —You can request that we limit how we use your data.
• Right to data portability —You can request your data in a structured, machine-readable format.
• Right to object —You can object to the processing of your personal data in certain circumstances.

To exercise any of these rights, please contact us at contact@argussec.io. We will respond to your request within 30 days.

9. Data Retention

We retain your data according to the following guidelines:

• Account data is retained for as long as your account is active. If you delete your account, your personal data will be removed within 30 days.
• Audit data is retained according to your plan terms. You can request deletion of audit data at any time by contacting us.
• Analytics data collected by Plausible is aggregated and does not contain personal information.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We encourage you to review this page periodically for the latest information on our privacy practices. The "Last updated" date at the top of this policy indicates when it was most recently revised.

11. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Company: SecDevOps Innovations SRL
• Location: Romania, European Union
• Email: contact@argussec.io