Privacy Policy for SOCket

1. Introduction

SOCket ("we," "our," or "us") is a Security Operations Center (SOC) mobile application that aggregates security alerts from multiple cybersecurity platforms into a unified dashboard. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application.

2. Information We Collect

2.1 Personal Information

• Email Address: Used for account creation and authentication
• Password: Encrypted and stored securely for account access
• Device Information: Device type, operating system, and app version for support purposes

2.2 Security Data

• Security Alerts: Aggregated from integrated security platforms (CrowdStrike, SenseOn, Rapid7)
• Alert Metadata: Timestamps, severity levels, entity information (hostnames, IP addresses, usernames)
• Dashboard Analytics: Usage statistics and alert interaction data
• AI Analysis Data: Risk assessments and insights generated for security alerts

2.3 Technical Data

• Authentication Tokens: Secure tokens for accessing third-party security platforms
• Sync Metadata: Last sync times and system health status
• Error Logs: Technical logs for debugging and improving app performance

3. How We Use Your Information

3.1 Primary Purposes

• Security Monitoring: Displaying and analyzing security alerts from your organization's security tools
• User Authentication: Verifying your identity and maintaining secure access
• Data Aggregation: Combining alerts from multiple security platforms into a unified view
• AI Analysis: Generating risk assessments and insights to assist security analysts

3.2 Operational Purposes

• App Functionality: Providing real-time alerts, dashboard analytics, and system health monitoring
• Performance Optimization: Improving app speed, reliability, and user experience
• Support Services: Troubleshooting issues and providing customer support

4. Data Storage and Security

4.1 Cloud Infrastructure

• Firebase Services: We use Google Firebase for authentication, database storage, and cloud functions
• Data Encryption: All data is encrypted in transit using TLS/SSL and at rest using Firebase encryption
• Geographic Location: Data is stored in secure Google Cloud data centers

4.2 Security Measures

• Access Controls: Strict authentication required for all data access
• Firestore Security Rules: Database-level security rules prevent unauthorized access
• Regular Monitoring: Continuous monitoring of system security and access patterns
• Data Retention: Security alerts are archived after 48 hours, with historical data retained for analysis

5. Third-Party Integrations

5.1 Security Platform APIs

We integrate with the following third-party security platforms:

• CrowdStrike Falcon: For endpoint detection and response alerts
• SenseOn: For security case management and investigations
• Rapid7 InsightIDR: For security incident investigations

5.2 Data Handling

• API Access: We use secure API connections with encrypted authentication tokens
• Data Normalization: Third-party alert data is standardized and stored in our secure database
• No Direct Sharing: We do not share your data with third parties except as necessary for app functionality

5.3 AI Services

• Google Gemini AI: Used for analyzing security alerts and generating risk assessments
• Data Processing: Alert data is processed by Gemini AI to provide intelligent insights
• Privacy Protection: AI processing is conducted securely without storing personal data in AI systems

6. Data Sharing and Disclosure

6.1 We Do Not Sell Data

We do not sell, rent, or trade your personal information or security data to third parties.

6.2 Limited Sharing

We may share information only in the following circumstances:

• With Your Consent: When you explicitly authorize data sharing
• Legal Requirements: When required by law, court order, or government regulation
• Security Threats: To protect against fraud, security threats, or illegal activities
• Service Providers: With trusted service providers who assist in app operations (under strict confidentiality agreements)

7. Data Retention

7.1 Retention Periods

• Active Alerts: Stored for 48 hours in active collections
• Archived Alerts: Moved to archive collections for historical analysis
• User Accounts: Retained while your account is active
• Analytics Data: Aggregated statistics retained for performance improvement

7.2 Data Deletion

• Account Deletion: You may request account deletion, which will remove all associated personal data
• Automatic Cleanup: Old data is automatically archived or deleted according to retention policies

8. Your Rights and Choices

8.1 Access and Control

• Account Access: You can access and update your account information within the app
• Data Portability: You may request a copy of your personal data
• Deletion Rights: You may request deletion of your account and associated data

8.2 Communication Preferences

• App Notifications: You can control push notifications through your device settings
• Security Alerts: Critical security notifications cannot be disabled for security purposes

9. Children's Privacy

SOCket is intended for use by security professionals and organizations. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy within the app
• Sending notification through the app or email
• Updating the "Last Updated" date at the top of this policy

13. Compliance

This Privacy Policy is designed to comply with:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Other applicable data protection laws

---