🛡️SecureScope
Sign InGet Started →

Legal

Privacy Policy

Last updated: 1 January 2025

GDPR & KDPA 2019 Compliant

1. Introduction

SecureScope ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, process, and retain personal data when you use the SecureScope platform. It applies to all users and is compliant with the General Data Protection Regulation (GDPR) and the Kenya Data Protection Act 2019 (KDPA 2019).

2. Data We Collect

We collect the following categories of data:

  • Account data: Name, email address, organization name, and billing information provided at registration.
  • Usage data: Log data, IP addresses, browser information, and platform interaction data collected automatically.
  • Scan data: Source code, configuration files, and binaries submitted for security scanning. Processed solely to generate security findings.
  • Communication data: Messages sent through our contact forms and support channels.

3. How We Process Your Data

We process personal data under the following lawful bases:

  • Contract performance: To provide the Service you have subscribed to.
  • Legitimate interests: To improve the platform, prevent fraud, and maintain security.
  • Legal obligation: To comply with applicable laws and regulatory requirements.
  • Consent: For marketing communications where required.

4. Data Retention

We retain account and usage data for the duration of your subscription and for 12 months after termination. Scan data is retained for the duration of your subscription and deleted within 30 days of account termination. Audit logs are retained for 7 years to meet compliance and legal obligations.

5. Data Sharing

We do not sell your personal data. We share data only with sub-processors necessary to deliver the Service (such as cloud infrastructure providers and payment processors) under appropriate data processing agreements. We do not share scan data with third parties.

6. Your Data Subject Rights

Under GDPR and KDPA 2019, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate personal data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
  • Right to portability: Request your data in a machine-readable format.
  • Right to object: Object to processing based on legitimate interests.

To exercise these rights, contact us at privacy@securescope.io.

7. Security

We implement technical and organisational measures to protect your personal data, including encryption in transit and at rest, tenant-level data isolation, access controls, and audit logging of high-risk operations.

8. International Transfers

SecureScope is operated from Kenya. If you are located outside Kenya, your data may be transferred to and processed in Kenya or other countries where our infrastructure providers operate. Such transfers are conducted under appropriate safeguards including standard contractual clauses.

9. Contact

For privacy enquiries, data subject requests, or to contact our Data Protection Officer, email privacy@securescope.io.