Privacy Policy

1. Introduction

This Privacy Policy explains how Triage Security (“Triage,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you access or use our website(s), applications, and services (collectively, the “Service”).

By using the Service, you acknowledge that we will process information as described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

We collect information in three primary ways: (a) information you provide, (b) information collected automatically, and (c) information from third parties.

2.1 Information You Provide

Depending on how you use the Service, you may provide:

Account information (e.g., name, email address, organization, role, username, authentication details).
Profile and preferences (e.g., notification settings).
Communications (e.g., support requests, emails, chats, survey responses).
Payment and billing information (if you purchase paid features). Note: payment card details may be processed by our payment processors rather than stored by us.
User content you submit through the Service, including vulnerability reports, attachments, proof-of-concept materials, screenshots, logs, notes, and related content (“Submissions”).

2.2 Information Collected Automatically

When you use the Service, we may automatically collect:

Device and usage information (e.g., IP address, browser type, device identifiers, operating system, pages viewed, links clicked, referring URLs, session duration, and timestamps).
Approximate location inferred from IP address.
Log and event data (e.g., diagnostic logs, crash reports, performance data).
Cookies and similar technologies (e.g., cookies, local storage, pixel tags) to remember preferences and help operate and secure the Service.

2.3 Information From Third Parties

We may receive information from:

Organizations that invite you to a program or workspace (e.g., your name, email, and role).
Authentication providers if you use SSO or social login (e.g., identity provider identifiers).
Service providers that support our operations (e.g., analytics, security, payment, hosting) consistent with this Privacy Policy.

3. How We Use Information

We use information for the following purposes:

Provide and operate the Service, including account creation, authentication, program workflows, report intake, triage, collaboration, and notifications.
Maintain, improve, and develop the Service, including testing, troubleshooting, and performance analysis.
Security and integrity, including detecting, preventing, and responding to fraud, abuse, policy violations, and security incidents.
Customer support and communications, including responding to requests and sending service-related messages.
Billing and transactions (if applicable), including processing payments, invoicing, and preventing payment fraud.
Compliance and legal obligations, including enforcing our terms and policies, and protecting rights, safety, and property.

We may share information as follows:

4.1 With Organizations and Program Participants

If you participate in a program or workspace operated by an organization, we may share your Submissions and related activity (including profile and communications in the Service) with that organization and its authorized users as necessary to operate the Service and the program.

4.2 With Service Providers

We may share information with vendors and service providers that perform services on our behalf (e.g., hosting, analytics, monitoring, customer support tools, email delivery, fraud prevention, security services, and payment processing). These providers are authorized to use information only as necessary to provide services to us and in accordance with applicable contractual obligations.

4.3 For Legal, Safety, and Rights Reasons

We may disclose information if we believe in good faith that disclosure is necessary to:

comply with applicable law, regulation, legal process, or governmental request;
enforce our terms, policies, or agreements;
protect the rights, property, and safety of Triage, our users, organizations, or others;
detect, prevent, or address fraud, security, or technical issues.

4.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business or assets, information may be disclosed or transferred as part of that transaction, subject to standard confidentiality protections.

4.5 Aggregated or De-Identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

5. Cookies and Similar Technologies

We use cookies and similar technologies to:

keep you signed in and remember preferences;
enable core site functionality;
understand usage and improve performance;
help protect against abuse.

You can typically manage cookies through your browser settings. If you disable cookies, some parts of the Service may not function properly.

6. Data Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect information. However, no security measures are perfect, and we cannot guarantee absolute security.

7. Data Retention

We retain information for as long as necessary to:

provide the Service;
comply with legal obligations;
resolve disputes; and
enforce our agreements.

Retention periods may vary based on the type of data, program requirements, and legal requirements. Organizations may also control retention of certain content within their programs/workspaces, subject to applicable law.

8. International Data Transfers

We may process and store information in countries other than where you live, including the United States. When we transfer information internationally, we take steps designed to ensure appropriate safeguards consistent with applicable law.

9. Your Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, or object to certain processing of your information, or to receive a copy of your information.

You can:

Update account information through your profile settings (where available).
Opt out of marketing communications by following unsubscribe instructions (service/transactional communications may still be sent).
Request assistance with your rights by contacting us (see Section 11).

We may need to verify your identity before responding to certain requests. Some requests may be limited where we must retain information for legal, security, or operational reasons.

10. Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, please contact us so we can take appropriate action.

11. Messaging & Communication

Triage Security does not share mobile numbers, text messaging originator opt-in data, or consent with any third parties or affiliates for marketing or promotional purposes.

Mobile information may be shared only with subcontractors and service providers that support the delivery of SMS services, such as messaging platforms, telecommunications providers, or customer support vendors. This information is used solely to provide and operate the messaging service.

All other use case categories exclude text messaging originator opt-in data and consent. This information will not be shared with any third parties.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us:

Email: [email protected]

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated Privacy Policy with a new “Last updated” date. If changes are material, we may provide additional notice (for example, by email or within the Service). Your continued use of the Service after the effective date of an updated Privacy Policy means you acknowledge the updated Privacy Policy.