Welcome to 3rd Eye Philippines

Data Privacy Policy

At 3rdEye, we take your privacy and data security seriously. This Data Privacy Policy explains how we collect, use, and protect your data, ensuring transparency and security in everything we do. We are committed to maintaining the confidentiality, integrity, and security of your information in accordance with Republic Act No. 10173, also known as the Data Privacy Act of 2012, its implementing rules, other data protection regulations (“Data Privacy Laws”), and industry best practices.

By availing of our services, you agree to our Data Privacy Policy and consent to the collection, processing, storage, and sharing of your information as detailed in this Data Privacy Policy, which may be amended from time to time.

1. Information We Collect

3rdEye collects only the data necessary to provide, improve, and deliver our services.

Data Collected from Integrations

3rdEye collects information from integrated SaaS applications, which may include:

Usage Data: Logs and activity data from applications to monitor usage and identify potential security issues.

Configuration Data: Information about application settings to detect and recommend secure configurations.

Compliance and Security Data: Compliance-related settings and configurations, allowing 3rdEye to generate reports and alert on risks.

Account and User Information

When you sign up for 3rdEye, we may collect:

Account Details: Name, email, organization name, and other details necessary to create and manage your account.

User Preferences: Notification preferences and configuration settings within the 3rdEye platform.

Note: 3rdEye does not store sensitive personal information (such as payment details) on its servers.

2. How We Use Your Information

3rdEye uses collected data to deliver services, enhance security, and continuously improve our platform.

Service Delivery and Improvement

Visibility and Analytics: To provide insights on SaaS usage, security gaps, and compliance status.

Security Monitoring: To detect and alert on potential security threats within your SaaS environment.

Reporting and Compliance: To generate reports aligned with industry standards and provide compliance insights for security teams.

Customer Support and Communication

We may use your contact information to:

● Provide technical support and respond to inquiries.

● Send notifications about updates, security alerts, and changes to the platform.

Anonymized Insights

3rdEye may use anonymized and aggregated data for internal research, analytics, and platform improvement. This data is stripped of any identifiable information and cannot be linked back to individual users or accounts.

Data Sharing

3rdEye does not share customer data with any third-party service provider, unless necessary to provide our services to you or required by law. All data is processed within our secure, self- managed infrastructure hosted on AWS.

3. Data Security Measures

3rdEye enforces robust security controls to protect your data and minimize risk.

Data Encryption

All customer data is encrypted:

At Rest: Data stored in our infrastructure is encrypted with advanced encryptionstandards.

In Transit: TLS encryption is applied to secure all data exchanged with our platform.

Access Control

Access to your data is restricted to authorized 3rdEye personnel who require it to perform essential functions. 3rdEye implements Multi-Factor Authentication (MFA) and Role-Based Access Control (RBAC) to further secure data access.

Secure Infrastructure

3rdEye’s infrastructure is hosted in private, segmented environments within AWS, ensuring data is protected against unauthorized access and external threats. Regular security assessments and audits are conducted to uphold the security of our environment.

4. Data Retention and Deletion

3rdEye retains customer data only as long as necessary to provide our services or as required by Data Privacy Laws and other applicable laws.

Retention Periods

Active Customer Data: Retained for the duration of your account’s active status to ensure seamless service.

Post-Account Termination: Customer data is retained for 30 days following account termination, allowing retrieval upon request.

Archival and Deletion: After 30 days, data enters a 60-day archival period, after which it is securely deleted.

Data Deletion Requests

Customers may request deletion of their data at any time. Upon request:

● Data is purged from active systems within 3 business days.

● Any related backups are securely deleted in line with our data retention policies, ensuring no residual copies remain beyond 90 days.

Notification: We will notify customers before data deletion occurs following account termination.

5. Data Access and User Rights

3rdEye is committed to transparency and respects all your rights under Data Privacy Laws, which includes, among others, the right to be informed of, and object to, the processing of your personal information, and to access, update, or delete your personal information.

Right to be informed and Object

Your personal data is being collected and processed in accordance with our Data Privacy Policy. At any time, you may object to the processing of your personal data except when it is necessary for the performance of our services to you or when required by law.

Right to Access

You may request access to the data 3rdEye holds about you. Requests are typically fulfilled within 10 business days.

Right to Correction

If your data is inaccurate or incomplete, you can request corrections. 3rdEye will update the data within 7 business days upon verification.

Right to Deletion

You may request the deletion of your data at any time, subject to regulatory and contractual retention requirements. Deleted data is purged from our systems following our defined retention schedule.

Contact: To exercise these rights, please reach out to our Privacy Officer at [email].

6. Data Transfers and Regional Considerations

3rdEye provides customers with control over their data’s storage location to meet compliance and data residency requirements.

Regional Data Storage

3rdEye uses AWS regions to offer flexible, region-based data storage. Customers are assigned a specific AWS region during onboarding, and all data is retained within this designated region.

International Data Transfers

If data transfer between regions is necessary, 3rdEye will ensure it complies with applicable data transfer regulations, maintaining high levels of security and privacy protection.

7. Compliance and Legal

3rdEye is committed to maintaining compliance with relevant data protection laws and standards.

Data Privacy Laws Compliance

3rdEye complies with Data Privacy Laws, allowing users to exercise their rights to data access, correction, and deletion, among others. Our data processing practices are aligned with Data Privacy Laws, including data minimization and purpose limitation.

Data Processing Agreement (DPA)

3rdEye offers a Data Processing Agreement (DPA) for customers. This DPA outlines 3rdEye’s obligations as a data processor, clarifying our roles and responsibilities regarding data handling and security.

SOC 2 and ISO 27001 Readiness

3rdEye is currently undergoing audits for SOC 2 and ISO 27001 certifications to validate our commitment to security and compliance.

8. Policy Updates

3rdEye may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or operational needs. Customers will be notified of significant changes via email or through the platform. In case of said changes, we shall secure your consent when required by Data Privacy Laws.

Last Updated: July 7, 2025

For questions regarding our Data Privacy Policy or to exercise your data rights, please contact our Privacy Officer at 3rdeye.dpo@gmail.com.

3rdEye is committed to respecting your privacy and protecting your data with the highest standards of security and transparency. Our policies and practices are continuously evaluated to keep pace with changes in technology, regulations, and industry standards.