
Data Privacy Policy
At 3rdEye, we take your privacy and data security seriously. This Data Privacy Policy explains how we collect, use, and protect your data, ensuring transparency and security in everything we do. We are committed to maintaining the confidentiality, integrity, and security of your information in accordance with Republic Act No. 10173, also known as the Data Privacy Act of 2012, its implementing rules, other data protection regulations (“Data Privacy Laws”), and industry best practices.
By availing of our services, you agree to our Data Privacy Policy and consent to the collection, processing, storage, and sharing of your information as detailed in this Data Privacy Policy, which may be amended from time to time.
1. Information We Collect
3rdEye collects only the data necessary to provide, improve, and deliver our services.
Data Collected from Integrations
3rdEye collects information from integrated SaaS applications, which may include:
● Usage Data: Logs and activity data from applications to monitor usage and identify potential security issues.
● Configuration Data: Information about application settings to detect and recommend secure configurations.
● Compliance and Security Data: Compliance-related settings and configurations, allowing 3rdEye to generate reports and alert on risks.
Account and User Information
When you sign up for 3rdEye, we may collect:
● Account Details: Name, email, organization name, and other details necessary to create and manage your account.
● User Preferences: Notification preferences and configuration settings within the 3rdEye platform.
Note: 3rdEye does not store sensitive personal information (such as payment details) on its servers.
2. How We Use Your Information
3rdEye uses collected data to deliver services, enhance security, and continuously improve our platform.
Service Delivery and Improvement
● Visibility and Analytics: To provide insights on SaaS usage, security gaps, and compliance status.
● Security Monitoring: To detect and alert on potential security threats within your SaaS environment.
● Reporting and Compliance: To generate reports aligned with industry standards and provide compliance insights for security teams.
Customer Support and Communication
We may use your contact information to:
● Provide technical support and respond to inquiries.
● Send notifications about updates, security alerts, and changes to the platform.
Anonymized Insights
3rdEye may use anonymized and aggregated data for internal research, analytics, and platform improvement. This data is stripped of any identifiable information and cannot be linked back to individual users or accounts.
Data Sharing
3rdEye does not share customer data with any third-party service provider, unless necessary to provide our services to you or required by law. All data is processed within our secure, self- managed infrastructure hosted on AWS.
3. Data Security Measures
3rdEye enforces robust security controls to protect your data and minimize risk.
Data Encryption
All customer data is encrypted:
● At Rest: Data stored in our infrastructure is encrypted with advanced encryptionstandards.
● In Transit: TLS encryption is applied to secure all data exchanged with our platform.
Access Control
Access to your data is restricted to authorized 3rdEye personnel who require it to perform essential functions. 3rdEye implements Multi-Factor Authentication (MFA) and Role-Based Access Control (RBAC) to further secure data access.
Secure Infrastructure
3rdEye’s infrastructure is hosted in private, segmented environments within AWS, ensuring data is protected against unauthorized access and external threats. Regular security assessments and audits are conducted to uphold the security of our environment.
4. Data Retention and Deletion
3rdEye retains customer data only as long as necessary to provide our services or as required by Data Privacy Laws and other applicable laws.
Retention Periods
● Active Customer Data: Retained for the duration of your account’s active status to ensure seamless service.
● Post-Account Termination: Customer data is retained for 30 days following account termination, allowing retrieval upon request.
● Archival and Deletion: After 30 days, data enters a 60-day archival period, after which it is securely deleted.
Data Deletion Requests
Customers may request deletion of their data at any time. Upon request:
● Data is purged from active systems within 3 business days.
● Any related backups are securely deleted in line with our data retention policies, ensuring no residual copies remain beyond 90 days.
Notification: We will notify customers before data deletion occurs following account termination.
5. Data Access and User Rights
3rdEye is committed to transparency and respects all your rights under Data Privacy Laws, which includes, among others, the right to be informed of, and object to, the processing of your personal information, and to access, update, or delete your personal information.
Right to be informed and Object
Your personal data is being collected and processed in accordance with our Data Privacy Policy. At any time, you may object to the processing of your personal data except when it is necessary for the performance of our services to you or when required by law.
Right to Access
You may request access to the data 3rdEye holds about you. Requests are typically fulfilled within 10 business days.
Right to Correction
If your data is inaccurate or incomplete, you can request corrections. 3rdEye will update the data within 7 business days upon verification.
Right to Deletion
You may request the deletion of your data at any time, subject to regulatory and contractual retention requirements. Deleted data is purged from our systems following our defined retention schedule.
Contact: To exercise these rights, please reach out to our Privacy Officer at [email].
6. Data Transfers and Regional Considerations
3rdEye provides customers with control over their data’s storage location to meet compliance and data residency requirements.
Regional Data Storage
3rdEye uses AWS regions to offer flexible, region-based data storage. Customers are assigned a specific AWS region during onboarding, and all data is retained within this designated region.
International Data Transfers
If data transfer between regions is necessary, 3rdEye will ensure it complies with applicable data transfer regulations, maintaining high levels of security and privacy protection.
7. Compliance and Legal
3rdEye is committed to maintaining compliance with relevant data protection laws and standards.
Data Privacy Laws Compliance
3rdEye complies with Data Privacy Laws, allowing users to exercise their rights to data access, correction, and deletion, among others. Our data processing practices are aligned with Data Privacy Laws, including data minimization and purpose limitation.
Data Processing Agreement (DPA)
3rdEye offers a Data Processing Agreement (DPA) for customers. This DPA outlines 3rdEye’s obligations as a data processor, clarifying our roles and responsibilities regarding data handling and security.
SOC 2 and ISO 27001 Readiness
3rdEye is currently undergoing audits for SOC 2 and ISO 27001 certifications to validate our commitment to security and compliance.
8. Policy Updates
3rdEye may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or operational needs. Customers will be notified of significant changes via email or through the platform. In case of said changes, we shall secure your consent when required by Data Privacy Laws.
Last Updated: July 7, 2025
For questions regarding our Data Privacy Policy or to exercise your data rights, please contact our Privacy Officer at 3rdeye.dpo@gmail.com.
3rdEye is committed to respecting your privacy and protecting your data with the highest standards of security and transparency. Our policies and practices are continuously evaluated to keep pace with changes in technology, regulations, and industry standards.