Privacy Policy

This policy describes how ThreatSpire processes information when you use our website and the ThreatSpire application. It applies to personal information about individual users (for example analysts in a customer organization) and to customer content submitted to the service.

Account information. Name, work email, organization, and role, as provided when you sign up or are invited.

Customer content. Intelligence requirements, organization context, evidence, indicators, assessments, and other content you upload or generate in the application.

Usage and security data. Logs needed to operate and secure the service, such as authentication events, IP addresses, browser and device metadata, and audit trail entries.

We use information to provide and improve the service, to authenticate and secure accounts, to communicate with customers about the service, to comply with legal obligations, and to defend the service against abuse.

We may use aggregated or de-identified data internally to improve the application. We do not sell personal information and we do not share it with third parties for their own marketing or profiling.

ThreatSpire uses AI to assist analysts. It drafts assessments, summaries, and relevance judgments so that analysts can move faster on real intelligence work. AI output is always a draft that a human reviews. We do not make automated decisions that produce legal or similarly significant effects about individuals.

To power these features, relevant content, such as your intelligence requirements, organization context, and evidence, is processed by our cloud AI provider acting as a subprocessor, only to generate outputs for you. The provider is bound by a written data processing agreement that restricts use of the data to delivering the service to us.

Prompts and customer content are not used to train third-party foundation models. AI processing follows the same security and confidentiality controls as the rest of the service, including access controls, encryption in transit and at rest, and audit logging.

Consistent with our core principle, we do not sell your data and we do not provide it to third parties for their own purposes. We may use your data internally to improve the application, for example to evaluate quality of AI output and to fix issues.

To ask a question about AI processing, including the current list of AI subprocessors, contact privacy@threatspire.com.

We share information with subprocessors that help us deliver the service, such as our cloud hosting and AI providers. Each subprocessor is bound by a written agreement that requires confidentiality and limits use of the data to providing the service to us.

We may disclose information when required by law, to enforce our terms, or to protect the rights, property, or safety of users and the public.

We retain personal information for as long as needed to provide the service, meet legal obligations, and resolve disputes. Customer content is retained according to your contract and the retention controls in the application.

We apply administrative, technical, and physical safeguards designed to protect information, including encryption in transit and at rest, least-privilege access, and continuous monitoring.

Depending on where you live, you may have the right to access, correct, delete, or object to processing of your personal information, and to lodge a complaint with a supervisory authority. To exercise these rights, contact us using the address below. If your data is in the application as customer content, we will work with the customer that controls that data to respond to your request.

Questions, requests, and complaints about this policy can be sent to privacy@threatspire.com.