Privacy Policy

1. Who We Are

Aegis Security ("Aegis", "we", "us") operates an AI agent security platform that monitors, detects, and prevents threats against autonomous AI systems. This policy explains how we handle data when you use our platform at aegis-security.fun and related services.

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

• Email address and name
• Company name and role (optional)
• Authentication credentials (hashed, never stored in plaintext)

2.2 Agent Telemetry Data

When you connect AI agents to Aegis for monitoring, we process:

• Agent metadata: Name, type, framework, endpoint configuration
• Behavioral data: Tool call patterns, prompt flow analysis, anomaly signals
• Threat data: Detected prompt injection attempts, privilege escalation events, data exfiltration signals
• Scan results: Vulnerability assessments, OWASP Agentic Top 10 compliance scores

2.3 Waitlist Data

If you join our waitlist before creating an account, we collect your email address and optional company/role information.

2.4 Usage Data

Standard web analytics: pages visited, features used, session duration. We do not use third-party tracking pixels or advertising cookies.

3. How We Use Your Data

• Threat detection: Analyzing agent behavior to identify and prevent security threats in real-time
• Vulnerability assessment: Generating scan reports and risk scores for your connected agents
• Compliance reporting: Producing audit-ready documentation mapped to OWASP, EU AI Act, NIST AI RMF, ISO 42001, and SOC 2
• Platform improvement: Aggregated, anonymized threat intelligence to improve detection models
• Communication: Service updates, security advisories, and account notifications

4. Data Security

As a security company, we hold ourselves to the highest standard:

• Encryption at rest: All data encrypted using AES-256
• Encryption in transit: TLS 1.3 on all connections
• Access controls: Role-based access with MFA enforcement for all internal systems
• Data isolation: Tenant data is logically isolated — one customer's agent data is never accessible to another
• Retention: Telemetry data is retained for 90 days by default. Vulnerability data persists until you delete it. Account data is deleted within 30 days of account closure.
• Infrastructure: Hosted on SOC 2 Type II compliant infrastructure with automated security monitoring

5. Data Sharing

We do not sell your data. Period.

We share data only in these specific circumstances:

• Infrastructure providers: Cloud hosting for platform operation (bound by DPAs)
• Legal obligation: When required by valid legal process
• Threat intelligence: Anonymized, aggregated threat patterns may be contributed to community security initiatives (e.g., OWASP). Individual customer data is never identifiable.

6. Your Rights

Regardless of your location, we provide these rights to all users:

• Access: Export all your data at any time from your dashboard
• Correction: Update your account information directly
• Deletion: Request complete data deletion — we process within 30 days
• Portability: Download your vulnerability reports and scan history in standard formats (JSON, CSV)
• Objection: Opt out of anonymized threat intelligence contribution

For GDPR, CCPA, or other privacy requests: privacy@aegis-security.com

7. Cookies

We use only essential cookies required for authentication and session management. No advertising cookies. No third-party trackers. No cookie consent banner needed — because we don't use cookies that require one.

8. International Transfers

Data may be processed in the United States and European Union. All transfers are protected by Standard Contractual Clauses (SCCs) and our infrastructure providers maintain adequate safeguards under GDPR.

9. Changes

We will notify you of material changes via email at least 30 days before they take effect. The current version is always available at this URL.

10. Contact

Questions about this policy or your data: privacy@aegis-security.com