Back to HomeLiteSOC

Privacy Policy

Last updated: February 20, 2026

1. Introduction

LiteSOC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our security operations center platform and related services (collectively, the "Service").

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (stored securely using industry-standard hashing)
  • Organization name
  • Billing information (processed securely through Stripe)

2.2 Security Event Data

When you use our API to send security events, we collect:

  • Event type and name
  • Actor information (user IDs, email addresses as provided by you)
  • Timestamps
  • Any metadata you choose to include

2.3 IP Address Collection

Important: We collect and store IP addresses for essential security purposes. This includes:

  • IP addresses you send via the API: When you call our /api/v1/collect endpoint with an IP address, we store it to enable security features such as brute force detection and geo-anomaly alerts.
  • Your access IP addresses: We log the IP addresses used to access our dashboard and API for security monitoring and abuse prevention.

IP addresses are stored in our database with Row Level Security (RLS) enabled, ensuring only authorized users within your organization can access your data. IP data is retained according to your plan's retention period (7 days for Free, 30 days for Pro, custom for Enterprise).

2.4 Usage Data

We automatically collect certain information when you access the Service:

  • Browser type and version
  • Operating system
  • Pages visited and features used
  • Time and date of visits
  • Time spent on pages

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: Process and display security events, generate alerts, and provide analytics
  • Security Detection: Analyze IP addresses and event patterns to detect brute force attacks, geo-anomalies, and other security threats
  • Account Management: Manage your account, process payments, and communicate with you about your subscription
  • Service Improvement: Analyze usage patterns to improve and optimize our Service
  • Security: Protect against unauthorized access, fraud, and abuse
  • Legal Compliance: Comply with applicable laws and regulations

4. Data Storage and Security

We implement robust security measures to protect your data:

  • Encryption at Rest: All data is encrypted at rest using AES-256 encryption
  • Encryption in Transit: All data transmission uses TLS 1.3 encryption
  • Row Level Security: Database access is restricted at the row level, ensuring organizations can only access their own data
  • API Key Hashing: API keys are stored using secure SHA-256 hashing
  • Infrastructure: Our services are hosted on SOC 2 compliant infrastructure

For more details, see our Security Page.

5. Data Retention

We retain your data according to the following policies:

  • Security Events: Retained based on your plan (7 days Free, 30 days Pro, custom for Enterprise)
  • Account Data: Retained for as long as your account is active
  • Billing Data: Retained as required by law (typically 7 years)
  • After Account Deletion: Data is permanently deleted within 30 days of account closure

6. Data Sharing

We do not sell your personal information. We may share your information in the following limited circumstances:

  • Service Providers: We use trusted third-party services (Supabase for database, Stripe for payments, Vercel for hosting) that process data on our behalf
  • Legal Requirements: When required by law or to respond to legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you have given us explicit permission

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request a portable copy of your data
  • Objection: Object to certain processing activities
  • Restriction: Request restriction of processing

To exercise these rights, please contact us at privacy@litesoc.io.

8. Cookies

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and security
  • Analytics Cookies: Help us understand how you use the Service (with your consent)

You can manage cookie preferences through our cookie consent banner or your browser settings.

9. International Data Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses for transfers from the EU/EEA.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our Service. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us:

  • Email: privacy@litesoc.io
  • Address: LiteSOC Inc., 123 Security Lane, San Francisco, CA 94105
Terms of ServiceSecurityAPI Documentation