Legal
Privacy Policy
Effective Date: February 28, 2026 · Last Updated: June 25, 2026
Hudson InfoSec ("Company," "we," "us," or "our") operates the hudsoninfosec.com website, our mobile applications (including the Hudson Infosec iOS app), and the Ayewo and HSEC Sentinel platforms (collectively, the "Services"). This Privacy Policy describes how we collect, use, disclose, and protect information obtained from users of our Services.
By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Services.
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, company name, billing address, and payment details when you register or purchase a subscription.
- Service Data: Security events, log data, scan results, vulnerability reports, network configurations, and any other data you submit to or generate through our platforms.
- Communications: Messages, support tickets, feedback, and correspondence you send to us.
- Contact Form Submissions: Name, email, and message content submitted through our website.
1.2 Information Collected Automatically
- Usage Data: Pages visited, features used, session duration, and interaction patterns within our platforms.
- Device and Connection Information: IP address, browser type, operating system, device identifiers, and referring URLs.
- Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to maintain sessions, remember preferences, and analyze usage. You may control cookie settings through your browser.
1.3 Information from Third Parties
We may receive information from payment processors, identity verification services, or business partners in connection with your use of our Services.
1.4 Mobile Applications
Our mobile applications (including the Hudson Infosec iOS app) collect the information described above to provide the Services, and in particular:
- Account & security data: The email, name, and account identifiers you sign in with, and the security data shown in the app, are linked to your Hudson InfoSec account.
- Device identifiers: A device identifier is used to register your device and to support administrative security controls such as remote sign-out and device isolation.
- Payments: In-app purchases are processed by Stripe; card details are entered into Stripe’s PCI-compliant interface and are not stored on our servers.
- Biometrics: If you enable biometric app lock (Face ID / Touch ID), authentication is performed on your device by iOS — we never receive or store biometric data.
- No tracking or advertising: The app does not track you across other companies’ apps or websites, contains no advertising, and includes no third-party analytics or advertising SDKs.
2. How We Use Your Information
We use all information collected through or submitted to our Services for the following purposes:
2.1 Service Delivery and Operations
- Providing, maintaining, and improving the Ayewo and HSEC Sentinel platforms.
- Processing transactions and managing your account.
- Delivering scan results, security reports, and alerts.
- Providing customer support and responding to inquiries.
2.2 Model Training and Product Improvement
You acknowledge and agree that all data entered into, processed by, or generated through our Services — including but not limited to security events, scan data, vulnerability reports, log data, network telemetry, and any other information submitted to our platforms — may be used by Hudson InfoSec to train, develop, improve, and refine machine learning models, artificial intelligence systems, and analytical tools. This use enables us to enhance threat detection, improve vulnerability assessment accuracy, develop new security capabilities, and advance the overall quality of our Services.
2.3 Internal Business Operations
We may use your information for:
- Support staff operations: Enabling our support and engineering teams to diagnose issues, troubleshoot problems, and deliver effective customer assistance.
- Analytics and research: Conducting internal analytics, security research, and product development.
- Quality assurance: Monitoring and improving the performance, reliability, and security of our Services.
- Business planning: Informing product strategy, capacity planning, and operational decisions.
2.4 Legal and Compliance
- Complying with applicable laws, regulations, and legal processes.
- Enforcing our Terms of Service and other agreements.
- Protecting the rights, safety, and property of Hudson InfoSec, our users, and the public.
2.5 Communications
- Sending transactional messages related to your account and Services.
- Providing product updates, security advisories, and service announcements.
- With your consent, sending marketing and promotional communications.
3. Data Sharing and Disclosure
We do not sell your personal information. We may share information in the following circumstances:
- Service Providers: With third-party vendors who perform services on our behalf (e.g., payment processing, cloud hosting, analytics), subject to confidentiality obligations.
- Legal Requirements: When required by law, subpoena, court order, or governmental request.
- Protection of Rights: When we believe disclosure is necessary to protect our rights, enforce our agreements, or ensure the safety of our users or the public.
- Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case your information may be transferred to the successor entity.
- Aggregated or De-identified Data: We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for any purpose, including industry research, benchmarking, and public reporting.
4. Data Retention
We retain your information for as long as your account is active or as needed to provide our Services. We may also retain information as necessary to comply with legal obligations, resolve disputes, enforce agreements, and support legitimate business operations including model training and product improvement.
When data is no longer required for any of the purposes described in this Privacy Policy, we will delete or de-identify it in accordance with our data retention procedures.
5. Data Security
We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and infrastructure monitoring.
However, no method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee its absolute security.
6. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete information.
- Deletion: Request deletion of your personal information, subject to legal and contractual retention requirements.
- Opt-Out of Marketing: Unsubscribe from promotional communications at any time using the link provided in our emails.
- Data Portability: Request your data in a structured, machine-readable format where technically feasible.
To exercise any of these rights, contact us at privacy@hudsoninfosec.com. We will respond within 30 days of receiving your request.
Note: Exercising certain rights (such as deletion) may limit your ability to use our Services. Deletion requests do not apply to data that has already been incorporated into aggregated datasets, trained models, or de-identified analytical outputs.
7. Children's Privacy
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.
8. Third-Party Links
Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any information.
9. International Users
Our Services are operated from the United States. If you access our Services from outside the United States, your information will be transferred to and processed in the United States. By using our Services, you consent to this transfer and processing.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Your continued use of our Services after any changes constitutes acceptance of the revised Privacy Policy.
We encourage you to review this Privacy Policy periodically.
11. Contact Us
If you have questions or concerns about this Privacy Policy, please contact us: