SecureAuth Data Privacy Policy
SecureAuth Data Privacy Policy
Section titled “SecureAuth Data Privacy Policy”Introduction
Section titled “Introduction”SecureAuth protects personal data in accordance with ISO 27001 and GDPR. This policy explains how data is collected, processed, stored, and protected.
This policy applies to all users of the SecureAuth platform and covers all processing of personal data performed by SecureAuth.
Legal Basis for Processing
Section titled “Legal Basis for Processing”SecureAuth processes personal data under GDPR principles, including lawfulness, fairness, transparency, purpose limitation, and data minimization.
Data Collection
Section titled “Data Collection”SecureAuth collects only the data required to deliver authentication, access control, and security services. Data categories may include identifiers, login metadata, and security event logs.
Data Use
Section titled “Data Use”Personal data is used strictly for authentication, fraud prevention, platform security, and compliance with legal obligations.
Data Storage and Sovereignty
Section titled “Data Storage and Sovereignty”All personal data is stored exclusively within the European Union or Canada. SecureAuth ensures that no data is transferred outside these regions without adequate safeguards.
Data Security
Section titled “Data Security”SecureAuth applies ISO 27001 controls and uses AES-256 encryption for data at rest. Data in transit is protected using industry-standard TLS encryption.
Data Retention
Section titled “Data Retention”Personal data is retained only for the duration necessary to fulfill the stated purposes or to meet legal and regulatory requirements.
Right to Access
Section titled “Right to Access”Users may request confirmation of whether SecureAuth processes their personal data and may obtain a copy of such data in a structured format.
Right to Erasure
Section titled “Right to Erasure”Users may request deletion of their personal data under the GDPR “Right to be Forgotten.” SecureAuth will erase the data unless retention is required by law.
Third-Party Processors
Section titled “Third-Party Processors”SecureAuth may use vetted processors that comply with ISO 27001 and GDPR. All processors operate under binding agreements ensuring equivalent protection.
Incident Management
Section titled “Incident Management”Security incidents are handled under ISO 27001 Annex A controls. Users will be notified of breaches when required by GDPR.
Contact
Section titled “Contact”For privacy inquiries or rights requests, contact the SecureAuth Data Protection Officer at: dpo@secureauth.example.