Privacy Policy

1. Introduction

LiteSOC Sdn Bhd ("we," "our," or "us"), operating LiteSOC, is committed to protecting your privacy in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our security operations center platform and related services (collectively, the "Service").

This Privacy Policy complies with the seven (7) principles of PDPA:

• General Principle: We process personal data only with your consent
• Notice and Choice Principle: We inform you of data collection purposes
• Disclosure Principle: We only disclose data for stated purposes
• Security Principle: We protect your data with appropriate measures
• Retention Principle: We retain data only as long as necessary
• Data Integrity Principle: We ensure data accuracy and completeness
• Access Principle: You have the right to access and correct your data

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Password (stored securely using industry-standard hashing)
• Organization name
• Billing information (processed securely through Stripe)

2.2 Security Event Data

When you use our API to send security events, we collect:

• Event type and name
• Actor information (user IDs, email addresses as provided by you)
• Timestamps
• Any metadata you choose to include

2.4 Usage Data

We automatically collect certain information when you access the Service:

• Browser type and version
• Operating system
• Device type
• Location, Tor, VPN, Proxy
• ISP, User IP address, Server IP, and network information
• Pages visited and features used
• Time and date of visits
• Time spent on pages

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide the Service: Process and display security events, generate alerts, and provide analytics
• Security Detection: Analyze IP addresses and event patterns to detect brute force attacks, geo-anomalies, and other security threats
• Account Management: Manage your account, process payments, and communicate with you about your subscription
• Service Improvement: Analyze usage patterns to improve and optimize our Service
• Security: Protect against unauthorized access, fraud, and abuse
• Legal Compliance: Comply with applicable laws and regulations

4. Data Storage and Security

We implement robust security measures to protect your data:

• Encryption at Rest: All data is encrypted at rest using AES-256 encryption
• Encryption in Transit: All data transmission uses TLS 1.3 encryption
• Row Level Security: Database access is restricted at the row level, ensuring organizations can only access their own data
• API Key Hashing: API keys are stored using secure SHA-256 hashing
• Infrastructure: Our services are hosted on SOC 2 compliant infrastructure

For more details, see our Security Page.

5. Data Retention

We retain your data according to the following policies:

• Security Events: Retained based on your plan (7 days Free, 30 days Pro, 90 days for Enterprise)
• Account Data: Retained for as long as your account is active
• Billing Data: Retained as required by law (typically 7 years)
• After Account Deletion: Data is permanently deleted within 30 days of account closure

6. Data Sharing

We do not sell your personal information. We may share your information in the following limited circumstances:

• Service Providers: We use trusted third-party services (Supabase for database, Stripe for payments, Vercel for hosting) that process data on our behalf
• Legal Requirements: When required by law or to respond to legal process
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you have given us explicit permission

7. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Portability: Request a portable copy of your data
• Objection: Object to certain processing activities
• Restriction: Request restriction of processing

To exercise these rights, please contact us at privacy@litesoc.io.

8. Cookies and Analytics

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and security
• Analytics Cookies: Help us understand how you use the Service (with your consent)

8.1 Google Tag Manager

We use Google Tag Manager (GTM) to manage and deploy marketing and analytics tags on our website. GTM itself does not collect personal data, but it facilitates the deployment of other tags that may collect data, such as Google Analytics.

Through GTM, we may collect:

• Page Views: Which pages you visit and how long you spend on them
• Interactions: Clicks, form submissions, and other engagement metrics
• Device Information: Browser type, screen resolution, and operating system
• Referral Data: How you arrived at our website

This data helps us improve our product, understand user behavior, and optimize your experience. Google may process this data according to their Privacy Policy.

You can manage cookie preferences through our cookie consent banner or your browser settings. To opt out of Google Analytics tracking, you can install the Google Analytics Opt-out Browser Add-on.

9. International Data Transfers

In accordance with Section 129 of PDPA, we may transfer your personal data outside Malaysia only to jurisdictions that have adequate data protection laws or where appropriate safeguards are in place.

Our infrastructure providers may store data in the following regions:

• Singapore (Supabase, Vercel)
• United States (Stripe for payment processing)
• European Union (optional for EU customers)

We ensure that any international transfer complies with PDPA requirements and appropriate contractual safeguards are in place.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

11. Data Breach Notification

In the event of a personal data breach that affects your rights, we will:

• Notify you within 72 hours of becoming aware of the breach
• Inform the Personal Data Protection Commissioner if required
• Take immediate steps to contain and remediate the breach
• Provide you with information about steps you can take to protect yourself

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our Service at least 14 days before the changes take effect. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

13. Your Rights Under PDPA

Under the Personal Data Protection Act 2010, you have the following rights:

• Right to Access (Section 30): Request access to your personal data held by us
• Right to Correction (Section 34): Request correction of inaccurate personal data
• Right to Withdraw Consent (Section 38): Withdraw consent for data processing
• Right to Prevent Processing (Section 42): Prevent processing that causes damage or distress
• Right to Prevent Direct Marketing (Section 43): Opt out of direct marketing communications

To exercise these rights, please contact us at privacy@litesoc.io. We will respond to your request within 21 days as required by PDPA.

14. Complaints

If you have concerns about how we handle your personal data, you may:

• Contact us directly at privacy@litesoc.io
• Lodge a complaint with the Personal Data Protection Commissioner of Malaysia

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Company: LiteSOC Sdn Bhd
• Email: privacy@litesoc.io
• Address: Unit 17.2 Level 17 Wisma Sunway, No.1 Jalan Tengku Ampuan Zabedah C9/C, Seksyen 9, 40100 Shah Alam, Selangor, Malaysia