Privacy Policy

Securedy Labs ("Securedy," "we," "our," or "us") operates securedy.net and related platforms, including the AEGIS firewall service, AI security consulting tools, and associated dashboards. This Privacy Policy describes how we collect, use, store, and protect your information when you interact with our services. Securedy Labs provides services to educational institutions including K-12 schools, school districts, and higher education institutions. We take our obligations to these communities seriously and comply with all applicable federal and state education privacy laws. By using any Securedy Labs service, you acknowledge and agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

We collect the following categories of information: Account Data: Name, email address, organization name, and hashed password, provided by you at registration. Authentication Data: OAuth tokens, session identifiers, and login timestamps generated through Google OAuth or direct login. Usage and Telemetry: Feature interactions, console queries, API call logs, and dashboard events generated automatically during use. Network Telemetry (AEGIS only): Firewall rule configurations, anonymized traffic metadata, and threat event summaries. Raw packet payloads are never transmitted to Securedy Labs servers. Only anonymized metadata and threat event summaries may be sent when cloud reporting features are enabled. Device and Browser Data: IP address, browser type and version, operating system, and screen resolution, collected automatically. Communications: Support messages, inquiry form submissions, and email correspondence provided by you. Payment Data: Billing name, address, and last four digits of your card. Full card data is handled exclusively by our payment processor and is never stored by Securedy Labs. Educational Institution Data: Where our services are deployed within a school, district, or university environment, we may process network-level data on behalf of the institution. This data is treated as belonging to the institution and is governed by our Data Processing Agreement with that institution.

We use collected data to: • Provide, maintain, and improve our products and services • Authenticate your identity and manage your account • Process transactions and deliver purchased services • Respond to support requests and customer communications • Detect, investigate, and prevent security incidents, fraud, and abuse • Generate anonymized, aggregated threat intelligence and product analytics • Send transactional communications such as service alerts and security notices • Send optional marketing communications with your consent, with the ability to unsubscribe at any time • Comply with applicable legal obligations including FERPA, COPPA, and state education privacy laws • Enforce our Terms of Service We do not sell your personal information to third parties. We do not use your data to train AI models without your explicit, informed consent. We do not use student data for advertising purposes under any circumstances.

For users subject to GDPR or similar frameworks, our processing relies on the following lawful bases: Account creation and service delivery: Contract performance Security monitoring and fraud prevention: Legitimate interests Marketing communications: Consent, which may be withdrawn at any time Legal compliance and law enforcement requests: Legal obligation Product analytics and improvement: Legitimate interests California residents may exercise rights under CCPA/CPRA, including the right to know, the right to opt out of sale (we do not sell data), and the right to non-discrimination.

Securedy Labs is committed to full compliance with all applicable education privacy laws. FERPA — Family Educational Rights and Privacy Act (20 U.S.C. § 1232g) FERPA protects the privacy of student education records at institutions that receive federal funding. When Securedy Labs operates as a service provider to a school or district, we act as a "school official" with a legitimate educational interest as defined under FERPA. This means we access student-related data only to the extent necessary to provide contracted services, we do not disclose education records without required consent except as permitted by FERPA, we do not use education records for any purpose other than providing the contracted service, and upon contract termination we return or securely destroy education records as directed by the institution. COPPA — Children's Online Privacy Protection Act (15 U.S.C. § 6501 et seq.) COPPA applies to the online collection of personal information from children under 13. We do not knowingly collect personal information directly from children under 13 without verifiable parental consent. Schools deploying AEGIS or other Securedy Labs services in K-12 environments are responsible for obtaining any required parental consent. Network telemetry data processed by AEGIS in K-12 environments is treated as institutional data and is not associated with individual student identities. PPRA — Protection of Pupil Rights Amendment (20 U.S.C. § 1232h) Securedy Labs does not conduct surveys or evaluations of students. Our services are limited to network security monitoring and infrastructure protection. CIPA — Children's Internet Protection Act AEGIS firewall and content filtering capabilities are designed to support institutions in meeting CIPA requirements, including the ability to block or filter internet access to material that is obscene, contains child pornography, or is otherwise harmful to minors. State Education Privacy Laws Securedy Labs complies with applicable state education privacy laws including California SOPIPA/AB 1584, New York Education Law Section 2-d, Texas Student Data Privacy Consortium standards, and Illinois SOPPA. Data Processing Agreements for Educational Institutions Any school, district, or university deploying Securedy Labs services must execute a Data Processing Agreement (DPA) prior to deployment. To request a DPA, contact us at privacy@securedylabs.dev.

We do not sell, rent, or trade your personal information. We may share your data only in the following circumstances: Service Providers: Trusted third parties who perform functions on our behalf, including cloud hosting, payment processing, email delivery, and analytics. These providers are contractually bound to data protection standards no less protective than this policy. Business Transfers: In connection with a merger, acquisition, or sale of substantially all of our assets, with advance notice provided to affected users. Legal Requirements: When required by law, court order, or lawful government request. Where legally permissible, we will notify you before complying. Protection of Rights: To protect the rights, safety, or property of Securedy Labs, our users, or the public from harm, fraud, or illegal activity. With Your Consent: For any other purpose with your explicit, prior consent. We never share student data with third parties for advertising, marketing, or any commercial purpose unrelated to the contracted educational service.

Account and profile data: Duration of active account plus 90 days after deletion request Authentication and session logs: 90 days rolling Usage telemetry: 12 months, then anonymized AEGIS threat event summaries: Configurable per deployment, default 90 days Financial and billing records: 7 years (legal and tax obligation) Support communications: 3 years after case closure Educational institution data: Returned or securely destroyed within 60 days of contract termination, or per the terms of the applicable Data Processing Agreement

We implement administrative, technical, and physical safeguards including encryption of data in transit (TLS 1.2+) and at rest (AES-256), least-privilege access controls, multi-factor authentication on all internal systems, regular internal security assessments and red team exercises, and incident response procedures aligned with NIST CSF and applicable breach notification laws. No transmission over the internet is 100% secure. In the event of a data breach affecting your rights, we will notify you as required by applicable law. For educational institutions, breach notification timelines are governed by the applicable Data Processing Agreement and applicable state law.

Depending on your jurisdiction, you may have the right to access, correct, delete, or receive a portable copy of your personal data; restrict or object to certain processing activities; and withdraw consent at any time without affecting prior processing. Parents of students under 18 and eligible students may also exercise rights under FERPA by contacting the educational institution directly. Securedy Labs will cooperate with institutions in responding to such requests. To exercise any of these rights, contact us at privacy@securedylabs.dev. We will respond within 30 days.

We use strictly necessary cookies for authentication and session management, and functional cookies for user preferences and UI state. Analytics cookies (anonymized) require consent for EU and UK users. We do not use marketing cookies. You can manage cookie preferences in your browser settings. Disabling strictly necessary cookies may impair service functionality.

Securedy Labs services are not directed at children under 16 (or 13 in the United States) outside of institutional deployments. We do not knowingly collect personal information directly from children. In K-12 institutional deployments, consent and compliance obligations are managed through the educational institution and the applicable Data Processing Agreement. If you believe we have inadvertently collected personal information from a child outside of an authorized institutional deployment, contact us immediately at privacy@securedylabs.dev and we will delete it promptly.

We may update this policy from time to time. Material changes will be communicated via email to registered users and by posting a notice on securedy.net no fewer than 14 days before the change takes effect. For educational institutions, material changes that affect data processing obligations will be communicated directly to the institution's designated contact. Continued use of our services after a change becomes effective constitutes acceptance of the updated policy.

Securedy Labs privacy@securedylabs.dev https://securedylabs.dev For urgent security matters: security@securedylabs.dev For educational institution DPA requests and FERPA inquiries: privacy@securedylabs.dev