This Privacy Policy describes how Netsyn and its affiliates or operating entity, identified in final production materials as [Company Legal Name], collect, use, disclose, and protect information when customers, invited users, and website visitors access Netsyn services, including the marketing site, the application, suspicious message review tools, external scan features, reports, and related support workflows.

This document is a production-oriented draft for a cybersecurity SaaS product. It is not legal advice to any customer or visitor, and it should be finalized with counsel before publication.

We may collect account and workspace information such as name, business name, email address, phone number, billing contact details, user role, authentication identifiers, and subscription records.

We may collect customer-submitted content, including suspicious message text, uploaded email files, screenshots, notes, scan target domains, remediation notes, and other content a customer chooses to submit through the service.

We may collect scan results and technical metadata such as domain names, DNS records, certificate details, HTTP response information, security header status, exposed service indicators, scoring inputs, findings, and report history.

We may collect usage and device information such as browser type, approximate location derived from IP address, session timestamps, page interactions, feature usage, error logs, diagnostic data, and performance telemetry.

We may collect cookie and session data needed to maintain authentication, security controls, user preferences, fraud prevention, and operational analytics.

We use collected information to provide, operate, secure, maintain, and improve the service; authenticate users; associate users with workspaces; process subscriptions; generate external scan results; classify suspicious messages; produce summaries, reports, and recommended actions; and respond to support or operational requests.

We may also use information for product reliability, abuse prevention, fraud monitoring, capacity planning, internal analytics, security investigations, legal compliance, and protection of our rights, customers, personnel, and systems.

We do not use customer content to promise or represent guaranteed threat prevention, guaranteed detection, or guaranteed legal compliance outcomes.

Certain customer-submitted content, such as suspicious message text, uploaded files, screenshots, or related summaries, may be processed by third-party service providers that help us deliver classification, explanation, hosting, storage, authentication, analytics, billing, logging, and email delivery functions.

Where enabled, Netsyn may use AI or machine-learning service providers to analyze suspicious messages or generate plain-English summaries. Customer content sent to such providers is processed only to deliver the requested feature, subject to those providers' terms and configurations.

We expect to use vendors such as Supabase, Vercel, OpenAI, Stripe, Postmark, and other subprocessors selected by Netsyn. Final production materials should include a maintained subprocessor list or a process for providing one upon request where appropriate.

We use cookies and similar technologies for authentication, session continuity, security controls, fraud prevention, performance, and product analytics. Disabling certain cookies may impair core functionality, including the ability to sign in or stay signed in.

We do not represent that all analytics or tracking technologies are optional in all environments. Some are necessary to operate the service safely and effectively.

We do not sell customer content for monetary consideration. We may disclose information to service providers and subprocessors acting on our behalf, to professional advisers, in connection with a corporate transaction, to comply with law, or to protect the rights, security, or property of Netsyn, its customers, or others.

We may disclose limited data where reasonably necessary to investigate misuse, enforce our agreements, detect abuse, prevent fraud, respond to legal process, or address credible security incidents.

If a customer workspace is managed by an employer or organization, authorized administrators may access information associated with that workspace, subject to the customer organization's internal policies and our service design.

We retain information for as long as reasonably necessary to provide the service, maintain security and auditability, satisfy contractual obligations, resolve disputes, enforce agreements, comply with legal obligations, and preserve backup or recovery copies.

Retention periods may vary by data category. Suspicious message uploads, scan records, findings, and billing records may remain in backups or archived systems for a limited period after deletion requests or account termination.

We use administrative, technical, and organizational measures intended to protect information against unauthorized access, loss, misuse, or disclosure. These may include access controls, encryption in transit, scoped credentials, logging, environment-based secret storage, and vendor security features where available.

No method of transmission, storage, or analysis is completely secure. Netsyn does not guarantee that the service will be immune from compromise, misuse, or operational interruption.

Netsyn may operate or use service providers in multiple jurisdictions. Information may be transferred to, processed in, or accessed from countries other than the country where a customer or visitor is located, subject to the operational structure of our vendors and business.

Customers are responsible for evaluating whether the service is appropriate for their regulatory, contractual, and geographic requirements before uploading regulated or sensitive data.

We may disclose information when required or permitted by applicable law, regulation, legal process, governmental request, or to protect our rights, users, systems, or the public. We may challenge or narrow requests where appropriate, but we are not obligated to do so in every case.

Where applicable law grants access, correction, deletion, or similar rights, requests may be submitted using the contact information below. We may need to verify identity and workspace authority before acting on any request.

The service is intended for business use and is not directed to children. We do not knowingly design the service for use by children, and we request that customers do not submit child-directed content except where strictly necessary for legitimate business operations and legally permitted.

We may update this Privacy Policy from time to time. Material updates may be posted in the application, on the website, or through account communications. Continued use of the service after an update may constitute acceptance to the extent permitted by law.

Privacy and data requests should be directed to [privacy@netsynvector.com] or another address designated in final production materials. Notices may also be sent to [Company Legal Name], [Registered Address], [City, State ZIP], subject to future corporate confirmation.