This policy applies to titanaisec.com and to TITAN AI agents running in customer environments. The full GDPR-compliant DPA is available on request to EU and UK customers.
When you visit titanaisec.com we collect standard server logs (IP address, user-agent, referrer, requested URL) for security and abuse-prevention purposes. We do not run third-party advertising trackers. We do not run a session-replay tool.
When you submit the contact, demo, or trial form we collect the name, work email, company, and any free-text scope you provide. We retain this for sales follow-up only and delete it upon written request.
TITAN AI agents read your cloud control plane (Azure Resource Graph, Azure RBAC, Azure RBAC, etc.) to evaluate the controls in your tier. The findings emit to your storage, your ticketing platform, or your inbox under your control. We do not copy resource data into our infrastructure.
When the reasoning path invokes a third-party LLM, only finding metadata is sent. Raw IAM payloads, credential strings, and PHI / PII / PCI patterns are redacted before any model call.
EU and UK residents have GDPR rights of access, rectification, erasure, and portability. California residents have CCPA / CPRA equivalent rights. Send any privacy request to [email protected] and we respond within thirty days.
Website server logs are retained for ninety days, then aggregated. Sales-pipeline records are retained for two years from the last contact. License-enforcement audit logs are retained for the life of the contract plus one year for warranty claims.
Read-only scan. No credit card. Full evidence pack on every finding.