Skip to content

How we manage your data

AQtive Guard is a cybersecurity platform that secures Non-Human Identities (NHIs) and cryptographic assets used by AI agents and other entities in enterprise environments. This document provides transparency into our data management practices, outlining how we handle user data to ensure privacy and security. It applies to all users of AQtive Guard products and services. Please note that this document is part of, and subject to, our overall Terms & Conditions — it’s meant to provide additional insight into our data practices, but doesn’t replace or override any terms outlined in our main agreements.

Commitment to privacy

We recognize the critical importance of protecting your data and are dedicated to protecting the security and privacy of your data. Our goal is to safeguard your information while complying with applicable data privacy regulations, ensuring trust and confidence in our services.

Compliance with data privacy regulations

We prioritize your privacy and compliance with applicable laws. AQtive Guard applies industry-standard security measures to protect your data, ensuring transparent, secure, and trustworthy information handling.

For more detailed information about our privacy practices, please refer to our Privacy Policy.

Certifications

AQtive Guard is actively pursuing and committed to achieving the following certifications:

  • SOC 2 - SOC 2 is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). This certification process involves a thorough assessment of our controls related to security, availability, processing integrity, confidentiality, and privacy, demonstrating our commitment to protecting customer data.
  • ISO 27001 - ISO 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). This certification process demonstrates our ongoing commitment to systematically managing and protecting company and customer information.
  • FedRAMP Moderate authorization: FedRAMP Moderate authorization is a U.S. government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

Types of data we handle

To provide our services, AQtive Guard handles data in the following general categories:

  • Certificate and secret management data: We collect metadata about your digital certificates and secrets, such as details about their creation, usage, and lifecycle. We also store public keys and public certificates with their actual values. Private secrets, such as private keys, are collected only on an opt-in basis, requiring your explicit consent and configuration.
  • Asset inventory data: We collect information about your IT environment, including things like servers, applications, and the cryptographic assets they use, to provide you with a comprehensive view of your security posture.
  • Integration data: If you connect AQtive Guard with other security and IT tools, we handle data exchanged with those systems to provide centralized security management.
  • Security analysis data: This includes data generated by our platform to help you understand your security risks, such as alerts, rule configurations, and compliance information.
  • Account data: We collect the necessary information to manage your account, such as your email and contact details.
  • User analytics - We collect anonymous and aggregated usage patterns and behaviors to help us improve AQtive Guard usability and features.

For details about the information we collect, compliance with data privacy regulations, and your privacy rights ,please refer to our Privacy Policy.

How your data flows across AQtive Guard

Your data is transmitted to AQtive Guard through secure, encrypted channels. We process it to enable platform functionalities like monitoring, alerting, and reporting on cryptographic assets. The data flow involves:

  1. Ingestion: Collecting and normalizing data.
  2. Analysis: Evaluating data for security risks and compliance.
  3. Visualization: Transforming data into actionable insights.
  4. Storage: Securing data with access controls and encryption.

Data retention and storage

We handle your data with a focus on balancing the ability to recall historical information for purposes like audits and trend analysis with robust data privacy and security practices. Our approach ensures that we retain data only as long as necessary, optimizing for both utility and the protection of your information.

Data retention periods

Our data retention periods vary depending on the type of data, categorized into five tiers:

  • Very short: Up to 14 days
  • Short: Up to 2 months
  • Medium: Up to 6 months
  • Long: Up to 1 year
  • Very long: Up to 5 years.

For certain high-volume data streams, such as events, we limit retention to approximately 4 days. We carefully chose this short retention period to allow for system fault recovery. This ensures critical downstream effects are captured in other, more persistent data sets and minimizes the unnecessary long-term storage of transient data.

Data storage and security

To maintain optimal security and efficient data management, we use tiered storage. This means that older data is automatically moved to storage tiers designed for long-term retention with appropriate security controls. This approach allows us to manage data effectively while upholding our commitment to data protection.

Data compaction

We also employ data compaction for certain ID-based topics. This process ensures that we only retain the most current and relevant version of a data element, removing older, redundant versions once they have been merged or processed. This practice contributes to data integrity and limits the unnecessary proliferation of data.

Data security measures

AQtive Guard employs a comprehensive set of technical and organizational measures to protect your data, including:

  • Encryption: We use industry-standard encryption protocols to protect your data both in transit (using protocols such as TLS) and at rest.
  • Access controls: Access to customer data is strictly controlled based on the principle of least privilege. We implement role-based access control (RBAC) to ensure that only authorized personnel have access to the data necessary for their roles.
  • Authentication and authorization: We use strong authentication methods to verify user identities. Authorization mechanisms ensure that users can only access resources they are permitted to use.
  • Network security: Our network infrastructure is protected by firewalls, intrusion detection and prevention systems, and other security technologies to detect and prevent unauthorized access and malicious activity.
  • Vulnerability management: We conduct regular vulnerability assessments and penetration testing to identify and address potential security weaknesses in our systems.
  • Incident response plan: We have a well-defined incident response plan in place to effectively manage and mitigate any security incidents that may occur.
  • Employee training: All AQtive Guard employees undergo regular training on data security and privacy best practices.

Data sharing and third-party integrations

AQtive Guard integrates with various third-party services to enhance the functionality of our platform. When you choose to integrate with these services, certain data may be shared between AQtive Guard and the third-party provider. This data sharing is governed by your agreement with the third-party provider and our internal security protocols. We ensure that any third-party providers we work with adhere to appropriate security and privacy standards.

Contact us

If you have any questions or concerns about this Data Handling Policy or our data handling practices, please contact us at support@sandboxaq.com.