Logo
LEGAL

Privacy policy for Suregrid

This policy describes how SurePass Technologies Private Limited collects, uses, and protects personal data when you use the Suregrid platform and its associated services.

Terms of ServiceSecurity Practices

Overview

SurePass Technologies Private Limited ("SurePass", "we", "us", or "our") operates the Suregrid platform, which provides unified compliance automation, cloud security posture management, and AI-powered penetration testing services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our platform, website, and related services (collectively, the "Services").

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of our Services.

Information We Collect

Account and Identity Data

When you create an account or request a demo, we collect your name, email address, company name, job title, and phone number. For enterprise customers, we may also collect billing contact information and procurement details necessary to establish your subscription.

Platform Usage Data

We collect information about how you interact with Suregrid, including which features you use (SureComply, SureCloud, SureHunt, SurePilot), compliance frameworks configured, cloud environments connected, pentests initiated, dashboards viewed, and actions taken within the platform. This data helps us improve the service and provide support.

Cloud Environment Data

When you connect your cloud infrastructure to SureCloud, we access configuration metadata, security group settings, IAM policies, and resource inventories from your AWS, Azure, or GCP environments. We access only the minimum permissions required to perform security posture assessments. We do not access the contents of your databases, storage buckets, or application data unless explicitly authorized for penetration testing via SureHunt.

Compliance and Audit Data

SureComply processes evidence artifacts, policy documents, and audit-related records that you upload or that are collected automatically from connected integrations. This may include screenshots, configuration exports, employee records related to security training, and access review logs.

Penetration Testing Data

When you run AI-powered pentests through SureHunt, we generate and store findings, proof-of-concept evidence, vulnerability reports, and remediation recommendations. Testing is conducted only against targets you explicitly authorize and within the scope you define.

Technical and Device Data

We automatically collect IP addresses, browser type, operating system, device identifiers, and access timestamps when you use our website or platform. We use this information for security monitoring, fraud prevention, and service optimization.

How We Use Your Information

We use collected information to: (a) provide, maintain, and improve the Suregrid platform and its three pillars; (b) process compliance assessments, cloud security scans, and penetration tests you initiate; (c) power SurePilot AI features including questionnaire completion, risk prioritization, and remediation guidance; (d) send transactional communications such as security alerts, compliance status updates, and pentest completion notifications; (e) provide customer support and respond to inquiries; (f) detect, prevent, and address technical issues, security threats, and abuse; (g) comply with legal obligations and enforce our terms.

AI and Machine Learning

SurePilot and SureHunt use machine learning models to analyze security posture, prioritize risks, and generate penetration testing strategies. Models are trained on generalized security patterns and threat intelligence. We do not use your proprietary compliance evidence, cloud configurations, or pentest results to train models that serve other customers. Your data remains isolated within your tenant.

Data Sharing and Disclosure

We do not sell your personal information. We may share data with: (a) service providers who assist in hosting, analytics, payment processing, and customer support, under strict confidentiality agreements; (b) auditors and certification bodies when you explicitly authorize sharing for compliance audit purposes; (c) law enforcement or regulatory authorities when required by applicable law, court order, or governmental regulation; (d) parties involved in a merger, acquisition, or asset sale, with advance notice to affected customers.

Data Retention

We retain account data for the duration of your subscription and for a reasonable period afterward to fulfill legal and contractual obligations. Compliance evidence, cloud scan results, and pentest reports are retained according to the retention schedule you configure in your organization settings, with a default of 24 months. You may request deletion of your data at any time by contacting our data protection team.

Data Security

We implement industry-standard technical and organizational measures to protect your data, including AES-256 encryption at rest, TLS 1.3 encryption in transit, role-based access controls, multi-factor authentication, network segmentation, continuous monitoring, and regular third-party security assessments. Suregrid is SOC 2 Type II certified and maintains compliance with ISO 27001. For details on our security practices, see our Security page.

International Data Transfers

SurePass Technologies is headquartered in India. If you are located outside India, your data may be transferred to and processed in India or other jurisdictions where our service providers operate. We ensure appropriate safeguards are in place for cross-border transfers, including standard contractual clauses and adequacy assessments as required by applicable data protection laws.

Your Rights

Depending on your jurisdiction, you may have the right to: access the personal data we hold about you; correct inaccurate or incomplete data; request deletion of your personal data; restrict or object to certain processing activities; receive your data in a portable format; withdraw consent where processing is based on consent. To exercise any of these rights, contact us at privacy@surepass.io. We will respond within 30 days or as required by applicable law.

Cookies and Tracking

Our website uses essential cookies required for platform functionality, as well as optional analytics cookies to understand usage patterns. You can manage cookie preferences through your browser settings or our cookie consent mechanism. We do not use tracking technologies for advertising purposes.

Children's Privacy

Suregrid is a business-to-business platform and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, contact us immediately and we will take steps to delete it.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes via email or through a prominent notice on our platform at least 30 days before the changes take effect. Your continued use of the Services after such notice constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact: SurePass Technologies Private Limited, Data Protection Team, email: privacy@surepass.io. For compliance-related inquiries, you may also reach us at compliance@surepass.io.