Privacy Policy

1. Introduction

Sengard ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website (www.sengard.com), use our security awareness training platform, and use our mobile application ("Sengard" app, available on Android and iOS).

By accessing or using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access our website or use our services.

2. Information We Collect

2.1 Information You Provide

• Account registration details (name, email, organization, job title)
• Trial request and contact form submissions
• Payment and billing information (processed by our payment provider)
• Communications with our support team
• Training assessment responses and quiz results

2.2 Information Collected Automatically

• Device information (browser type, operating system, device identifiers)
• Usage data (pages visited, features used, time spent on platform)
• IP address and approximate geographic location
• Cookies and similar tracking technologies
• Phishing simulation interaction data (email opens, link clicks, credential submissions)

2.3 Information from Third Parties

• Single Sign-On (SSO) provider data when you authenticate via your organization's identity provider
• Dark web monitoring results related to your organization's domain
• Threat intelligence feeds used to create realistic simulations

2.4 Information Collected via Mobile Application

When you use the Sengard mobile app, we may additionally collect:

• Device identifiers: Unique device ID, device model, operating system version, and app version for diagnostics and security
• Push notification tokens: To deliver security alerts, training reminders, and phishing simulation notifications to your device
• Biometric authentication data: We use on-device biometric APIs (Face ID, fingerprint) for secure login. Biometric data never leaves your device and is not stored on our servers
• Camera access: Used only when you choose to take or upload a profile photo. Photos are uploaded to our servers; camera access is not used for any other purpose
• Network information: Connection type and status to optimize content delivery and offline access
• Local storage: Training progress, authentication tokens, and user preferences are stored securely on your device using encrypted storage

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing, maintaining, and improving our security awareness platform
• Delivering personalized training content and phishing simulations
• Generating risk assessments and analytics reports for your organization
• Processing trial requests and responding to inquiries
• Sending service-related communications and security alerts
• Detecting, preventing, and addressing technical issues and security threats
• Complying with legal obligations and enforcing our terms of service
• Improving our AI models to provide better security recommendations

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• With your organization: Training results, risk scores, and simulation data are shared with your organization's administrators
• Service providers: We use trusted third-party services for hosting, email delivery, analytics, and payment processing
• Legal requirements: When required by law, regulation, or legal process
• Business transfers: In connection with a merger, acquisition, or sale of assets
• With your consent: When you explicitly authorize us to share your information

5. Data Security

We implement industry-standard security measures to protect your personal information, including encryption in transit (TLS 1.2+) and at rest (AES-256), regular security audits, access controls, and intrusion detection systems. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. When an organization terminates their subscription, we retain data for up to 90 days before permanent deletion, unless a longer retention period is required by law. You may request deletion of your personal data at any time by contacting us.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing of your personal data
• Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, please contact us at [email protected].

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage patterns, and deliver relevant content. You can manage your cookie preferences through your browser settings. Essential cookies required for platform functionality cannot be disabled.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) approved by relevant data protection authorities.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: