Privacy Policy

1. Introduction

Pericles Defense ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cybersecurity platform.

2. Information We Collect

Account Information

When you create an account, we collect:

• Username and email address
• First and last name
• Company name
• Password (stored as Argon2ID hash — we never store plaintext passwords)
• Language and theme preferences

Usage Data

We automatically collect:

• IP address (for security and audit logging)
• Browser user-agent (for session security)
• Login timestamps and activity logs
• Pages accessed and features used

Active Directory Data

When using AD-Supervision, your organization's Active Directory data is stored in isolated, dedicated databases. This data is never shared across tenants or accessed by other users.

3. How We Use Your Information

We use collected information to:

• Provide and maintain the platform
• Authenticate and authorize user access
• Generate security reports and compliance assessments
• Detect and prevent security threats (rate limiting, brute-force protection)
• Maintain audit trails for compliance purposes
• Improve our services and user experience
• Communicate service updates and security notices

4. Data Security

We implement multiple layers of security:

• TLS encryption for all data in transit
• AES-256-CBC encryption for sensitive data at rest
• Argon2ID password hashing
• CSRF protection on all forms
• Rate limiting (IP-based and per-account)
• Session security with Redis-backed storage
• Comprehensive audit logging
• Multi-tenant data isolation

5. Data Retention

We retain your data for the duration of your subscription plus 30 days. Audit logs are retained according to your plan's data retention policy. You may request deletion of your data at any time by contacting us.

6. Data Sharing

We do not sell, trade, or rent your personal information. We may share data only:

• With your explicit consent
• To comply with legal obligations
• To protect our rights and prevent fraud

7. Cookies

We use a session cookie (PERICLESSESS) that is essential for authentication. This cookie is:

• HttpOnly (not accessible via JavaScript)
• Secure (only transmitted over HTTPS)
• SameSite=Lax (CSRF protection)

We also use a language preference cookie (90-day expiry) to remember your interface language.

8. Your Rights

Under applicable data protection laws (including GDPR), you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request deletion of your data
• Restrict or object to processing
• Data portability

9. Contact

For privacy-related inquiries, contact us at contact@pericles-defense.com.