Purpose & Scope
Effective Date: February 22, 2026
This privacy policy explains how Red Saki (“we”, “us”, “our”) collect, use, store, disclose, and protect personal information processed through the Red Saki products.
When any of Red Saki’s products are deployed by an organization, Red Saki acts as a Data Processor on behalf of your employer or service provider (the Data Controller). If you are using our products as part of your employment, please consult your organization’s internal privacy policy for details on their security monitoring practices.
Google Limited Use Compliance: Our use and transfer of information received from Google APIs to any other app will adhere to the Chrome Web Store Program Policies (https://developer.chrome.com/docs/webstore/program-policies/policies), including the Limited Use requirements.
Information We Collect
We only collect data that is strictly necessary to provide cybersecurity protection and threat detection.
| Category | Examples |
| Device & Browser Data | OS Version, Device Model, Browser Version, Installed Extensions |
| Network & Traffic Metadata | URL of visited pages, HTTP request / response headers, timestamps, referrer |
| Local Storage Data | Cached threat signatures, local event logs, configuration settings |
| Security Event Data | Threat signatures, malware detections, blocked requests |
| User Provided Data | Email address (for administrative account logins) |
| Telemetry / Usage Metrics | Feature usage (e.g. product features that are enabled or disabled), error codes |
| Location Data | Approximate IP Based geolocation |
How We Use the Information
We process your data only for the following “Limited Use” purposes:
- Provide & Improve Security: To block malicious domains, prevent data exfiltration, and update threat models.
- Operate the Platform: To verify license status and monitor system health.
- Critical Communication: To send security alerts or transactional messages regarding your account.
- Compliance: To comply with legal obligations or enforce our Terms of Service.
Note: We do not use your data to serve advertisements, build consumer profiles, or for any purpose unrelated to the security services provided.
How We Share Information
We apply a strict “Zero-Sale” policy. We do not sell, rent, or trade any data collected via our products to third parties.
| Recipient | Reason for Sharing | Safeguards |
| AWS | Hosting our backend and security engines | Encrypted at rest (AES-256) and in transit (TLS 1.2+) |
| Threat Intel Providers | To check hashes against global malware databases | Data is hashed / anonymized; no PII is transmitted |
| Sub Processors | Logging or infrastructure monitoring | Governed by strict Data Processing Agreements (DPAs) |
| Legal Authorities | Only when required by a valid, binding legal order | We disclose only the minimum information required |
Retention
| Data Type | Retention Period |
| Raw Event Logs | 90 days default (admin configurable) |
| Aggregated analytics | Indefinitely (anonymized) |
| User account data | Until account deletion |
| Local browser logs | Deleted upon product uninstall |
Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Security
We implement an Enterprise-grade security stack to protect your data:
- Vulnerability Management: We conduct regular penetration testing and quarterly security audits.
- Principle of Least Privilege (PoLP): Access to user data is strictly limited to authorized personnel with a documented business need.
- Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256-GCM).
- Local Data Safety: Data stored within the browser is protected by Chrome’s sandbox environment.
Your Rights (GDPR / CCPA / LGPD)
Depending on your location, you may have the following rights:
- Right to Access/Portability: Request a copy of your data in a structured format.
- Right to Erasure: Request that we delete your personal data.
- Right to Object/Restrict: Limit how we process your data.
- Right to Rectification: Correct inaccurate information.
To exercise these rights, please contact [email protected]. If you are an employee of a client organization, please contact your IT administrator or service provider first.
Changes to this policy
We may update this policy to reflect changes in our legal requirements. We will notify you of any material changes via a notification within the product and to administrators. Continued use after the “Effective Date” constitutes acceptance.
Contact
Privacy Team Email: [email protected]