Privacy Policy

1. Information We Collect

1.1 Account Information

When you register for an account, we collect information such as:

• Name, email address, and job title
• Organization name and billing address
• Authentication credentials (passwords are stored using industry-standard hashing)
• SSO/LDAP identity provider metadata

1.2 Transaction Data

When you use the Service to evaluate transactions, we process the data you submit, which may include:

• Order details (amounts, timestamps, product information)
• Customer identifiers (email addresses, phone numbers, device fingerprints, IP addresses)
• Payment method metadata (card BINs, payment type)
• Shipping and billing address information

Personally identifiable information (PII) within transaction data is hashed during the ingestion process using SHA-256 before being stored for graph analysis and entity resolution. Raw PII is retained only as long as needed for real-time scoring.

1.3 Usage Data

We automatically collect information about how you use the Service, including:

• Dashboard activity (pages visited, features used, search queries)
• API usage patterns and request metadata
• Browser type, operating system, and device information
• IP address and approximate geographic location
• Log data and error reports

1.4 Cookies and Similar Technologies

We use cookies and similar technologies to maintain your session, remember preferences, and analyze usage patterns. See Section 8 for more details.

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Process transactions, execute fraud detection rules, calculate risk scores, and generate alerts
• Maintain and improve: Monitor performance, diagnose issues, and develop new features
• Train and improve models: Use aggregated, de-identified data to enhance our fraud detection algorithms and machine learning models
• Communicate: Send service announcements, security alerts, and respond to support requests
• Ensure security: Detect and prevent unauthorized access, abuse, or fraudulent use of the Service itself
• Comply with law: Meet legal obligations, respond to lawful requests, and enforce our Terms of Service

3. Data Processing Roles

3.1 As a Data Processor

When you submit transaction data through the Service for fraud detection, we act as a data processor on your behalf. You remain the data controller and are responsible for ensuring that you have appropriate legal bases (e.g., legitimate interest, consent) to process the personal data of your customers.

3.2 As a Data Controller

For account information, usage data, and marketing communications, we act as the data controller. We process this data based on our legitimate interests in providing and improving the Service, or based on your consent where required.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information in the following circumstances:

• Service providers: With trusted third-party vendors who help us operate the Service (e.g., cloud hosting, monitoring, analytics) under strict data processing agreements
• Legal requirements: When required by law, regulation, legal process, or governmental request
• Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice
• With your consent: When you explicitly authorize us to share data with a third party
• Aggregated data: We may share de-identified, aggregated statistics that cannot be used to identify you or your customers

5. Data Security

We implement comprehensive security measures to protect your data, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• PII hashing (SHA-256) during ingestion for graph and analytical storage
• Role-based access control (RBAC) with audit logging
• Network segmentation and firewall protection
• Regular security assessments and penetration testing
• Incident response procedures with notification within 72 hours of confirmed data breaches

While we strive to protect your data, no system is completely secure. We encourage you to use strong passwords and enable multi-factor authentication for your account.

6. Data Retention

We retain data according to the following principles:

• Account information: Retained for the duration of your active subscription and for up to 12 months after termination
• Transaction data: Retained in accordance with your subscription agreement, typically up to 24 months, unless a longer retention is required by law
• Hashed PII and graph data: Retained for the duration of your subscription to maintain entity resolution accuracy
• Usage and log data: Retained for up to 12 months for operational and security purposes
• Scoring results: Retained according to your configuration, with a default of 90 days

Upon termination, you may request a full export of your data within 30 days. After the retention period, data is securely deleted or irreversibly anonymized.

7. Your Rights (GDPR and Other Regulations)

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Request that we limit the processing of your data
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to the processing of your data for specific purposes
• Withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at info@argusmesh.ai. We will respond to your request within 30 days.

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

8. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential cookies: Required for the Service to function (authentication, session management, CSRF protection). These cannot be disabled.
• Functional cookies: Remember your preferences such as theme settings and dashboard configurations
• Analytics cookies: Help us understand how the Service is used so we can improve it. We use privacy-respecting analytics that do not track users across sites.

We do not use third-party advertising cookies. You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Service.

9. International Data Transfers

Your data may be processed in countries other than your own. When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with all sub-processors
• Compliance with applicable data transfer frameworks

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

11. Third-Party Integrations

The Service may integrate with third-party platforms (e.g., payment processors, e-commerce systems) at your direction. We are not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party services you connect to Argus Mesh.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where practical, by email. The "Last updated" date at the top of this page indicates when the policy was last revised.

Your continued use of the Service after changes to this policy constitutes acceptance of the updated terms.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Email: info@argusmesh.ai
• Website: argusmesh.ai

For GDPR-related inquiries, you may also reach our Data Protection Officer at info@argusmesh.ai.