Privacy Policy

Effective date: 05th February 2024

1. Purpose & Scope

This policy governs the collection, processing, and retention of data within the system. The system is designed as a research and investigative tool available to authorized users. It enables analysis of various data sources to determine patterns, relationships, and context relevant to case-building and security research.

The system provides analytical tools that can be used for reporting, intelligence assessments, and investigative support. While the system facilitates structured analysis, responsibility for how the data is interpreted and applied lies solely with the user. Account holders may use the output for briefing, reporting, and related activities - we do not have access to data stored by "Account Owners".

Account Owners are responsible for the data they store in the system. The system does not monitor or regulate the content uploaded by users. It is the responsibility of the Account Owner to ensure that data storage and use comply with applicable laws and ethical guidelines.

2. Legal Basis for Data Processing

Data processing is justified under the public interest exemption, similar to legal, law enforcement, and journalistic standards. In cases where an individual is within a data protection jurisdiction, an audit flag is maintained, documenting the reason for storage and its necessity in the investigation or research project.

3. Data Collection & Retention

  • Data Types Collected: Facial images, timestamps, and location metadata associated with case-relevant images.
  • Retention Policy: Data is stored only for the duration necessary to complete investigative or research objectives. A periodic review mechanism ensures deletion of data that is no longer required.
  • Deletion Mechanism: Automatic or manual deletion processes ensure that outdated or irrelevant data is securely removed from storage systems.

4. Data Minimization & Accuracy

  • Only essential data relevant to investigations is retained.
  • Verification processes ensure accuracy in identification to minimize the risk of misidentification and false positives.
  • Human review mechanisms oversee automated identification results before conclusions are drawn.

5. Security & Access Control

  • Data is encrypted both in transit and at rest.
  • Strict role-based access control (RBAC) is implemented, allowing access only to authorized personnel.
  • Activity logs track and monitor data access to prevent unauthorized usage.

6. Handling Requests & Legal Compliance

  • If a legal request is made regarding stored data, it will be assessed against the public interest justification before any action is taken.
  • Individuals flagged under data protection laws have no direct deletion rights under this policy due to the investigative nature of the system, but audit logs ensure justifications are recorded.

7. Misidentification & Error Handling

  • A structured appeals and review process ensures that incorrect identifications are corrected.
  • Manual oversight ensures no action is taken purely based on automated results.

8. Automated Decision Making

We do not use automated decision-making. A human-in-the-loop process is implemented for data processing and extraction, ensuring manual oversight and validation.

9. Periodic Review & Policy Updates

This policy is subject to periodic review to align with evolving legal and ethical standards. Updates will be documented and implemented as necessary to maintain compliance and security integrity.

10. Information Collection and Use

We may collect personal information from Users for the purpose of billing when they engage with our services. This information may include but is not limited to, name, address, email address, and payment details. We may also collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include browser names, the type of device and technical information about Users' means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.

11. Cookies

We use cookies to enhance User experience while visiting our Site. Users may choose to set their web browser to refuse cookies or to alert them when cookies are being sent. Please note that some parts of the Site may not function properly if you disable cookies.

12. Disclosure of Information

We do not sell, trade, or rent Users' personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates, and advertisers for the purposes outlined above.

13. Website Privacy Policy

For privacy-related questions, contact us at support@threatstudies.com.