Privacy Policy

BlueTeamAutomation ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. It applies to all BlueTeamAutomation websites, services, and products, including but not limited to CVEasy AI, BASzy AI, BTA SIEM, BTA SOAR, BTA Comply, BTA Identity, BTA CodeGuard, BTA ThreatFeed, SAFEty Guard AI, and Roost.

Our core commitment: Our products are designed to run 100% on your hardware. We do not collect, store, or transmit any data from our desktop applications. Your vulnerability scans, threat intelligence, compliance data, and security configurations never leave your environment.

1. Local-First Architecture

All BlueTeamAutomation software products are built on a local-first architecture. This means:

• No cloud telemetry. Our applications do not phone home, transmit usage metrics, or send any data to our servers or any third-party service.
• No remote data processing. All vulnerability analysis, threat correlation, compliance mapping, attack simulation results, and AI-generated remediation guidance are computed and stored entirely on your local hardware.
• No account required for operation. Once licensed, our software operates fully offline with no dependency on external authentication services.
• Your data stays yours. We have zero visibility into what you scan, analyze, remediate, or report using our products. We cannot access your databases, configurations, or operational data under any circumstances.

2. Information We Collect on Our Website

When you visit our website or interact with our online services, we may collect the following information:

• Contact information: Email address provided through contact forms, newsletter signups, or product inquiry forms.
• Standard server logs: IP address, browser type, operating system, referring URL, pages visited, and timestamps. These are collected automatically by our hosting provider and used solely for security monitoring and performance optimization.
• Form submissions: Any information you voluntarily submit through contact forms, support requests, or product inquiries hosted via Netlify Forms.

We do not collect:

• Names, phone numbers, or physical addresses (unless you voluntarily provide them via a contact form)
• Payment card numbers or bank account details (handled entirely by our payment processor)
• Any data from our desktop software products
• Behavioral tracking data, fingerprinting data, or cross-site tracking identifiers

3. Payment Processing

All payment processing is handled by Stripe, Inc. When you purchase a license, Stripe collects and processes your payment information, including credit card number, billing address, and associated details. We receive only the following from Stripe:

• Your email address
• Purchase confirmation and transaction ID
• Subscription status (if applicable)
• The last four digits of your payment card (for customer support purposes only)

We never receive, store, or have access to your full payment card number, CVV, or banking credentials. Stripe's handling of your payment data is governed by Stripe's Privacy Policy. Stripe is PCI DSS Level 1 certified.

4. How We Use Your Information

We use the information we collect for the following purposes:

• License delivery: Sending license keys and product download links to your email after purchase.
• Product updates: Notifying you of new releases, security patches, and feature updates for products you have licensed.
• Customer support: Responding to support tickets, technical inquiries, and product feedback you initiate.
• Transactional communications: Sending purchase receipts, renewal reminders, and account-related notices.
• Website improvement: Analyzing aggregate, anonymized server log data to improve site performance and reliability.

We will never sell, rent, lease, or share your personal information with third parties for their marketing purposes. We do not engage in data brokering.

5. Email Communications

If you sign up for our mailing list, purchase a product, or submit a contact form, you may receive emails from us. These fall into two categories:

• Transactional emails: License keys, purchase receipts, support replies, and critical product security advisories. These are essential to the service and are not subject to opt-out while you hold an active license.
• Marketing emails: Product announcements, feature updates, and company news. You may unsubscribe from these at any time using the unsubscribe link included in every marketing email.

We use email delivery services to send communications. These providers process your email address solely to deliver messages on our behalf and are contractually prohibited from using your data for their own purposes.

6. Third-Party Services

Our website relies on the following third-party services:

• Stripe processes all payments. Subject to Stripe's Privacy Policy.
• Netlify hosts this website and processes form submissions. Standard server access logs may be retained per Netlify's Privacy Policy.
• Google Fonts serves web fonts. Subject to Google's Privacy Policy. Google may log your IP address when fonts are loaded.

We do not use any third-party analytics services (such as Google Analytics), advertising networks, social media tracking pixels, or behavioral profiling tools on our website.

7. Cookies and Tracking

This website does not set first-party tracking cookies. We do not use analytics scripts, retargeting pixels, or session-recording tools. The only cookies that may be present are:

• Essential infrastructure cookies: Set automatically by Netlify for load balancing and security purposes. These are strictly necessary and cannot be disabled.
• Payment session cookies: Set by Stripe during the checkout process to maintain your payment session. These expire after the transaction completes.

We do not participate in cross-site tracking, and we do not honor Do Not Track (DNT) headers because we do not track users in the first place.

8. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy:

• Email addresses from mailing list signups: Retained until you request removal or unsubscribe.
• Purchase records: Retained for as long as required by applicable tax and accounting regulations (typically 7 years).
• Support correspondence: Retained for 2 years after the last interaction, or until you request deletion.
• Server logs: Automatically purged by our hosting provider per their retention schedule (typically 30 days).
• Contact form submissions: Retained for 1 year or until you request deletion, whichever comes first.

9. Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete personal data.
• Right to erasure: Request deletion of your personal data ("right to be forgotten").
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Request a machine-readable copy of data you have provided to us.
• Right to object: Object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

Our legal basis for processing personal data is: (a) performance of a contract (license delivery, support), (b) legitimate interests (security monitoring, service improvement), and (c) consent (marketing communications). To exercise any of these rights, contact us at hello@blueteamautomation.com. We will respond within 30 days.

10. Your Rights Under CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to delete: Request deletion of personal information we have collected from you.
• Right to opt-out of sale: We do not sell personal information. We have never sold personal information.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.
• Right to correct: Request correction of inaccurate personal information.
• Right to limit use of sensitive personal information: We do not collect sensitive personal information as defined by the CPRA.

To exercise your CCPA rights, contact us at hello@blueteamautomation.com. We will verify your identity before processing your request and respond within 45 days.

11. International Data Transfers

BlueTeamAutomation is based in the United States. If you access our website from outside the United States, your information may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for any international transfer of personal data, including reliance on standard contractual clauses where applicable.

12. Data Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• HTTPS encryption for all website traffic
• PCI DSS Level 1 compliant payment processing through Stripe
• Strict access controls limiting employee access to personal data on a need-to-know basis
• Regular security reviews of our web infrastructure

No method of transmission over the internet is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

13. Children's Privacy

BlueTeamAutomation products are professional cybersecurity tools intended for use by adults. We do not knowingly collect personal information from anyone under the age of 16. If we discover that we have inadvertently collected data from a child under 16, we will promptly delete it. If you believe a child has provided us with personal information, please contact us at hello@blueteamautomation.com.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations. When we make material changes, we will update the "Effective date" at the top of this page and, where required, notify active customers by email. We encourage you to review this policy periodically. Your continued use of our website or services after changes are posted constitutes your acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle personal information, contact us at:

• Email: hello@blueteamautomation.com
• Subject line: Privacy Inquiry

We aim to respond to all privacy-related inquiries within 30 days.