Clarion

Appearance

Privacy Policy

Last updated: March 2026

1. Introduction

Clarion ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Security Observability Platform ("Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with these practices, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name and company name
  • Password (stored in hashed form)
  • Phone number (optional, for 2FA)
  • Billing information (processed by our payment provider)

2.2 Agent Telemetry Data

Our security agent collects system-level telemetry data from your infrastructure, including:

  • Process Information: Process names, PIDs, command-line arguments, parent processes, user context
  • Network Events: Connection metadata (IPs, ports, protocols), DNS queries, network flows
  • File System Events: File access patterns, modifications, permission changes
  • System Calls: Security-relevant syscall information for threat detection
  • Container/Kubernetes Metadata: Pod names, namespaces, labels, container IDs

TIP

We do not collect the content of files, network payloads, or user credentials. Our agent is designed to collect only metadata necessary for security observability.

2.3 Usage Data

We automatically collect information about how you interact with our Service:

  • Log data (IP address, browser type, pages visited, timestamps)
  • Device information (operating system, device identifiers)
  • Feature usage patterns and preferences

2.4 Code Analysis Data (SAST)

If you use our SAST features, we process source code snippets for vulnerability analysis. Code is processed transiently and is not stored beyond the analysis session unless you explicitly save findings.

3. How We Use Your Information

We use the collected information to:

  • Provide the Service: Deliver security observability, threat detection, and compliance monitoring
  • Improve the Service: Analyze usage patterns to enhance features and performance
  • Threat Intelligence: Aggregate anonymized threat data to improve detection capabilities across all customers
  • AI Model Improvement: Use anonymized and aggregated interaction data from AI-powered features (Alert LLM Analysis, vCISO) to develop and improve our AI models and services
  • Communication: Send service updates, security alerts, and marketing communications (with consent)
  • Billing: Process payments and manage subscriptions
  • Legal Compliance: Meet regulatory requirements and respond to legal requests
  • Security: Detect and prevent fraud, abuse, and security incidents

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

4.1 Service Providers

Third-party vendors who assist in providing the Service, including:

  • Cloud infrastructure providers (AWS, GCP, Azure)
  • Payment processors (Stripe)
  • Email service providers
  • Analytics providers

These providers are contractually obligated to protect your data.

4.2 Business Transfers

If Clarion is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4.3 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal process or government requests
  • Protect our rights, privacy, safety, or property
  • Enforce our Terms of Service
  • Investigate potential violations

4.4 Aggregated Data

We may share aggregated, anonymized threat intelligence data with the security community to improve collective defense capabilities.

5. AI-Powered Features and Data Usage

Clarion uses AI and large language models (LLMs) to power features including Alert LLM Analysis and vCISO (AI Security Advisor). When you use these features:

  • Interaction data (queries, responses, and associated metadata) may be used to develop, train, and improve our AI models and services
  • Data is anonymized and aggregated before being used for model improvement — no individual customer data is used in identifiable form
  • Telemetry context provided to AI features (such as alert details, process trees, or compliance posture) is processed to generate responses and may contribute to improving detection accuracy and response quality
  • You retain ownership of your data — our use for model improvement does not transfer any intellectual property rights

Enterprise customers may opt out of AI model improvement by contacting their account manager. This opt-out does not affect the functionality of AI-powered features.

6. Data Retention

Data TypeRetention Period
Account InformationDuration of account + 30 days
Security Events (Hot Storage)Based on subscription plan (7-90 days)
Security Events (Cold Storage)Up to 1 year (Enterprise plans)
Incident ReportsDuration of account + 1 year
Audit Logs1 year (or as required by compliance)
Billing Records7 years (legal requirement)

7. Data Security

We implement comprehensive security measures to protect your data:

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access, multi-factor authentication, audit logging
  • Infrastructure: SOC 2 Type II certified data centers, network isolation
  • Monitoring: 24/7 security monitoring and incident response
  • Compliance: Regular security audits and penetration testing

Despite our best efforts, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights:

7.1 General Rights

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Export: Request your data in a portable format
  • Objection: Object to certain processing activities

7.2 GDPR Rights (EEA Residents)

If you are in the European Economic Area, you additionally have the right to:

  • Restrict processing of your data
  • Withdraw consent at any time
  • Lodge a complaint with your local supervisory authority

7.3 CCPA Rights (California Residents)

California residents have the right to:

  • Know what personal information is collected
  • Know whether personal information is sold or disclosed
  • Opt-out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising privacy rights

To exercise these rights, contact us at privacy@integritysec.io.

9. International Data Transfers

We operate globally and may transfer your data to countries outside your residence. For transfers from the EEA, UK, or Switzerland, we use:

  • Standard Contractual Clauses (SCCs)
  • Data Processing Agreements with appropriate safeguards
  • Adequacy decisions where applicable

You may request a copy of our data transfer mechanisms by contacting us.

10. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and preferences
  • Analyze Service usage
  • Personalize your experience

You can control cookies through your browser settings. Disabling cookies may affect Service functionality.

TypePurposeDuration
EssentialAuthentication, securitySession
FunctionalPreferences, settings1 year
AnalyticsUsage analysis2 years

11. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.

12. Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at privacy@integritysec.io.

Clarion Security Observability Platform

© 2026 IntegritySec