This Privacy Policy explains how DefZero collects, uses, stores, and protects personal data in connection with the beta website, beta access requests, onboarding communications, and use of the SecRaptor service.
DefZero is an unincorporated sole proprietorship (eenmanszaak) established in the Netherlands and is the controller for the personal data described in this policy for the beta site and related account onboarding processes.
DefZero is registered with the Netherlands Chamber of Commerce (KVK) under number 93371896.
For privacy or data protection questions, contact [email protected] or [email protected].
We may collect personal data directly from you, from your organization, and from service usage.
Business email and related request details are required to review a beta or demo request, verify that the request is associated with the correct organization, communicate next steps, and coordinate manual onboarding. If required request information is not provided, DefZero may be unable to review the request, schedule a demo, or provide beta access.
Depending on the context, we process personal data on the basis of contract, legitimate interests, consent, and legal obligations.
We do not sell personal data. We may share personal data with service providers that help us host the site, provide email delivery, secure the service, and operate the platform.
Where CAPTCHA, bot-detection, email delivery, hosting, logging, or security tooling is configured, those providers may process technical and contact data needed to provide those services.
The main recipient categories are hosting and infrastructure providers such as AWS, CDN and security providers such as Cloudflare, Cloudflare Web Analytics where enabled, email delivery providers, CAPTCHA and bot-detection providers, and logging or security operations tooling.
We may also disclose information where required by law, to enforce our terms, to protect rights and security, or in connection with a corporate transaction.
The beta site may use Cloudflare Web Analytics to understand beta launch traffic, page views, and basic site performance. DefZero does not use advertising cookies, marketing pixels, or cross-site tracking technologies. Web analytics is loaded by the beta site only after the visitor accepts the cookie and analytics notice. DefZero may keep a consent record containing the visitor's IP address, browser or user-agent information, time of acceptance, consent version, and choice so it can evidence the acceptance and handle misuse or disputes. The site may use strictly necessary cookies for security, session integrity, CSRF protection, rate limiting, and form submission. The site may also use local storage to remember interface preferences such as theme choice and to remember that the cookie notice has been acknowledged.
Because the site may be served through Cloudflare and hosted on AWS or similar infrastructure, those providers may process visitor IP addresses, request metadata, security signals, and technical logs needed to deliver, secure, measure, and operate the site. If Cloudflare Web Analytics, Cloudflare Turnstile, or another CAPTCHA/bot-detection service is enabled, that provider may process technical signals needed to measure visitor traffic, site performance, or distinguish human visitors from automated abuse.
If advertising, tracking pixels, cross-site tracking, or other non-essential cookies are added later, DefZero will update this policy and request consent where required before using them.
We aim to use providers and hosting arrangements that are suitable for business and security use, with EU/EEA hosting preferred where available. Where personal data is transferred outside the EU/EEA, we rely on lawful transfer mechanisms and appropriate safeguards, such as adequacy decisions, the EU-U.S. Data Privacy Framework where applicable, or Standard Contractual Clauses.
We retain personal data for as long as reasonably necessary for the purposes described in this policy, including onboarding records, security logging, support handling, legal compliance, and dispute resolution.
Beta verification tokens expire after 24 hours. Expired unverified signup records may be deleted after 30 days. Declined, inactive, or non-proceeding demo and beta requests may be retained for up to 12 months. Approved beta, onboarding, legal acceptance, and beta-scope records may be retained for the duration of the beta relationship and up to 7 years where needed for business records, audit, legal compliance, enforcement, or defence of claims.
Ordinary request records are generally kept in hashed or pseudonymized form where practical and are generally retained for up to 90 days. Security-event records, including raw IP addresses and technical details connected to suspected abuse, attacks, unauthorized scanning, excessive requests, or other misuse, may be retained for up to 24 months, or up to 5 years for confirmed serious security incidents or legal disputes.
Cookie and analytics consent records may be retained for up to 24 months, or longer where needed to establish, exercise, or defend legal claims.
If a beta request does not proceed, we may still retain limited records needed for abuse prevention, audit, or legal purposes.
Legal-acceptance, beta-scope, rejected Target submission, and onboarding records may be retained where necessary to evidence customer instructions, enforce beta boundaries, or establish, exercise, or defend legal claims.
We use reasonable technical and organizational measures to protect personal data, including access controls, logging, anti-abuse measures, and security-focused operational practices.
Email addresses are stored for communication, verification, demo coordination, and beta onboarding. Application logs should avoid recording raw requester email addresses during normal email sending; email-related events may use counts, status values, or hashed fingerprints instead.
Subject to applicable law, you may have rights to access, correct, delete, restrict, object to, or port certain personal data, and to withdraw consent where consent is the basis for processing.
To exercise a privacy right, contact [email protected] with enough information for us to identify your request.
We may update this Privacy Policy from time to time. The current version published on this beta site applies from its stated effective date.
