Your Privacy
Matters to Us

This Privacy Policy describes how SpartanX Technologies, Inc., doing business as SpartanX (“SpartanX,” “we,” “us,” or “our”), collects, uses, and shares your personal information when you visit our website at https://www.spartanx.ai (the “Site”) or use our AI-powered cybersecurity platform and related services (collectively, the “Services”). This Privacy Policy also explains your rights regarding your personal information and how you can contact us if you have questions or concerns.

SpartanX is headquartered at 390 N Orange Ave #2300, Orlando, FL 32801, United States. You can contact us at legal@spartanx.ai or support@spartanx.ai for any privacy-related inquiries.

By accessing or using our Services, you agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with the practices described in this Privacy Policy, please do not use our Services.

This Privacy Policy is incorporated into and forms part of our Terms of Service. Any capitalized terms not defined in this Privacy Policy have the meanings given to them in our Terms of Service.

This summary provides key points from our Privacy Policy, but you can find out more details about any of these topics by using the table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with SpartanX and the Services, the choices you make, and the products and features you use. We collect information you provide directly to us, information we collect automatically when you use our Services, and information we may receive from third parties such as your cloud service providers when you integrate our Services with your existing infrastructure.

Do we process any sensitive personal information? We may process certain types of sensitive personal information related to cybersecurity vulnerabilities, system configurations, and security incidents as part of our AI-powered vulnerability management services. This information is processed solely for the purpose of providing our cybersecurity services and is subject to additional security measures and contractual protections.

Do we receive any information from third parties? We may receive information from third parties when you integrate our Services with your existing security tools, cloud platforms (such as Amazon Web Services, Microsoft Azure, or Google Cloud Platform), code repositories, or other systems as part of our vulnerability discovery and management services.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties, including our service providers such as Google Cloud Platform for hosting, Supabase for database services, and Stripe for payment processing. We do not sell your personal information to third parties.

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. You may have the right to access, correct, or delete your personal information, restrict or object to certain processing, and receive a copy of your personal information in a portable format.

How do you exercise your rights? The easiest way to exercise your rights is by contacting us at legal@spartanx.ai. We will consider and act upon any request in accordance with applicable data protection laws.

We collect personal information that you provide to us, information we obtain automatically when you use our Services, and information we may receive from third parties. The categories of personal information we collect depend on how you interact with us, our Services, and the requirements of applicable law.

Information You Provide to Us

Account and Registration Information. When you register for an account with SpartanX, we collect information such as your name, email address, company name, job title, phone number, and password. If you register using a third-party service such as Google or Microsoft, we may receive additional information from those services as permitted by their terms and your privacy settings.

Contact and Communication Information. When you contact us directly, such as when you request a demo, submit a support request, or communicate with our sales team, we may collect your name, email address, phone number, company information, the contents of your message or attachments you may send to us, and other information you choose to provide. We may also collect information when you participate in surveys, webinars, or other events we host.

Payment Information. When you purchase our Services, we collect payment information through our third-party payment processor, Stripe. This may include your billing address, payment method details, and transaction information. We do not directly store complete credit card numbers or other sensitive payment information on our systems.

Professional and Business Information. As part of providing our cybersecurity services, we may collect information about your organization's technical infrastructure, security policies, compliance requirements, and business needs. This information helps us tailor our Services to your specific requirements and provide more effective vulnerability management.

Information We Collect Automatically

Technical Information. When you access or use our Services, we automatically collect certain technical information, including your IP address, browser type and version, operating system, device identifiers, time zone settings, browser plug-in types and versions, and other technology on the devices you use to access our Services.

Usage Information. We collect information about how you use our Services, including the pages you visit, the features you use, the actions you take, the time and duration of your activities, and other usage statistics. This information helps us understand how our Services are being used and how we can improve them.

Location Information. We may derive your approximate location from your IP address. We do not collect precise geolocation information unless you specifically provide it to us or enable location services for our mobile applications.

Log Information. Our servers automatically record information when you use our Services, including your IP address, the date and time of your request, the pages you visit, your browser type, and other standard web log information.

Information We Receive from Third Parties

Integration Data. When you integrate our Services with your existing systems, we may receive information from your cloud service providers (such as Amazon Web Services, Microsoft Azure, or Google Cloud Platform), code repositories (such as GitHub, GitLab, or Bitbucket), security tools, and other third-party services. This information may include system configurations, vulnerability scan results, code analysis data, and metadata about your technical infrastructure.

Vulnerability and Security Data. As part of our AI-powered vulnerability management services, we may collect and analyze information about security vulnerabilities, system configurations, network topologies, application architectures, and other technical data necessary to identify, prioritize, and remediate security issues in your environment.

Business Partner Information. We may receive information about you from our business partners, resellers, or other third parties who refer you to our Services or with whom we jointly offer services. This information may include contact details and information about your interest in our Services.

Public Sources. We may collect information about security threats, vulnerabilities, and other cybersecurity intelligence from publicly available sources, security research databases, and threat intelligence feeds to enhance our Services and provide more comprehensive protection.

We use the personal information we collect for various purposes related to providing, improving, and protecting our Services. Our use of your personal information depends on the Services you use, how you use them, and your preferences.

Providing and Managing Our Services

Service Delivery. We use your personal information to provide our AI-powered cybersecurity services, including vulnerability discovery, investigation, prioritization, and remediation. Our autonomous AI agents analyze your systems and data to identify security vulnerabilities, assess their severity and potential impact, and generate recommendations for remediation. This processing is essential to deliver the core functionality of our Services.

Account Management. We use your account information to create and manage your user account, authenticate your identity, provide customer support, and communicate with you about your account and our Services. This includes sending you important notices about changes to our Services, security updates, and billing information.

Customization and Personalization. We use information about your organization's technical environment and security requirements to customize our Services to your specific needs. This includes configuring our AI agents to focus on the most relevant vulnerabilities for your environment and providing personalized recommendations based on your risk profile and business context.

Integration and Automation. We use technical information and integration data to connect our Services with your existing security tools, development workflows, and business systems. This enables our AI agents to automatically create tickets in your project management systems, generate pull requests for code fixes, and integrate with your existing security operations workflows.

Improving and Developing Our Services

Service Enhancement. We analyze usage patterns, performance metrics, and user feedback to improve our Services, develop new features, and enhance the effectiveness of our AI agents. This includes training and refining our machine learning models to better identify vulnerabilities, reduce false positives, and provide more accurate risk assessments.

Research and Development. We use aggregated and anonymized data to conduct research into cybersecurity trends, threat patterns, and vulnerability management best practices. This research helps us stay ahead of emerging threats and continuously improve our Services. We may also use this research to contribute to the broader cybersecurity community through publications, presentations, and open-source projects.

Quality Assurance. We use technical and usage information to monitor the performance and reliability of our Services, identify and resolve technical issues, and ensure that our AI agents are operating correctly and efficiently.

Communication and Marketing

Customer Communication. We use your contact information to communicate with you about our Services, including responding to your inquiries, providing technical support, sending service announcements, and sharing important updates about your account or our Services.

Marketing and Promotional Communications. With your consent or where permitted by law, we may use your contact information to send you marketing communications about our Services, industry insights, security best practices, and other content that may be of interest to you. You can opt out of these communications at any time by following the unsubscribe instructions in our emails or contacting us directly.

Event and Webinar Communications. We may use your information to invite you to webinars, conferences, training sessions, and other events that may be relevant to your professional interests and our Services.

Security and Compliance

Security Monitoring. We use technical information and log data to monitor our Services for security threats, unauthorized access attempts, and other suspicious activities. This helps us protect your data and maintain the security and integrity of our platform.

Fraud Prevention. We use account and payment information to detect and prevent fraudulent activities, unauthorized access to accounts, and other security incidents that could harm you or other users of our Services.

Legal Compliance. We use your personal information as necessary to comply with applicable laws, regulations, and legal processes. This may include responding to lawful requests from government authorities, complying with data protection regulations, and fulfilling our obligations under cybersecurity and data breach notification laws.

If you are located in the European Economic Area, Switzerland, or the United Kingdom, we only process your personal information when we have a valid legal basis to do so. The legal bases we rely on include:

Contract Performance

We process your personal information when it is necessary to perform our contract with you or to take steps at your request before entering into a contract. This includes creating and managing your account, providing our cybersecurity services as described in our Terms of Service, processing payments and managing billing, providing customer support and technical assistance, and delivering professional services you have requested.

Legitimate Interests

We process your personal information when it is necessary for our legitimate interests or the legitimate interests of a third party, provided that your rights and interests do not override those interests. Our legitimate interests include business operations, security and fraud prevention, customer relationship management, research and development, marketing, and legal protection.

Legal Compliance

We process your personal information when it is necessary to comply with a legal obligation to which we are subject. This includes complying with data protection laws and regulations, responding to lawful requests from government authorities, meeting cybersecurity and data breach notification requirements, fulfilling tax, accounting, and other regulatory obligations, and cooperating with law enforcement investigations when legally required.

Consent

In some cases, we process your personal information based on your consent. This includes sending you marketing communications where consent is required by law, using certain cookies and tracking technologies, processing special categories of personal data where required by law, and sharing your information with third parties for purposes not covered by other legal bases. You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your personal information in the following circumstances:

Service Providers and Business Partners

Cloud Infrastructure Providers. We use Google Cloud Platform to host and process your data. Google Cloud Platform provides enterprise-grade security and compliance certifications, and we have entered into appropriate data processing agreements to ensure your data is protected in accordance with applicable privacy laws.

Database and Authentication Services. We use Supabase to provide database and user authentication services. Supabase processes your account information and certain technical data necessary to provide these services securely and reliably.

Payment Processing. We use Stripe to process payments for our Services. Stripe receives and processes your payment information, billing address, and transaction details in accordance with their privacy policy and applicable payment card industry standards.

Other Service Providers. We may share your personal information with other trusted service providers who assist us in operating our business and providing our Services, including customer support and communication platforms, analytics and monitoring services, security and fraud prevention services, professional services providers (such as legal, accounting, and consulting firms), and marketing and advertising platforms (with appropriate privacy safeguards).

Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to the acquiring entity or successor organization. We will provide notice of any such transfer and any choices you may have regarding your personal information.

Legal Requirements and Protection

We may disclose your personal information when we believe in good faith that disclosure is necessary to comply with applicable laws, regulations, or legal processes; respond to lawful requests from government authorities or law enforcement; protect the rights, property, or safety of SpartanX, our users, or the public; investigate, prevent, or take action regarding illegal activities, suspected fraud, or violations of our Terms of Service; and enforce our agreements and policies.

Cybersecurity Threat Intelligence

With appropriate anonymization and aggregation, we may share threat intelligence and vulnerability information with the cybersecurity community, including security researchers and academic institutions, industry threat intelligence sharing organizations, government cybersecurity agencies (where legally required or permitted), and other cybersecurity vendors (for mutual protection purposes). This sharing is done in a way that does not identify you or your organization and helps improve overall cybersecurity for all users.

Data Storage

Primary Storage Location. Your personal information is primarily stored on servers operated by Google Cloud Platform in secure data centers located in the United States. Google Cloud Platform maintains industry-leading security certifications and compliance with various international data protection standards.

Database Services. We use Supabase for certain database and authentication services. Supabase provides secure, encrypted storage with regular backups and disaster recovery capabilities. All data stored with Supabase is encrypted both in transit and at rest.

Backup and Disaster Recovery. We maintain regular backups of your data to ensure business continuity and disaster recovery. These backups are stored securely and are subject to the same security measures as our primary data storage systems.

Security Measures

As a cybersecurity company, we understand the critical importance of protecting your data. We implement comprehensive security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Technical Safeguards. Our technical security measures include encryption (all data is encrypted in transit using TLS 1.3 or higher and at rest using AES-256 encryption or equivalent standards), access controls (multi-factor authentication, role-based access controls, and principle of least privilege access to your data), network security (firewalls, intrusion detection systems, and network segmentation to protect against unauthorized access), monitoring (continuous monitoring of our systems for security threats, anomalous activities, and potential data breaches), vulnerability management (regular security assessments, penetration testing, and vulnerability scanning of our own infrastructure), and secure development (security-by-design principles in our software development lifecycle, including code reviews and security testing).

Organizational Safeguards. Our organizational security measures include employee training (regular security awareness training for all employees who have access to personal information), background checks (appropriate background checks for employees with access to sensitive systems and data), confidentiality agreements (all employees and contractors sign confidentiality agreements regarding the protection of customer data), incident response (comprehensive incident response procedures to quickly identify, contain, and remediate security incidents), and compliance programs (regular compliance audits and assessments to ensure adherence to security standards and regulations).

Data Breach Notification

In the event of a data breach that affects your personal information, we will investigate the incident promptly and take immediate steps to contain and remediate the breach; notify affected users within 72 hours of becoming aware of the breach, or as soon as reasonably practicable; provide clear information about what happened, what information was involved, and what steps we are taking to address the incident; notify relevant regulatory authorities as required by applicable law; and cooperate with law enforcement and regulatory investigations as appropriate.

SpartanX is headquartered in the United States, and our primary data processing operations are conducted in the United States using Google Cloud Platform's infrastructure. If you are located outside the United States, your personal information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

When we transfer personal information from the European Economic Area, Switzerland, or the United Kingdom to countries that do not have an adequacy decision from the European Commission, we implement appropriate safeguards to protect your personal information, including Standard Contractual Clauses (we use the European Commission's Standard Contractual Clauses (SCCs) with our service providers to ensure adequate protection of personal information transferred outside the EEA), certification programs (we work with service providers who participate in recognized certification programs and adhere to international data protection standards), and additional safeguards (we implement additional technical and organizational measures to ensure the security and protection of transferred personal information, including encryption, access controls, and regular security assessments).

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. Our retention periods are based on the nature of the information, the purposes for which it is processed, and applicable legal requirements.

Account Information. We retain your account information for the duration of your relationship with us and for a reasonable period thereafter to comply with legal obligations and resolve any disputes. Typically, this is 7 years after account closure, unless a longer retention period is required by law.

Service Data. Data related to our cybersecurity services, including vulnerability assessments, security configurations, and remediation activities, is retained for the duration of your subscription and for up to 3 years thereafter to provide historical analysis and support ongoing security operations.

Communication Records. Records of communications with you, including support requests and sales interactions, are typically retained for 3 years to provide continuity of service and resolve any issues that may arise.

Payment Information. Payment and billing information is retained for the period required by applicable tax and accounting laws, typically 7 years.

Marketing Information. Information collected for marketing purposes is retained until you opt out of marketing communications or for 3 years from your last interaction with our marketing materials, whichever is sooner.

Log and Technical Data. System logs and technical data are typically retained for 1 year for security monitoring and system optimization purposes, unless longer retention is required for security incident investigation or legal compliance.

At the end of the applicable retention period, we will delete or anonymize your personal information in accordance with our data retention policies and applicable law. In some cases, we may retain anonymized or aggregated data for research and development purposes, provided that such data cannot be used to identify you.

Depending on your location and applicable privacy laws, you may have certain rights regarding your personal information. These rights may include:

Right of Access. You have the right to request information about the personal information we hold about you, including the categories of information, the purposes for which it is processed, and the recipients with whom it may be shared.

Right to Rectification. You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

Right to Erasure. You have the right to request that we delete your personal information in certain circumstances, such as when the information is no longer necessary for the purposes for which it was collected or when you withdraw your consent.

Right to Restrict Processing. You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the information or object to the processing.

Right to Data Portability. You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that information to another controller.

Right to Object. You have the right to object to the processing of your personal information in certain circumstances, particularly when the processing is based on legitimate interests or for direct marketing purposes.

To exercise any of these rights, please contact us at legal@spartanx.ai. We will respond to your request within the timeframes required by applicable law, typically within 30 days. We may need to verify your identity before processing your request to ensure the security of your personal information.

You can access and update certain personal information through your account settings in our Services. This includes your contact information, communication preferences, and certain service configurations. You can opt out of marketing communications at any time by clicking the “unsubscribe” link in our marketing emails, updating your preferences in your account settings, or contacting us at support@spartanx.ai.

Cookies are small text files that are stored on your device when you visit our website. We use cookies and similar tracking technologies to enhance your experience with our Services, analyze usage patterns, and provide personalized content.

Strictly Necessary Cookies. These cookies are essential for the operation of our Services and cannot be disabled. They enable core functionality such as user authentication, security features, and basic site navigation.

Functional Cookies. These cookies enhance the functionality of our Services by remembering your preferences and settings. They may be set by us or by third-party providers whose services we use.

Analytics Cookies. We use analytics cookies to understand how visitors interact with our Services. This information helps us improve our Services and user experience. We may use third-party analytics services such as Google Analytics for this purpose.

Marketing Cookies. With your consent, we may use marketing cookies to deliver relevant advertisements and measure the effectiveness of our marketing campaigns. These cookies may be set by us or by third-party advertising partners.

You can control and manage cookies through your browser settings. Most browsers allow you to view and delete cookies, block cookies from specific websites, block all cookies, and receive notifications when cookies are set. Please note that disabling certain cookies may affect the functionality of our Services.

In addition to cookies, we may use other tracking technologies such as web beacons (small graphic images that help us analyze user behavior and measure the effectiveness of our communications), local storage (browser-based storage that allows us to store information locally on your device for improved performance and functionality), and session replay tools (with appropriate privacy safeguards, we may use session replay tools to understand how users interact with our Services and identify areas for improvement).

Our Services are not intended for children under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at legal@spartanx.ai so that we can take appropriate action.

We may update this Privacy Policy from time to time to reflect changes in our practices, Services, or applicable laws. When we make material changes to this Privacy Policy, we will update the “Last Updated” date at the top of this Privacy Policy, notify you by email or through our Services, provide prominent notice on our website, and obtain your consent where required by applicable law.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal information. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We will respond to your inquiries promptly and work to address any concerns you may have about our privacy practices.