Privacy Policy

Last updated: October 13, 2024

1. Introduction

Warrn Inc. ("Warrn," "we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered incident management platform and related services (collectively, the "Service").

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

  • Account Information: Name, email address, phone number, job title, company name
  • Authentication Data: Passwords, security tokens, and multi-factor authentication codes
  • Profile Information: User preferences, timezone, notification settings
  • Billing Information: Payment details, billing addresses (processed by third-party providers)

2.2 Technical Data

We automatically collect technical information including:

  • System Monitoring Data: Incident alerts, system metrics, log files, performance data
  • Usage Data: Feature usage, session duration, click patterns, navigation paths
  • Device Information: IP addresses, browser type, operating system, device identifiers
  • Integration Data: Data from connected third-party tools and services

2.3 AI Training Data

Our AI systems analyze incident patterns and system behavior to improve automated responses. This analysis is performed on aggregated, anonymized data that cannot identify specific individuals or organizations.

3. How We Use Your Information

3.1 Service Provision

  • Provide, operate, and maintain the incident management platform
  • Process and respond to system incidents and alerts
  • Enable AI-powered triage and automated response workflows
  • Facilitate team collaboration and communication
  • Generate analytics and reporting capabilities

3.2 Service Improvement

  • Analyze usage patterns to improve platform performance
  • Train and improve AI models for better incident detection
  • Develop new features and functionality
  • Conduct security monitoring and threat detection

3.3 Communication

  • Send incident notifications and system alerts
  • Provide customer support and technical assistance
  • Send important service updates and security notices
  • Share product updates and educational content (with consent)

4. Data Sharing and Disclosure

4.1 With Your Consent

We may share your information with third parties when you provide explicit consent, such as integrating with external monitoring tools or services.

4.2 Service Providers

We work with trusted third-party service providers who assist in operating our Service:

  • Cloud infrastructure providers (AWS, Google Cloud, Azure)
  • Payment processors and billing services
  • Email and communication services
  • Analytics and monitoring tools
  • Customer support platforms

4.3 Legal Requirements

We may disclose your information when required by law, legal process, or to:

  • Comply with court orders, subpoenas, or legal obligations
  • Protect our rights, property, or safety
  • Investigate potential violations of our Terms of Service
  • Prevent fraud or other illegal activities

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction, subject to appropriate confidentiality protections.

5. Data Security

5.1 Security Measures

We implement comprehensive security measures including:

  • Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • Access Controls: Role-based access with principle of least privilege
  • Authentication: Multi-factor authentication and SSO integration
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Monitoring: 24/7 security monitoring and incident response
  • Regular Audits: Third-party security assessments and penetration testing

5.2 Compliance Certifications

We maintain various security certifications and compliance frameworks:

  • SOC 2 Type II certification
  • ISO 27001 compliance (in progress)
  • GDPR compliance for EU data protection
  • CCPA compliance for California residents

5.3 Data Breach Response

In the unlikely event of a data breach, we will notify affected users and relevant authorities as required by applicable laws, typically within 72 hours of discovery.

6. Data Retention

6.1 Retention Periods

  • Account Data: Retained while your account is active plus 90 days after termination
  • Incident Data: Retained for up to 3 years for analytics and pattern recognition
  • Log Data: Retained for 90 days for security and troubleshooting purposes
  • Billing Records: Retained for 7 years for tax and accounting requirements

6.2 Data Deletion

Upon account termination or upon request, we will delete or anonymize your personal data in accordance with our data retention schedule and applicable legal requirements.

7. Your Privacy Rights

7.1 General Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request information about how we process your personal data
  • Rectification: Correct inaccurate or incomplete personal data
  • Erasure: Request deletion of your personal data under certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your personal data
  • Objection: Object to certain types of processing

7.2 GDPR Rights (EU Residents)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.

7.3 CCPA Rights (California Residents)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it's used, and the right to opt-out of the sale of personal information.

7.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@warrn.io. We will respond to your request within 30 days.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Privacy Shield framework compliance (where applicable)
  • Adequacy decisions by relevant data protection authorities

9. Cookies and Tracking Technologies

9.1 Types of Cookies

We use the following types of cookies and similar technologies:

  • Essential Cookies: Required for basic platform functionality
  • Performance Cookies: Help us understand how users interact with our Service
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Provide insights into usage patterns and performance

9.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may limit the functionality of our Service.

10. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we may also notify you via email or through the Service.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us at: privacy@warrn.io