Legal

Privacy Policy

Last updated: 1 February 2026. This Privacy Policy explains how ThreatLens360 B.V. ('ThreatLens360', 'we', 'us', 'our') collects, uses, stores, and protects personal data when you use our services.

1. Data Controller

ThreatLens360 B.V. is the data controller for personal data processed through our platform and website. Our registered office is located in Amsterdam, the Netherlands. You can contact our Data Protection Officer at privacy@threatlens360.com.

2. Data We Collect

We collect the following categories of personal data:

Account Data

Name, email address, company name, job title, and billing information when you create an account or request a demo.

Usage Data

Log data, IP addresses, browser type, pages visited, and feature usage to improve our platform and provide support.

Communication Data

Email communications with our support and sales teams, webinar registrations, and newsletter subscriptions.

Platform Scan Data

Internet-observable security data about the domains and assets you add to ThreatLens360. This data is collected about your organisation's infrastructure, not about individuals.

3. Legal Basis for Processing

We process personal data on the following legal bases under GDPR:

  • Contract performance — to provide and support our services under your subscription agreement
  • Legitimate interests — for platform security, fraud prevention, and service improvement
  • Consent — for marketing communications and optional analytics (which you can withdraw at any time)
  • Legal obligation — for tax, accounting, and regulatory compliance purposes

4. Data Retention

We retain personal data for the following periods:

Account and billing dataDuration of subscription plus 7 years (for tax and legal purposes)
Platform scan and security data24 months from collection (to support historical trend analysis)
Support communications3 years from last interaction
Marketing communicationsUntil consent withdrawn or 3 years from last engagement

5. Data Sharing

We share personal data with the following categories of recipients:

  • Cloud infrastructure providers (AWS, operating within EU regions) — for platform hosting and data storage
  • Payment processors (Stripe) — for billing and subscription management
  • Analytics providers — only with your consent; data is anonymised where possible
  • Legal and professional advisors — as required for legal, tax, and regulatory compliance
  • Law enforcement — only when required by applicable law or legal order

We do not sell personal data to third parties. We do not share personal data with advertisers.

6. International Data Transfers

All personal data is stored and processed within the European Economic Area (EEA). Our primary data centres are in Ireland and Germany. We do not transfer personal data to countries outside the EEA without appropriate safeguards.

7. Your Rights

Under GDPR, you have the following rights regarding your personal data:

Right of access

Request a copy of the personal data we hold about you

Right of rectification

Request correction of inaccurate personal data

Right of erasure

Request deletion of your personal data (where applicable)

Right to portability

Receive your data in a structured, machine-readable format

Right to object

Object to processing based on legitimate interests

Right to withdraw consent

Withdraw consent at any time for consent-based processing

To exercise your rights, contact privacy@threatlens360.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

8. Cookies

We use essential cookies required for platform functionality and, with your consent, analytics cookies to improve our service. You can manage your cookie preferences at any time via the Cookie Settings link in our footer.

9. Contact Us

For privacy-related enquiries: privacy@threatlens360.com

For urgent data protection matters: dpo@threatlens360.com