Privacy Policy
Last updated: March 2026
SOCWarden ("we", "us", "our") operates the SOCWarden security observability platform. This Privacy Policy explains how we collect, use, store and protect information when you use our services, including our website, dashboard, APIs, SDKs and agent software.
1. Information We Collect
We collect the following categories of information:
a) Security Event Data
When you integrate SOCWarden into your application using our SDKs or agent, we receive security event data that your systems send to our ingest API. This may include IP addresses, user agent strings, request paths, authentication events, timestamps and other metadata you choose to include. This data is sent by your application on your behalf and is processed according to your configuration.
b) Account Information
When you create a SOCWarden account, we collect your name, email address, organization name and password. If you invite team members, we collect their name and email address.
c) Billing Information
If you subscribe to a paid plan, payment information (credit card number, billing address) is collected and processed directly by Stripe. We do not store your full credit card number on our servers. We retain a record of your subscription plan, billing history, and Stripe customer identifier.
d) Usage Analytics
We collect aggregated usage data such as event volume, API call counts, feature usage within the dashboard and error rates. This data helps us improve performance and reliability.
2. How We Process Your Data
Security events submitted to SOCWarden go through a multi-layer enrichment pipeline to provide you with actionable threat intelligence:
- Realtime enrichment: IP addresses are resolved against local GeoIP and ASN databases (provided by MaxMind) to determine geographic location and network information. User agent strings are parsed to identify device and browser details. IPs are checked against known Tor exit nodes, VPN endpoints, proxy servers, and datacenter IP ranges.
- OSINT threat feed lookups: IP addresses and URLs are checked against open-source threat intelligence feeds including Spamhaus, Feodo Tracker, Emerging Threats, CINS Army, blocklist.de, GreenSnow and URLhaus. Request payloads are analyzed for attack patterns such as SQL injection, cross-site scripting, path traversal and SSRF attempts.
- External API enrichment: Depending on risk signals, IP addresses may be submitted to AbuseIPDB for reputation scoring. Email addresses associated with events may be checked against the Have I Been Pwned (HIBP) API to identify compromised credentials. WHOIS lookups may be performed for domain and IP ownership information.
- AI-assisted analysis:High-risk or complex events may be submitted to Anthropic's Claude API for classification summaries and contextual analysis. Only the event metadata (IP, event type, enrichment results) is sent. No raw request bodies or customer application data is shared with the AI provider.
The output of this pipeline is a composite risk score (0-100), threat level classification and mappings to MITRE ATT&CK and OWASP frameworks, all of which are made available to you through the dashboard and alerts.
3. Data Retention
Security event data and associated enrichment results are retained according to your subscription plan:
- Free plan: 7 days
- Starter plan ($12/mo): 30 days
- Pro plan ($49/mo): 60 days
- Business plan ($99/mo): 90 days
Audit logs (records of dashboard actions, configuration changes, and API key management) follow the same retention period as your plan. After the retention period expires, data is permanently deleted from our systems within 48 hours.
Account information is retained for as long as your account is active. If you delete your account, all associated data (including event data, enrichment results and audit logs) is permanently deleted within 30 days.
4. Third-Party Services
We use the following third-party services to operate SOCWarden. Each service receives only the minimum data necessary for its function:
- MaxMind (GeoIP2):We use MaxMind's GeoIP databases locally on our servers for IP geolocation and ASN resolution. IP addresses are not transmitted to MaxMind. The databases are downloaded and queried on our infrastructure.
- AbuseIPDB: IP addresses flagged as potentially malicious are submitted to AbuseIPDB for reputation scoring. Only the IP address is shared.
- Anthropic (Claude):Event metadata for high-risk events may be sent to Anthropic's Claude API for AI-assisted classification and summarization. No raw request bodies or customer application data is included.
- Stripe: All payment processing is handled by Stripe. Your payment information is transmitted directly to Stripe and is subject to Stripe's Privacy Policy.
- Object Storage: We use isolated object storage for report exports and backup artifacts. Data stored is encrypted at rest.
5. Your Rights Under GDPR
If you are located in the European Economic Area (EEA), United Kingdom or Switzerland, you have the following rights regarding your personal data:
- Right of access: You may request a copy of the personal data we hold about you.
- Right to rectification: You may request that we correct inaccurate or incomplete personal data.
- Right to erasure: You may request that we delete your personal data, subject to legal obligations and legitimate interests.
- Right to data portability: You may request your data in a structured, commonly used, machine-readable format.
- Right to restriction: You may request that we restrict the processing of your personal data under certain circumstances.
- Right to object: You may object to the processing of your personal data for direct marketing or where processing is based on legitimate interests.
To exercise any of these rights, contact us at privacy@socwarden.com. We will respond to your request within 30 days.
6. Cookies
SOCWarden uses only essential cookies required for the functioning of the service. These include session cookies for authentication and CSRF protection tokens. We do not use tracking cookies, advertising cookies or any third-party analytics cookies. No cookie consent banner is required because we do not use non-essential cookies.
7. Security Measures
We implement industry-standard security measures to protect your data:
- Encryption in transit: All data transmitted between your systems and SOCWarden is encrypted using TLS 1.2 or higher.
- Encryption at rest: All data stored in our Databases and object storage are encrypted at rest.
- API key security: API keys are hashed before storage. Full API keys are displayed only once at creation time and cannot be retrieved afterward.
- Connection security: Database connections are managed through connection pooling with authenticated connections.
- Access control: Role-based access control within organizations ensures team members only access data appropriate to their role.
8. Children's Privacy
SOCWarden is a business-to-business service designed for software development teams and security professionals. Our service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice in the dashboard. Continued use of the service after changes take effect constitutes acceptance of the updated policy.
10. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at: