SpectraStrike Privacy Policy

Effective date: 2026-02-23

1. Policy Scope

This policy describes how data is handled in relation to SpectraStrike deployments.

It applies to:

• self-hosted customer deployments
• enterprise-managed environments
• future managed/SaaS service models (if offered)

2. Data Categories

Identity and Account Data

• operator identity metadata
• role and authorization metadata
• session and authentication events

Telemetry and Security Data

• task execution records
• scanner/integration outputs
• findings and evidence metadata
• operational logs and audit traces

Technical Platform Metadata

• API access patterns
• infrastructure/service error logs
• service health and control-plane events

3. Processing Purpose

Data is processed to:

• execute authorized security validation workflows
• correlate and score security-relevant telemetry
• provide audit, reporting, and compliance evidence
• maintain platform reliability and abuse prevention

No data is sold for advertising purposes.

4. Deployment Responsibility Model

Self-Hosted Mode

The customer organization is the data controller and retains infrastructure-level custody of platform data unless explicitly configured otherwise.

Managed/SaaS Mode (Future)

Nyxera Labs may operate as processor/sub-processor under contractual controls and documented security safeguards.

5. Security Controls

SpectraStrike supports privacy-aligned security controls, including:

• TLS/mTLS transport protections
• role-based access controls
• auditability for security-relevant actions
• hardened runtime and governance checks

6. Retention and Deletion

Retention policies are deployment-configurable. Customers are responsible for policy configuration and legal compliance in self-hosted mode.

7. Data Subject and Regulatory Requests

Requests regarding access, correction, deletion, or restriction should be submitted through customer governance channels or, where applicable, to Nyxera Labs support and privacy contacts.

8. International Transfer and Jurisdiction

Where data crosses jurisdictions, transfers must be governed by applicable legal mechanisms and enterprise agreements.

9. Policy Updates

This policy may be revised as architecture and service models evolve. Material changes should be recorded with revision date and governance approval.