Privacy Policy

Last updated: May 2025

Selki.io (“Selki”, “we”, “our”, or “us”) is committed to protecting the confidentiality, integrity, and availability of personal data. This Privacy Policy describes how we collect, use, disclose, store, and protect information when you access or use our website, platform, and related services (collectively, the “Services”).

This Policy is designed to align with recognized information security and privacy frameworks, including ISO/IEC 27001 and SOC 2 Trust Services Criteria (Security, Availability, Confidentiality, and Privacy).

By using Selki, you agree to the practices described in this Privacy Policy.

1. Organization & Scope

Selki is a cybersecurity monitoring platform focused on identifying external security risks, including credential exposure and vulnerabilities affecting publicly accessible digital assets.

Website: https://selki.io
Contact: help@selki.io

For purposes of applicable data protection laws, Selki acts as a Data Controller with respect to personal data processed through the Services.

This Privacy Policy applies to:

  • Visitors to our website
  • Customers and authorized users of the Selki platform
  • Business contacts and prospects

2. Information We Collect

We apply data minimization principles and collect only data that is necessary to deliver, secure, and improve our Services.

2.1 Information You Provide

  • Name and professional contact details (email, company name)
  • Account credentials and preferences
  • Domains and publicly accessible assets submitted for monitoring
  • Billing and subscription information (processed by third-party payment providers)
  • Support requests and communications

2.2 Information Collected Automatically

  • IP address
  • Device and browser metadata
  • Platform usage logs and timestamps
  • Approximate geographic location (country or region)
  • Cookies and similar technologies (see Section 10)

2.3 Security & Monitoring Data

As part of our cybersecurity Services, Selki may process:

  • Indicators of publicly available credential exposure
  • Metadata related to externally observable vulnerabilities
  • Signals derived from public sources related to domains or assets submitted by customers

3. Purpose of Processing

We process personal data for the following purposes:

  • Providing, operating, and maintaining the Services
  • Monitoring external security risks and generating alerts
  • Producing security reports and dashboards
  • Customer onboarding, authentication, and account administration
  • Billing, invoicing, and subscription management
  • Customer support and communications
  • Platform analytics, reliability, and performance improvement
  • Security monitoring, fraud prevention, and abuse detection
  • Compliance with legal and regulatory obligations

Personal data is not sold or used for unrelated profiling or advertising.

4. Legal Basis for Processing

Where applicable under GDPR and similar regulations, Selki processes personal data based on:

  • Performance of a contract
  • Legitimate interests, including security and service improvement
  • Consent, where explicitly obtained
  • Legal obligations

5. Information Security & Governance (ISO 27001 / SOC 2)

Selki maintains an information security management program aligned with ISO/IEC 27001 and SOC 2 principles, including:

  • Formal risk assessment and risk treatment processes
  • Documented security policies and procedures
  • Logical access controls and role-based access
  • Least-privilege enforcement
  • Change management and audit logging
  • Incident detection and response processes
  • Vendor and third-party risk management
  • Business continuity and availability controls

Access to personal data is restricted to authorized personnel with a legitimate business need.

6. AI-Assisted Processing

Selki may use automated and AI-assisted tools to:

  • Summarize security findings
  • Generate reports and insights
  • Improve signal classification and prioritization

Safeguards:

  • Sensitive data is not shared with third-party AI models
  • Only minimized, processed, or anonymized data may be used for AI-assisted reporting
  • No automated decision-making produces legal or similarly significant effects on individuals

7. Data Sharing & Disclosure

We share personal data only when necessary and under strict safeguards.

7.1 Service Providers

We may share limited data with vetted third-party providers that support:

  • Cloud infrastructure and hosting
  • Payment processing
  • Monitoring and logging
  • Customer communications

All providers are contractually obligated to:

  • Process data solely on our instructions
  • Maintain appropriate security controls
  • Comply with confidentiality obligations

7.2 Legal & Regulatory Requirements

We may disclose information if required to:

  • Comply with applicable laws or regulations
  • Respond to lawful requests from authorities
  • Protect the rights, security, or integrity of Selki, our users, or the public

8. International Data Transfers

Selki operates globally. Personal data may be processed in jurisdictions outside your country of residence.

When transferring data internationally, we implement appropriate safeguards, including:

  • Contractual protections
  • Industry-standard security measures
  • Organizational controls consistent with ISO 27001 and SOC 2

9. Data Retention

We retain personal data only for as long as necessary to:

  • Provide the Services
  • Meet contractual and legal obligations
  • Resolve disputes and enforce agreements
  • Maintain security and audit requirements

Upon account termination, data is deleted or anonymized in accordance with our retention policies, subject to legal requirements.

10. Cookies & Tracking Technologies

Selki uses cookies and similar technologies to:

  • Enable essential platform functionality
  • Maintain secure sessions
  • Analyze platform performance and usage

You can manage cookies through your browser settings. Disabling certain cookies may impact functionality.

11. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Request correction or deletion
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent
  • Lodge a complaint with a supervisory authority

Requests can be submitted to: privacy@selki.io

12. Incident Response & Breach Notification

Selki maintains documented incident response procedures aligned with recognized security standards. In the event of a personal data breach, we will:

  • Investigate and contain the incident promptly
  • Notify affected customers and authorities when legally required
  • Take corrective actions to prevent recurrence

13. Children’s Privacy

Selki is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

14. Third-Party Links

Our Services may include links to third-party websites. Selki is not responsible for their privacy practices or content.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Updates will be reflected by revising the “Last updated” date. Material changes may be communicated through the platform or via email.

16. Contact Information

For privacy or data protection inquiries, contact:

Email: help@selki.io
Website: https://selki.io

Ciberseguridad adaptativa para negocios modernos.
© 2025 TNA Cyber SPA