Privacy Policy

1. Information We Collect

ORCA collects only the information necessary to provide cybersecurity intelligence and secure access to the platform.

• Personal Information: Name, business email address, and contact details.
• Authentication Data: Login credentials, MFA/2FA data, and secure session information.
• Leak Intelligence Data: Domains, URLs, and exposed credential information from known security breaches.
• Employee Email Data: Business email addresses and related metadata used for leak monitoring.
• Access Control Information: User domain permissions, role-based access rights, and authorization settings.

2. How we use your information

Your data is used to provide cyber threat intelligence for your organization.

• To authenticate you and manage your ORCA account.
• To detect, analyse and report data leaks affecting your domains.
• To improve platform reliability, performance and security.

3. Security

We implement technical and organizational measures to protect your data.

• HTTPS/TLS for all traffic and encryption for sensitive information.
• Secure SQL Server storage and restricted administrative access.
• Role-based permissions and support for strong authentication / MFA.

4. Data sharing

We do not sell personal data.

• Information may be shared with trusted service providers under strict contracts.
• We may disclose data when required by law or to protect our rights and users.
• Access to leak / intelligence data is limited to authorized security personnel.

5. Your rights & contact

Depending on applicable law, you may:

• Request access to, or correction of, your personal data.
• Request deletion or restriction of processing in certain cases.
• Object to non-essential communications or withdraw consent.

By using ORCA, you acknowledge that you have read and understood this Privacy Policy.