Privacy Policy

Last updated: October 9, 2025

1. Introduction

PXL Security LTD. ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how your personal information is collected, used, and disclosed by DfenAI when you use our cybersecurity threat intelligence services.

This Privacy Policy applies to our website, mobile applications, and related services (collectively, the "Service"). By using our Service, you agree to the collection and use of information in accordance with this policy.

We are committed to transparency about how we collect, use, and share your information. This policy is designed to help you understand your privacy rights and how to exercise them.

2. Information We Collect

Personal Information

We collect several types of information for various purposes to provide and improve our Service:

  • Contact information (name, email address, phone number)
  • Account credentials (username, password)
  • Company information (organization name, job title, department)
  • Billing information (payment method, billing address)
  • Communication data (support tickets, feedback, correspondence)

Technical Information

  • IP address and geographic location
  • Browser type and version
  • Device information and operating system
  • Usage data and service interactions
  • Log files and performance data

3. How We Use Your Information

We use the collected information for various purposes:

  • To provide and maintain our cybersecurity services
  • To process payments and manage subscriptions
  • To provide customer support and respond to inquiries
  • To send administrative information and service updates
  • To improve our services and develop new features
  • To detect, prevent, and address technical issues
  • To comply with legal obligations and protect our rights
  • To send marketing communications (with your consent)

4. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

  • With your explicit consent
  • To service providers who assist in our operations
  • To comply with legal obligations or court orders
  • To protect our rights, property, or safety
  • In connection with a business transaction (merger, acquisition, etc.)

All third-party service providers are contractually obligated to maintain the confidentiality and security of your personal information.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

  • SSL/TLS encryption for data transmission
  • AES-256 encryption for data at rest
  • Regular security audits and vulnerability assessments
  • Access controls and employee training
  • Incident response and breach notification procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

6. Data Retention

We retain personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Account information: For the duration of your account plus 3 years
  • Transaction records: 7 years for tax and compliance purposes
  • Support communications: 3 years after resolution
  • Usage logs: 1 year for security and optimization purposes

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data retention schedule.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request copies of your personal information
  • Rectification: Request correction of inaccurate information
  • Erasure: Request deletion of your personal information
  • Portability: Request transfer of your data to another service
  • Restriction: Request limitation of processing your information
  • Objection: Object to processing of your personal information
  • Consent Withdrawal: Withdraw consent for marketing communications

To exercise these rights, please contact us at security [at] dfen [dot] ai. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Service:

  • Essential cookies for service functionality
  • Analytics cookies to understand usage patterns
  • Preference cookies to remember your settings
  • Marketing cookies for targeted advertising (with consent)

You can control cookie preferences through your browser settings. Note that disabling certain cookies may affect service functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the EU Commission
  • Adequacy decisions for countries with equivalent protection
  • Binding Corporate Rules for intra-group transfers

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us immediately.

If we discover that a child under 18 has provided us with personal information, we will delete such information from our servers immediately.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Sending you an email notification
  • Displaying a prominent notice on our Service

Changes become effective when they are posted on this page. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

12. Underground Intelligence Sources

Our Active Threat Intelligence (ATI) platform collects data from underground sources for defensive cybersecurity purposes:

  • Underground sources: dark-web marketplaces/forums, dark Telegram channels, infostealer dumps (defensive use only).
  • PII minimization; no plaintext password storage; time-boxed retention for leaked credentials/artifacts.
  • Lawful basis: Legitimate Interests; DPIA maintained.
  • Acceptable use: no offensive use or re-publishing sensitive data.

13. Data Processing Agreement (DPA)

Enterprise customers requiring a Data Processing Agreement for GDPR compliance can access our comprehensive DPA:

📄 Our DPA includes:

  • EU Standard Contractual Clauses (SCCs) Module Two
  • Sub-processor details with data protection safeguards
  • Technical and organizational security measures
  • Data subject rights support procedures
  • International data transfer safeguards

Visit our Data Processing Agreement page to download the template or contact legal@dfen.ai to execute a signed DPA.

14. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Email: security [at] dfen [dot] ai

Data Protection Officer: dpo@dfen.ai

Legal Inquiries: legal@dfen.ai

Website: https://dfen.ai

Address: 12 Vasil Levski blvd., Sofia, Bulgaria