Privacy Policy
1. Scope
This policy covers data processed through the EventQuery Sentry website (eqsentry.io), the customer portal (portal.eqsentry.io), and the EQS Sentry Agent (ATA) deployed on Windows and macOS endpoints. A separate Data Processing Agreement (DPA) governs customer telemetry processed on a customer's behalf.
2. Data we collect
Account & billing data
- Name, work email, company name, and role of portal users.
- Authentication data (hashed passwords, MFA enrolment, SSO identifiers).
- Subscription, plan, and billing-contact details.
Endpoint telemetry (processed for customers)
- Security and operational events — e.g. Windows Event IDs and macOS unified-log entries (logons, process/service changes), device inventory, and configuration state — collected by the agent on a customer's instruction.
- Telemetry is queried on demand or streamed; it is isolated per tenant and used only to provide the service to that customer.
Service & usage data
- Portal activity, audit events, support tickets, and diagnostic logs used to operate and secure the platform.
3. How we use data
- To provide fleet querying, triage, automated remediation, and IT-support workflows.
- To generate point-in-time compliance evidence at a customer's request.
- To authenticate users, secure the platform, prevent abuse, and meet legal obligations.
- To provide support and to bill for the service.
4. AI processing
Some features use AI models (provided by Anthropic) to translate raw event data into readable narratives and to triage incidents. Telemetry processed by these features is handled under contract and is not used to train public or third-party foundation models. AI output is advisory and may be incomplete or incorrect; see our Terms of Service.
5. Sub-processors
We rely on a limited set of sub-processors to deliver the service, including Microsoft Azure (cloud hosting and infrastructure) and Anthropic (AI processing). A current list is available on request at privacy@eqsentry.io. We require sub-processors to maintain appropriate safeguards.
6. How we share data
We do not sell personal data. We share data only with the sub-processors above, at a customer's direction, or where required by law or to protect rights and safety.
7. Security
Data is encrypted in transit (TLS 1.3) and at rest (AES-256), isolated per tenant, and protected by role-based access control and MFA. Device secrets are scoped per device and stored hashed. See our Security overview.
8. Data residency & retention
Customer data is hosted in [DATA REGION, e.g. Azure Australia East]. Telemetry retention depends on plan (for example, evaluation plans retain a shorter window and enterprise plans up to 365 days). On termination or verified request, customer data is deleted or returned per the DPA.
9. Your rights
Depending on your location (e.g. GDPR, UK GDPR, CCPA/CPRA), you may have rights to access, correct, delete, export, or object to processing of your personal data. For account data, contact privacy@eqsentry.io. For telemetry processed on a customer's behalf, requests are directed to that customer (the controller).
10. International transfers
Where data is transferred across borders, we use appropriate safeguards such as Standard Contractual Clauses. [Confirm transfer mechanisms with counsel.]
11. Children
The service is for business use and is not directed to individuals under 16.
12. Changes
We may update this policy; material changes will be posted here with a revised effective date.
13. Contact
Privacy enquiries: privacy@eqsentry.io
[LEGAL ENTITY], [REGISTERED ADDRESS].