Privacy Policy

Last updated: April 3, 2026

Evera48 LLC ("we," "us," "our") operates SOC·AI (soc-ai.app), an AI-powered detection engineering platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our service.

1. Data Controller

Evera48 LLC is the data controller for personal data processed through SOC·AI. For privacy inquiries, contact us at trysoc-ai@proton.me.

2. Personal Data We Collect

Category	Data	Purpose
Account Data	Email address, hashed password	Authentication, account management
Usage Data	Query count, module usage, timestamps	Rate limiting, analytics, service improvement
Payment Data	Processed by Stripe; we store Stripe customer ID only	Subscription management
User-Submitted Content	Security logs, queries, detection rules you submit	AI processing to generate responses
Technical Data	IP address, browser type, device info	Security, fraud prevention

3. Lawful Basis for Processing (GDPR Article 6)

Contract performance — Processing your account data and queries is necessary to provide the SOC·AI service you signed up for.
Legitimate interest — Usage analytics, fraud prevention, and service improvement.
Consent — Non-essential cookies (if any) require your explicit consent.
Legal obligation — Tax records, fraud prevention, law enforcement requests.

4. AI Sub-Processor Disclosure

SOC·AI uses Anthropic (Claude) as its AI processing engine. When you submit a query, your input is sent to Anthropic's API for processing. Anthropic's data handling:

Anthropic does not use API inputs/outputs to train its models.
API inputs may be retained for up to 30 days for safety monitoring, then deleted.
Anthropic is based in the United States.

Important: Do not submit data classified above "internal use" without organizational approval. SOC·AI is designed as a learning and productivity tool, not a classified data processing system.

5. Data Retention

Account data: Retained while your account is active; deleted within 30 days of account deletion.
Query logs: Aggregated usage counts retained for analytics; individual query content is not stored by SOC·AI after the AI response is delivered.
Payment records: Retained per applicable tax law (typically 7 years).

6. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

Access — Request a copy of your personal data.
Rectification — Correct inaccurate data.
Erasure — Request deletion of your data ("right to be forgotten").
Restriction — Restrict processing in certain circumstances.
Portability — Receive your data in a structured, machine-readable format.
Objection — Object to processing based on legitimate interest.
Withdraw consent — Where processing is based on consent.

To exercise any right, email trysoc-ai@proton.me with the subject line "Data Rights Request." We will respond within 30 days.

7. International Data Transfers

SOC·AI is hosted in the United States. If you are located in the EEA, UK, or other regions with data transfer restrictions, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) as the legal mechanism for such transfers where applicable.

8. Data Security

We implement security measures including: NIST SP 800-63B compliant password requirements, bcrypt password hashing via Supabase Auth, HTTPS encryption in transit, Row Level Security (RLS) on all database tables, and HMAC-verified Stripe webhooks. However, no system is 100% secure, and we cannot guarantee absolute security.

9. Cookies

SOC·AI uses essential cookies only for authentication session management. We do not use analytics or advertising cookies. If this changes, we will implement a consent mechanism before deploying any non-essential cookies.

10. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA/CPRA:

Right to know what personal data is collected and how it is used.
Right to delete your personal data.
Right to opt out of the sale or sharing of personal data.
Right to non-discrimination for exercising your privacy rights.

We do not sell or share your personal data. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link.

11. Children

SOC·AI is not directed at individuals under 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

12. Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (per GDPR Article 33) and affected individuals without undue delay where required.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users via email of material changes. Continued use of the service after changes constitutes acceptance.

14. Contact

Evera48 LLC
Email: trysoc-ai@proton.me
Subject: Privacy Inquiry

SOC·AI is a product of Evera48 LLC. This privacy policy should be reviewed by qualified legal counsel.