Privacy Policy

Last updated: March 2026 · Effective immediately

We take your privacy seriously. This policy explains exactly what data we collect, why, and how we protect it.
1. Data Controller

SOC Report AI is operated by Matias Ignacio Acuña, RUT 19.924.822-7, Chile.
Contact: socreportai@gmail.com

2. Data We Collect

Account data:

  • Email address, username, organization name
  • Password (hashed — never stored in plain text)
  • Subscription plan and billing history

Incident data (submitted by you):

  • Incident titles, descriptions, affected systems
  • IP addresses (source and destination)
  • Indicators of Compromise (IOCs)
  • Analyst notes and observations
  • AI-generated report content

Technical data:

  • IP address (for security and rate limiting only)
  • Browser user agent (for security logging)
  • Login timestamps and actions (audit log)
3. How We Use Your Data
  • To provide and operate the SOC Report AI service
  • To generate AI-powered incident reports on your behalf
  • To detect and prevent fraud, abuse, and security threats
  • To communicate service updates and billing information
  • We do NOT sell your data to third parties
  • We do NOT use your incident data for advertising
4. Third-Party Services

Your incident data is processed by the following third parties to deliver the service:

ServicePurposeData sharedPrivacy policy
Anthropic (Claude API) AI report generation Incident descriptions (IPs anonymized) anthropic.com/privacy
Render.com Cloud hosting (USA) All application data render.com/privacy
5. Data Security
  • All sensitive incident data is encrypted at rest using AES-256
  • All data is transmitted over HTTPS (TLS)
  • IP addresses submitted in reports are anonymized before AI processing
  • Access is protected by rate limiting and brute-force detection
  • Security events are logged in an immutable audit trail
6. Data Retention
  • Incident reports are retained for 90 days then automatically deleted
  • Account data is retained while your account is active
  • Audit logs are retained for 1 year for security purposes
  • You can request immediate deletion at any time (see Section 7)
7. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Deletion (Right to be Forgotten): Delete your account and all associated data via Settings → Delete Account
  • Portability: Request an export of your data
  • Objection: Object to data processing
  • To exercise any of these rights, email socreportai@gmail.com
8. Cookies

We use only essential session cookies required for authentication and security (CSRF protection). We do not use advertising or tracking cookies.

9. Children's Privacy

SOC Report AI is intended for cybersecurity professionals. We do not knowingly collect data from anyone under 18 years of age.

10. Changes to This Policy

We may update this policy periodically. We will notify users of material changes via email.

11. Contact

For privacy-related inquiries:
socreportai@gmail.com
Matias Ignacio Acuña · Santiago, Chile