Privacy Policy

Last Updated: December 25, 2025

1. Introduction

CoreVista Technologies Inc ("we", "our", or "CoreVista") values your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information.

This policy applies to all personal information collected through our website, products, and services. By using our services, you consent to the practices described in this Privacy Policy.

We are committed to transparency and compliance with global data protection regulations including GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), and other applicable privacy laws.

2. Information We Collect

2.1 Personal Information

We collect the following categories of personal information:

• Identity information: Full name, job title, company name, department
• Contact information: Email address, phone number, business address, postal code
• Account information: Username, password (encrypted with bcrypt/argon2), security questions
• Billing information: Payment method, billing address (processed via PCI-DSS compliant providers)
• Technical information: IP address, browser type, operating system, device identifiers

2.2 Automatically Collected Data

When you use our services, we automatically collect:

• Usage data: Access logs, feature usage, session duration, pages visited
• Security logs: Login attempts, authentication events, security incidents
• Performance metrics: Response times, error rates, system health indicators
• Cookie data: See our Cookie Policy for detailed information

2.3 Security Event Data

As a cybersecurity provider, we collect security-related information including threat indicators, malware samples (anonymized), network traffic patterns, and vulnerability scan results. This data is essential for protecting our clients.

3. How We Use Your Information

We process your personal information for the following legitimate purposes:

3.1 Service Delivery

• Provision of cybersecurity services and products
• Account creation, management, and authentication
• 24/7 security monitoring and threat detection
• Incident response and security remediation
• Security reporting and compliance documentation

3.2 Service Improvement

• Analyzing usage patterns to enhance product features
• Security research and threat intelligence development
• Training AI/ML models for improved threat detection
• Optimizing system performance and reliability

3.3 Communication

• Providing customer support and technical assistance
• Sending security alerts and critical notifications
• Product updates and new feature announcements
• Marketing communications (with your consent, opt-out available)

3.4 Legal and Compliance

• Complying with legal obligations and regulatory requirements
• Enforcing our terms of service and protecting our rights
• Preventing fraud, abuse, and security threats
• Conducting audits and maintaining compliance certifications

4. Data Protection Measures

We implement comprehensive security measures to protect your personal information:

4.1 Encryption and Security

• Data in transit: TLS 1.3 encryption for all network communications
• Data at rest: AES-256 encryption for stored data
• Password security: Bcrypt/Argon2 hashing with salting
• Database encryption: Transparent Data Encryption (TDE)
• Encrypted backups with offsite storage

4.2 Access Controls

• Role-Based Access Control (RBAC) for all systems
• Multi-Factor Authentication (MFA) required for employees
• Least privilege principle enforced organization-wide
• Segregation of duties for sensitive operations
• Quarterly access reviews and permissions audits

4.3 Monitoring and Detection

• 24/7 security operations center (SOC) monitoring
• SIEM (Security Information and Event Management) systems
• Intrusion detection and prevention systems (IDS/IPS)
• Behavioral anomaly detection and alerting
• Comprehensive audit logging and log retention

4.4 Testing and Validation

• Annual third-party penetration testing
• Quarterly vulnerability assessments
• Secure code reviews and SAST/DAST scanning
• Disaster recovery drills and incident simulations

5. Data Sharing and Disclosure

We never sell, rent, or trade your personal information to third parties for marketing purposes.

5.1 Service Providers

We share data with trusted third-party service providers who assist us:

• Cloud infrastructure providers (AWS, Azure, GCP) - data hosting
• Payment processors (Stripe) - billing and subscriptions
• Analytics providers - service improvement (only with consent)
• Email service providers - transactional communications

All service providers are bound by strict data processing agreements (DPAs) and GDPR-compliant terms.

5.2 Legal Requirements

We may disclose your information when required by law:

• In response to valid legal process (subpoenas, court orders)
• To comply with government investigations or requests
• To protect our rights, property, or safety
• In emergency situations to protect personal safety

5.3 Business Transfers

In the event of a merger, acquisition, or asset sale, your personal information may be transferred. We will notify you of any such change and your options.

6. International Data Transfers

CoreVista is based in the United States. We may transfer, store, and process your information in the US and other countries where we operate.

When transferring data from the EU/EEA, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Reliance on adequacy decisions where applicable
• Compliance with EU-US and Swiss-US Privacy Shield principles
• Enhanced encryption for cross-border data transfers

7. Your Privacy Rights

Depending on your location, you have the following privacy rights:

7.1 GDPR Rights (EU/EEA/UK)

• Right of access: Request a copy of your personal data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your data ("right to be forgotten")
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a structured format
• Right to object: Object to certain types of processing
• Right to withdraw consent: Revoke previously given consent
• Right to lodge a complaint: File a complaint with a supervisory authority

7.2 CCPA Rights (California)

• Right to know: What personal information we collect and how we use it
• Right to delete: Request deletion of your personal information
• Right to opt-out: Opt out of the sale of personal information (we don't sell data)
• Right to non-discrimination: Equal service regardless of rights exercise

7.3 Exercising Your Rights

To exercise any of these rights, contact us at privacy@corevistech.com. We will respond within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before processing your request.

8. Data Retention

We retain your personal information only as long as necessary:

• Active accounts: Data retained while your account is active
• Terminated accounts: Personal data deleted within 90 days unless legally required to retain
• Security logs: Retained for 2 years for security analysis and compliance
• Billing records: Retained for 7 years per tax and accounting regulations
• Legal holds: Data preserved when subject to legal requirements

After the retention period, we securely delete or anonymize your data beyond recovery.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. Our Cookie Policy provides detailed information about:

• Types of cookies we use (essential, functional, analytics)
• Purpose and duration of each cookie
• Third-party cookies and integrations
• How to control and manage cookies

You can manage cookie preferences through your browser settings or our cookie consent banner.

10. Children's Privacy

Our services are intended for business use and not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.

If we discover that we have inadvertently collected information from a child under 18, we will delete it immediately. If you believe we have collected such information, please contact us at privacy@corevistech.com.

11. Data Breach Notification

In the unlikely event of a data breach involving your personal information, we will:

• Notify affected individuals within 72 hours of discovery (GDPR requirement)
• Report to relevant supervisory authorities as required by law
• Provide details about the nature and extent of the breach
• Outline measures taken to mitigate harm and prevent recurrence
• Recommend steps you can take to protect yourself

Our incident response team is available 24/7 to address security incidents promptly.

12. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations.

Material changes will be communicated via:

• Email notification to registered users
• Prominent notice on our website
• Updated "Last Updated" date at the top of this policy

Continued use of our services after notification constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

CoreVista Technologies Inc
Data Protection Officer
19266 Coastal Hwy
Rehoboth Beach, DE 19971
United States

Email: privacy@corevistech.com
Support: support@corevistech.com
Phone: +39 3444102587

For EU/EEA data protection inquiries, our EU representative can be contacted at: eu-privacy@corevistech.com

14. Related Policies

For additional information about our practices, please review:

• Cookie Policy
• Terms & Conditions