Privacy Policy

Last Updated: January 16, 2026

DCE Infosec LLC ("Company," "we," "us," or "our") operates HAYANALYSIS, an AI-powered Security Information and Event Management (SIEM) platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

Key Privacy Commitments:
  • We do NOT sell your personal information
  • We do NOT train AI models on your security data
  • We do NOT share your data across tenants
  • With BYODb, your data NEVER leaves your infrastructure

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, company name, job title, phone number, and contact details when you register, request a demo, or communicate with us.
  • Payment Information: Billing details processed through secure third-party payment processors (Stripe, etc.). We do not store full credit card numbers.
  • Communications: Information you provide when contacting support, participating in surveys, or communicating with us via email, chat, or phone.
  • Configuration Data: Settings, preferences, detection rules, workflow configurations, and custom integrations you create within the platform.
  • Feedback: Product feedback, feature requests, and bug reports you submit.

1.2 Information Collected Automatically

  • Usage Data: How you interact with our platform, features used, frequency of use, and performance metrics.
  • Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
  • Log Data: Access logs, error logs, and system event logs related to your use of the platform.
  • Cookies and Tracking: We use cookies, pixels, and similar technologies for authentication, preferences, analytics, and marketing. See Section 13 for details.

1.3 Information We Do NOT Collect

  • With BYODb architecture, we do NOT collect, store, or retain your security logs or event data.
  • We do NOT access the content of your AI prompts when using Bring Your Own LLM.
  • We do NOT collect biometric data, genetic data, or health information.

2. Deployment Options and Data Handling

HAYANALYSIS offers flexible deployment options, each with different data handling practices:

2.1 SaaS (Cloud-Hosted) Deployment

  • Tenant Separation: All SaaS deployments are strictly tenant-separated. Your data, configurations, and environment are logically isolated from other customers using dedicated resources and encryption keys.
  • Platform Data: We store account information, configurations, detection rules, and platform usage data on our secure infrastructure.
  • Security Data Options: Even in SaaS mode, you have flexibility:
    • Connect your own databases (BYODb) — security data stays in your infrastructure
    • Use our managed storage — data is encrypted and tenant-separated
    • Hybrid approach — combine both options based on your needs
  • AI/LLM Processing: You may choose to:
    • Use our hosted AI models for query generation and analysis
    • Connect your own AI/LLM models (Azure OpenAI, AWS Bedrock, self-hosted models, etc.)
  • Data Location: SaaS data is stored in US, EU, or APAC regions based on your selection. Contact us for specific data center locations.

2.2 Self-Hosted (On-Premise/Private Cloud) Deployment

  • Complete Data Control: All data, including security logs, configurations, and AI processing, remains entirely within your infrastructure.
  • No Data Transmission: We do not receive, store, or process any of your security data.
  • Your AI Models: Use your own AI/LLM models with complete control over data processing.
  • License Validation: Minimal license validation data may be transmitted (license key, version, feature usage counts). This can be disabled for air-gapped deployments.
  • Telemetry (Optional): You may opt-in to share anonymized usage telemetry to help improve the product. This is disabled by default and can be completely turned off.

2.3 BYODb (Bring Your Own Database) Architecture

Important: With our BYODb architecture, available in both SaaS and self-hosted deployments:

  • Your security logs and event data remain in YOUR infrastructure.
  • HAYANALYSIS queries your databases in real-time and processes data in memory.
  • We do not store, copy, cache, or retain your security data on our servers.
  • Query results are transmitted over encrypted connections and discarded after display.
  • You maintain full control over data retention, storage locations, encryption, and access.
  • Database credentials are encrypted at rest using HSM-backed keys and are never logged.

3. Tenant Separation and Isolation

For SaaS deployments, we implement strict tenant separation:

  • Logical Isolation: Each customer's data is logically separated using unique tenant identifiers and access controls.
  • Encryption Separation: Each tenant has dedicated encryption keys managed via AWS KMS / Azure Key Vault.
  • Network Isolation: Network-level controls, security groups, and VPC configurations prevent cross-tenant data access.
  • Compute Isolation: Tenant workloads are isolated at the container/pod level.
  • Access Controls: Role-based access control (RBAC) ensures users can only access their organization's data.
  • Audit Logging: All access is logged with tenant context and available for your review.
  • No Cross-Tenant Data Sharing: We never share, aggregate, or combine data across tenants for any purpose.

4. How We Use Your Information

  • Provide, operate, maintain, and improve our services
  • Process transactions and send related information (invoices, receipts)
  • Send technical notices, updates, security alerts, and support messages
  • Respond to inquiries, comments, and requests for customer support
  • Monitor and analyze usage patterns, trends, and activities
  • Detect, investigate, and prevent fraudulent transactions and abuse
  • Comply with legal obligations, enforce our terms, and protect our rights
  • Personalize and improve your experience with the platform
  • Send promotional communications (with your consent, where required)

5. AI/LLM Data Processing

5.1 Our Hosted AI Models

  • Query data and prompts are processed in memory and NOT retained after processing.
  • We do NOT train, fine-tune, or improve our AI models using your data.
  • AI processing occurs in the same region as your data deployment.
  • Results are transmitted over encrypted connections and not logged.

5.2 Bring Your Own LLM

  • When you connect your own AI/LLM models, all prompts and responses flow directly between HAYANALYSIS and your AI service.
  • We do NOT intercept, log, store, or have visibility into your prompts or AI responses.
  • Your AI provider's privacy policy governs their handling of your data.
  • You are responsible for compliance with your AI provider's acceptable use policies.

5.3 No AI Training on Customer Data

We explicitly commit: Regardless of deployment option, we NEVER use your security data, queries, configurations, or any customer content to train, improve, or develop AI/ML models. This includes:

  • No training on your security logs or event data
  • No training on your detection rules or configurations
  • No training on your queries or search patterns
  • No training on your incident data or investigation content
  • No sharing of any training data across customers

6. Information Sharing and Disclosure

We do not sell your personal information. We may share information with:

6.1 Service Providers (Sub-processors)

Third parties who assist in operating our platform, subject to confidentiality obligations:

  • Cloud Infrastructure: AWS, Azure, Google Cloud (data hosting)
  • Payment Processing: Stripe (billing)
  • Analytics: Google Analytics, Mixpanel (anonymized usage)
  • Support: Zendesk, Intercom (customer communications)
  • Email: SendGrid, Mailchimp (transactional and marketing emails)

A complete list of sub-processors is available upon request or in our Trust Center.

6.2 Legal Requirements

We may disclose information when required by law, court order, subpoena, or other legal process, or when we believe disclosure is necessary to:

  • Comply with applicable law or legal obligations
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of our users or others
  • Investigate potential violations of our Terms of Service

We will notify you of legal requests unless prohibited by law or court order.

6.3 Business Transfers

In connection with mergers, acquisitions, reorganizations, or asset sales, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

6.4 With Your Consent

We may share information with third parties when you explicitly consent to such sharing.

7. Data Security

We implement comprehensive security measures including:

  • Encryption in Transit: TLS 1.3 for all data transmissions
  • Encryption at Rest: AES-256 encryption with tenant-specific keys
  • Key Management: HSM-backed key management via cloud KMS
  • Access Controls: Multi-factor authentication, SSO, RBAC
  • Network Security: WAF, DDoS protection, network segmentation
  • Monitoring: 24/7 security monitoring and alerting
  • Testing: Annual penetration tests by third parties
  • Compliance: SOC 2 Type II certified

8. Data Retention

  • Account Data: Retained while your account is active and for 90 days after termination to allow for reactivation. Deleted upon request.
  • Security Data (BYODb): Retained in your infrastructure according to your policies — we have no control over this data.
  • Security Data (SaaS Managed): Retained according to your configured retention policy (default: 90 days). You may request immediate deletion.
  • Usage Logs: Retained for 12 months for security and operational purposes.
  • Backup Data: Backups are retained for 30 days and then permanently deleted.
  • Legal Hold: Data subject to legal hold may be retained longer as required.

9. Data Deletion

Upon account termination or deletion request:

  • Account data is deleted within 30 days
  • Backups containing your data are purged within 90 days
  • You may request immediate deletion by contacting privacy@hayanalysis.com
  • We will provide written confirmation of deletion upon request
  • Some data may be retained if required by law or for legitimate business purposes (fraud prevention)

10. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of personal information we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal information ("right to be forgotten")
  • Restriction: Request limitation of processing of your data
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests or for marketing
  • Withdraw Consent: Withdraw previously given consent at any time
  • No Automated Decisions: Not be subject to decisions based solely on automated processing

To exercise these rights, contact privacy@hayanalysis.com. We will respond within 30 days (or as required by applicable law).

11. International Data Transfers

If you are located outside the United States, your information may be transferred to, stored, and processed in the United States or other countries. We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all sub-processors
  • EU-US Data Privacy Framework certification (where applicable)
  • Regional data residency options (EU, APAC) for SaaS deployments

12. GDPR Compliance (EEA Users)

For users in the European Economic Area (EEA), we process data in accordance with GDPR:

  • Legal Basis: We process data based on contract performance, legitimate interests, consent, or legal obligations.
  • Data Controller: DCE Infosec LLC is the data controller for account and platform usage information.
  • Data Processor: We act as data processor for security data in SaaS managed storage.
  • DPA: Data Processing Agreements are available for enterprise customers.
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

13. CCPA Compliance (California Residents)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the "sale" of personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights
  • Authorized Agent: You may designate an authorized agent to make requests on your behalf

To exercise CCPA rights, email privacy@hayanalysis.com or call [phone number].

14. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Required for platform functionality, authentication, and security
  • Analytics Cookies: Help us understand how you use our platform (Google Analytics)
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Used to deliver relevant advertisements (with consent)

You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may affect platform functionality.

15. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected personal information from a child under 18, we will delete it promptly. If you believe we have collected information from a child, please contact us at privacy@hayanalysis.com.

16. Security Incident Notification

In the event of a security incident affecting your personal data:

  • We will notify affected customers within 72 hours of becoming aware of the incident
  • Notification will include the nature of the incident, data affected, and remediation steps
  • We will cooperate with any investigations and provide updates as available
  • We will notify relevant supervisory authorities as required by law

17. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last Updated" date
  • Sending email notification for material changes
  • Displaying a prominent notice in the platform

Your continued use of our services after changes constitutes acceptance of the updated policy.

18. Contact Us

For privacy-related inquiries, data requests, or complaints:

DCE Infosec LLC
Privacy Team
Email: privacy@hayanalysis.com
Website: www.hayanalysis.com/privacy

Data Protection Officer:
Email: dpo@hayanalysis.com

We will respond to all inquiries within 30 days.