Caspint ("Caspint", "we", "us", or "the Platform") provides cyber threat-intelligence services to organizations, including monitoring of data exposed in third-party breaches and leaks. This Privacy Policy describes what personal data we collect, why, and the rights available to data subjects.
Caspint is a threat-intelligence platform operated for organizations based in Azerbaijan. For privacy questions or requests, contact us at [email protected].
We process two distinct categories of data:
We do not hack, breach, phish, or otherwise unlawfully obtain data, and we do not solicit, commission, or pay for the commission of any intrusion. Threat-intelligence data is collected from sources that are already public or otherwise lawfully available (open repositories, public forums and channels, and breach datasets circulating in the public domain). Our purpose in collecting it is defensive: to enable affected organizations to detect and remediate their own exposure.
We process account data to provide, secure, and administer the Platform. We process threat-intelligence data on the basis of our and our customers' legitimate interest in cybersecurity — namely, identifying and mitigating threats to the organizations we serve. We do not use exposed credentials to access any account or system, and we do not enable our users to do so.
We do not sell personal data. Threat-intelligence data is scoped to the customer organization whose domain it concerns. We share data only with: (a) the relevant customer; (b) service providers acting on our behalf under confidentiality obligations; and (c) authorities where required by law.
We retain account data for as long as an account is active and as required for security and legal purposes. Threat-intelligence data is retained for as long as it remains relevant to monitoring and historical exposure analysis, subject to removal requests below.
We apply administrative and technical safeguards including encryption in transit, hashed credentials, access controls, web-application firewalling, rate limiting, and automated abuse detection. No method of transmission or storage is fully secure, and we cannot guarantee absolute security.
Subject to applicable law, data subjects may request access to, correction of, or deletion of their personal data. If you believe your personal data appears in our threat-intelligence dataset and wish to request its removal, email [email protected] with sufficient detail to locate the record. We will review and action valid requests in accordance with applicable law.
Our infrastructure and processors may be located outside your country. Where data is transferred internationally, we take steps to ensure an appropriate level of protection.
We use a single, strictly necessary session cookie to keep you signed in. We do not use advertising or third-party tracking cookies.
We may update this Policy. Material changes will be reflected by the version and date above. Continued use after an update constitutes acceptance of the revised Policy.