Question 1

1. Information We Collect

Accepted Answer

Armorstack, LLC collects information you provide directly (name, email, phone, company, role, service interests) when you request a consultation, download resources, subscribe to communications, or engage our services. We also collect information automatically through cookies and similar technologies: IP address, browser type, device identifiers, pages visited, referring URL, and engagement metrics. For clients, we collect information necessary to deliver contracted services, which may include technical data from monitored systems, configuration details, and security event telemetry.

Question 2

2. Lawful Basis for Processing (GDPR)

Accepted Answer

For individuals in the European Economic Area, United Kingdom, or Switzerland, we process personal data under one or more of these lawful bases: (a) consent, which you may withdraw at any time; (b) contract, where processing is necessary to deliver services you requested; (c) legitimate interests, balanced against your rights, including business development, service improvement, and security operations; (d) legal obligation, where required by applicable law. Where we rely on legitimate interests, you may object and we will evaluate the request.

Question 3

3. How We Use Your Information

Accepted Answer

We use collected information to deliver services you engaged us for, respond to inquiries, send requested communications including newsletters and service updates, administer accounts and billing, protect against fraud and security threats, improve our offerings and site experience, and comply with legal obligations. For marketing communications, we rely on your consent or legitimate interest, and every commercial message includes a one-click unsubscribe mechanism.

Question 4

4. Sharing of Information

Accepted Answer

We share information only as necessary: with subprocessors and technology providers (CRM, email delivery, analytics, payment processing) bound by written data protection agreements; with professional advisors (legal, accounting, insurance) under confidentiality obligations; with business partners when you engage services that involve joint delivery, with notice; with law enforcement or regulators when legally required or to protect rights, safety, or property; and in connection with a merger, acquisition, or asset sale, with appropriate notice. We do not sell personal information.

Question 5

5. Your Privacy Rights

Accepted Answer

Depending on your location, you may have rights to: access the personal data we hold about you; correct inaccurate or incomplete data; delete your data subject to retention obligations; restrict or object to certain processing; receive your data in a portable format; withdraw consent where processing is consent-based; and lodge a complaint with a supervisory authority. Wisconsin, California, and other state residents have additional statutory rights. To exercise any right, email privacy@armorstack.ai — we respond within 30 days (or as required by applicable law).

Question 6

6. Data Security

Accepted Answer

Armorstack is a Managed Intelligence Provider — security is the core of what we deliver. We implement administrative, technical, and physical safeguards including: role-based access control, multi-factor authentication on all privileged accounts, encryption in transit (TLS 1.2+) and at rest (AES-256), continuous monitoring via our SENTRY SOC, vulnerability management, employee security training, and documented incident response procedures aligned to NIST CSF 2.0. No method of transmission or storage is 100% secure; we continuously improve our controls and will notify you promptly of any incident that materially affects your data.

Question 7

7. Data Retention

Accepted Answer

We retain personal data only as long as necessary for the purposes collected, or as required by law, contract, or legitimate business need. Marketing contacts: until you unsubscribe or request deletion. Client service records: term of engagement plus seven years for tax, audit, and statute-of-limitations compliance. Security telemetry: per contracted retention in the applicable Master Services Agreement, typically 90–365 days for operational data and longer for incident evidence. Backups are retained on rotation and overwritten on schedule.

Question 8

8. International Data Transfers

Accepted Answer

Armorstack is headquartered in Waukesha, Wisconsin, United States. If you are located outside the U.S., your information will be transferred to, stored, and processed in the U.S. Where we transfer personal data from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) or other valid transfer mechanisms, and we evaluate the recipient jurisdiction's legal regime. You may request a copy of the safeguards in place by contacting privacy@armorstack.ai.

Question 9

9. Changes to This Policy

Accepted Answer

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or service offerings. Material changes will be communicated through the site, via email to active clients, or through other reasonable means. The effective date at the top of the policy reflects the last revision. Continued use of our site or services after notice constitutes acceptance of the updated policy.

Question 10

10. Data Breach Notification

Accepted Answer

If we discover a security incident that compromises your personal data, we will notify affected individuals and applicable regulators within timeframes required by law: 72 hours for GDPR-covered EU/UK residents, timelines set by Wisconsin Statute §134.98 and HIPAA §164.404 for U.S. residents, and per any contractual commitments to clients. Notifications describe the nature of the incident, data affected, mitigation steps taken, and recommended actions for affected individuals. Our Incident Response team is staffed 24/7.

Question 11

11. Contact Us

Accepted Answer

For privacy questions, rights requests, or concerns about this policy, contact: Armorstack, LLC — Attention: Privacy Officer — Waukesha, Wisconsin — Email: privacy@armorstack.ai — Phone: (877) 890-5508. We respond to privacy inquiries within five business days and complete formal rights requests within 30 days (or sooner where required by law).

Question 12

12. Additional Disclosures

Accepted Answer

California residents (CCPA/CPRA): you may request disclosure of categories and specific pieces of personal information collected, sold, or shared in the prior 12 months; request deletion; opt out of sale or sharing (we do not sell); and limit use of sensitive personal information. Non-discrimination: we will not deny service, charge different prices, or provide different quality for exercising your rights. Nevada residents: we do not sell personal information as defined under Nevada law. Do Not Track: our site does not respond to browser DNT signals; use the cookie consent interface to manage preferences.

Topic	Other Armorstack Services	InboxSentry
Email content storage	May be reviewed by Armorstack personnel under MSA	On-device only, encrypted at rest, never transmitted to Armorstack
Mailbox credentials	May be provisioned for service technicians	OAuth-only; tokens never stored on device in plaintext
AI processing	Generally not applicable	Email metadata sent to Anthropic Claude for triage; full bodies only on user-requested reply drafts
Data residency	United States (Armorstack infrastructure)	On-device for email content; minimal metadata in U.S. infrastructure
Data subject access	Per MSA	Self-serve via the application; uninstall = full deletion of local data

Sub-Processor	Purpose	Data Handled	Region
Stripe, Inc.	Payment processing	Email, billing details	United States
Anthropic, PBC	AI inference (Claude API)	Email metadata; reply context on user request	United States
Google LLC	OAuth provider (Gmail)	OAuth grant	United States
Microsoft Corporation	OAuth provider (Outlook/M365)	OAuth grant	United States
Cloudflare, Inc.	CDN delivery of installer + manifest	IP address (transient)	Global edge
Base44	Serverless backend hosting	License + token data	United States

1. Information We Collect

2. Lawful Basis for Processing (GDPR)

3. How We Use Your Information

4. Sharing of Information

5. Your Privacy Rights

6. Data Security

7. Data Retention

8. International Data Transfers

9. Changes to This Policy

10. Data Breach Notification

11. Contact Us

12. Additional Disclosures

Variance Summary

1. Information InboxSentry Collects

2. InboxSentry Sub-Processors

3. Your Rights for InboxSentry Data

4. Data Retention

5. Security Posture

6. Brand Separation Notice

7. Contact for InboxSentry-specific Privacy Inquiries

Privacy Policy

1. Information We Collect

2. Lawful Basis for Processing (GDPR)

3. How We Use Your Information

4. Sharing of Information

5. Your Privacy Rights

6. Data Security

7. Data Retention

8. International Data Transfers

9. Changes to This Policy

10. Data Breach Notification

11. Contact Us

12. Additional Disclosures

InboxSentry Privacy Addendum

Variance Summary

1. Information InboxSentry Collects

2. InboxSentry Sub-Processors

3. Your Rights for InboxSentry Data

4. Data Retention

5. Security Posture

6. Brand Separation Notice

7. Contact for InboxSentry-specific Privacy Inquiries