Privacy Policy
Last updated July 2026
Your trust matters to us. This Policy describes what information Tyrian collects and how we use and protect it.
01Scope
This Privacy Policy explains how Tyrian collects, uses, discloses, and protects information in connection with our websites and platform. It applies to personal data we process as a controller. Where we process Customer Data on your behalf, we act as a processor under your instructions and the Terms of Service.
02Information we collect
- Account information: name, work email, organization, and role, provided at sign-up or via your SSO identity provider.
- Usage data: log and telemetry data about how you interact with the Service, including sessions, provisioning actions, and audit events.
- Lab and evidence data: scenario definitions, captured screenshots, generated reports, and related metadata you create in the Service.
- Billing data: subscription and usage records processed through our payment provider. We do not store full payment card numbers.
03How we use information
We use information to provide, secure, and improve the Service; to authenticate users and enforce the Acceptable Use Policy; to meter compute usage and process billing; to provide support; and to comply with legal obligations. We do not sell personal data.
04Sharing and subprocessors
We share information with service providers that help us operate the Service — including cloud infrastructure (AWS), payment processing, and analytics — under contractual confidentiality and data-protection obligations. We may disclose information where required by law or to protect the rights, safety, and security of the Service and its users.
05Data retention
We retain personal data for as long as needed to provide the Service and to meet legal, audit, and security obligations. Labs are ephemeral and are torn down after a session ends; evidence and reports are retained per your account settings and plan.
06Security
We apply administrative, technical, and organizational measures appropriate to the risk, including tenant isolation, least-privilege access, encryption in transit, and immutable audit logging. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
07International transfers
We may process information in countries other than your own. Where required, we implement appropriate safeguards for cross-border transfers. Enterprise and MSSP customers may request specific data-residency arrangements.
08Your rights
Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal data, and to data portability. To exercise these rights, contact us at privacy@tyrian.io. If you access the Service through an organization, please direct requests to that organization where appropriate.
09Cookies and analytics
Our websites use essential cookies and privacy-respecting analytics to understand usage and improve the experience. You can control cookies through your browser settings; disabling some cookies may affect functionality.
10Changes and contact
We may update this Policy from time to time; material changes will be communicated through the Service or by email. For any privacy question or request, contact privacy@tyrian.io.