Data Protection Notice | DigitalStakeout

1. Overview

DigitalStakeout, Inc. is committed to protecting the data entrusted to us by our customers. This Data Protection Notice describes our data handling practices, security measures, and commitments for data processed through the DigitalStakeout platform and services.

2. Data Categories

DigitalStakeout processes two categories of data: Customer Configuration Data (account settings, entity definitions, alert rules, and user preferences) and Intelligence Data (publicly available information collected from open sources including surface web, social media, dark web, and data broker sites as configured by the customer). We do not collect private communications or access non-public systems.

3. Data Processing

Intelligence data is collected from publicly available sources based on the customer's monitoring configuration. DARIA™ AI classifies collected data across 14 risk domains using automated threat classifiers. Customers control what entities are monitored, what alert thresholds are set, and how data is retained within their workspace.

4. Infrastructure and Hosting

The DigitalStakeout platform is hosted on US-based cloud infrastructure. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to production systems is restricted to authorized personnel through multi-factor authentication and role-based access controls.

5. Security Measures

DigitalStakeout maintains comprehensive security controls including regular security assessments and penetration testing, network-level and application-level monitoring, incident response procedures with defined escalation paths, employee background checks and security training, and secure software development practices.

6. Data Retention

Customer data is retained for the duration of the subscription term plus 30 days. Customers may request data export at any time. Upon termination of a subscription, data is securely deleted within 90 days unless longer retention is required by law or requested by the customer.

7. Sub-Processors

DigitalStakeout uses a limited number of sub-processors for infrastructure and service delivery. A current list of sub-processors is available upon request. Customers are notified of material changes to sub-processor relationships.

8. Incident Response

In the event of a security incident affecting customer data, DigitalStakeout will notify affected customers within 72 hours, provide details of the incident scope and remediation steps, cooperate with customer investigation and regulatory reporting requirements, and implement corrective measures to prevent recurrence.

9. Compliance

DigitalStakeout maintains security and compliance practices aligned with industry standards. For specific compliance questions or to request a Data Processing Agreement, contact us at info[at]digitalstakeout.com.

10. Contact

For data protection inquiries, contact info[at]digitalstakeout.com or visit our contact page.