Privacy Policy
Last updated: 14 June 2026
1. Introduction
This Privacy Policy explains how Armologic Ltd (company number 15518194), registered at 86-90 Paul Street, London, EC2A 4NE, United Kingdom ("we", "us", "our") collects, uses, stores, and protects your personal data when you use the ArmoSense platform and associated services (the "Service").
We are committed to protecting your privacy and processing your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.
2. Data Controller
Armologic Ltd is the data controller for personal data collected through the Service. For payment-related data, Paddle.com Market Limited acts as an independent data controller in its capacity as Merchant of Record.
3. What Data We Collect
3.1 Account Information
When you register for the Service, we collect:
- Full name and display name
- Email address
- Company/organisation name
- Password (stored as an Argon2id hash — we never store plaintext passwords)
3.2 Billing Information
Payment processing is handled entirely by Paddle. We do not collect, store, or have access to your credit card numbers or bank details. Paddle may collect:
- Payment method details (processed by Paddle)
- Billing address
- Transaction history
Please refer to Paddle's Privacy Policy for details on how they process payment data.
3.3 Security Telemetry Data
When ArmoSense Agents are deployed on your servers, they collect and transmit security-relevant data to the Control Plane, including:
- HTTP request metadata (method, path, headers, query parameters — NOT request bodies unless configured)
- Source IP addresses of incoming requests to your application
- Attack signatures and anomaly detection scores
- WAF rule match details
- Agent health and performance metrics
This data is collected solely for the purpose of providing security protection and threat analysis. IP addresses of attackers are logged for security purposes.
3.4 Usage Data
We automatically collect:
- Log-in timestamps and session duration
- Pages and features accessed within the dashboard
- Browser type and operating system
- IP address used to access the dashboard
3.5 Cookies
We use strictly necessary cookies for authentication and session management. We do not use advertising or tracking cookies. Our cookie usage is limited to:
- Authentication cookie: Maintains your logged-in session (HttpOnly, Secure, SameSite=Lax).
- Anti-forgery token: Prevents cross-site request forgery attacks.
- Theme preference: Stores your light/dark mode preference (localStorage, not a cookie).
4. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| Providing and operating the Service | Performance of contract (Art. 6(1)(b)) |
| Processing payments (via Paddle) | Performance of contract (Art. 6(1)(b)) |
| Security threat detection and prevention | Legitimate interest (Art. 6(1)(f)) |
| Account security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Service improvement and analytics | Legitimate interest (Art. 6(1)(f)) |
| Customer support | Performance of contract (Art. 6(1)(b)) |
| Legal compliance and audit | Legal obligation (Art. 6(1)(c)) |
5. Data Sharing
We share personal data only with:
- Paddle.com Market Limited: Payment processing (Merchant of Record).
- Infrastructure providers: We use DigitalOcean for hosting. Data is processed on servers located in the EU/EEA.
- Legal requirements: We may disclose data if required by law, court order, or government request.
We do not sell your personal data. We do not share data with advertisers or marketing partners. We do not use your Customer Data to train machine learning models on third-party data.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after deletion |
| Security telemetry | Per your subscription tier (7–365 days) |
| Alert data | Per your subscription tier (30–365 days) |
| Audit logs | 2 years |
| Payment records | 7 years (legal requirement) |
7. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption in transit (TLS 1.3) and at rest
- Argon2id password hashing
- Row-level security (RLS) for multi-tenant data isolation
- Mutual TLS (mTLS) for Agent-to-Control Plane communication
- Ed25519 digital signatures for bundle integrity
- Regular security assessments and penetration testing
- Access controls and audit logging
8. International Data Transfers
Your data is primarily stored and processed within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
9. Your Rights
Under the UK GDPR, you have the following rights:
- Right of Access: Request a copy of your personal data.
- Right to Rectification: Request correction of inaccurate data.
- Right to Erasure: Request deletion of your personal data ("right to be forgotten").
- Right to Restriction: Request restriction of processing.
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interest.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, please contact us at privacy@armologic.com. We will respond within 30 days.
10. Children's Privacy
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.
12. Supervisory Authority
If you are not satisfied with our handling of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- https://ico.org.uk
- Phone: 0303 123 1113
13. Contact Us
For privacy-related enquiries:
- Armologic Ltd
- 86-90 Paul Street
- London, EC2A 4NE
- United Kingdom
- Email: privacy@armologic.com
- Web: armologic.com