AI Threat Alert
Privacy Policy
Last updated: March 22, 2026
AI Threat Intelligence ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website and services.
We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
AI Threat Intelligence
Contact: privacy@aithreatalert.com
2. Data We Collect
We collect the following categories of personal data:
2.1 Account Data
When you create an account, we collect your email address and name. Authentication is handled by our third-party provider, Clerk. We do not store your password directly.
2.2 Payment Data
Payment processing is handled entirely by Stripe. We receive confirmation of your subscription status and billing history, but we never store, process, or have access to your credit card number or full payment details. For more information, see Stripe's Privacy Policy.
2.3 Usage Data
We use Plausible Analytics, a privacy-focused analytics tool that does not use cookies and does not collect personal data. Plausible collects aggregated, anonymous usage statistics only. No individual user tracking occurs. For details, see Plausible's Data Policy.
2.4 Preferences and Configuration
If you use our paid service, we store your preferences such as AI/ML stack filters, alert settings, and notification preferences to deliver a personalized threat intelligence experience.
2.5 Newsletter Data
If you subscribe to our newsletter, we collect your email address. You can unsubscribe at any time using the link provided in every email.
3. Purpose of Processing
We process your personal data for the following purposes:
- Service delivery — providing access to threat intelligence feeds, alerts, compliance reports, and dashboard features
- Billing and subscription management — processing payments, managing trials, and handling invoices through Stripe
- Security alerts — sending breaking CVE alerts and incident notifications based on your configured preferences
- Newsletter — delivering our weekly CISO digest and security intelligence updates
- Service improvement — understanding aggregate usage patterns to improve our product (via privacy-friendly analytics only)
- Legal compliance — fulfilling our legal obligations under applicable laws and regulations
4. Legal Basis for Processing
Under the GDPR, we rely on the following legal bases:
Contract Performance (Art. 6(1)(b) GDPR)
Processing your account data, preferences, and payment information is necessary to provide the services you have subscribed to.
Legitimate Interest (Art. 6(1)(f) GDPR)
We have a legitimate interest in analyzing aggregate, anonymous usage data to improve our service, and in ensuring the security and integrity of our platform.
Consent (Art. 6(1)(a) GDPR)
Where you have subscribed to our newsletter or opted in to non-essential communications, we process your data based on your consent. You may withdraw consent at any time.
Legal Obligation (Art. 6(1)(c) GDPR)
We may process data to comply with legal obligations, such as tax and accounting requirements related to payments.
5. Data Retention
- Account data — retained for as long as your account is active. Upon account deletion, your personal data is removed within 30 days, except where retention is required by law.
- Payment records — retained as required by applicable tax and accounting laws (typically up to 7 years for financial records).
- Newsletter subscriptions — retained until you unsubscribe. Upon unsubscription, your email is removed from our mailing lists within 7 days.
- Usage analytics — Plausible retains only aggregate, anonymous data. No personal data is stored.
You may request deletion of your data at any time by contacting us at privacy@aithreatalert.com.
6. Third-Party Processors
We use the following third-party service providers to operate our platform. Each processor has been selected for their compliance with applicable data protection standards:
| Provider | Purpose | Location |
|---|---|---|
| Clerk | Authentication and user management | United States |
| Stripe | Payment processing and subscription billing | United States |
| Resend | Transactional and newsletter email delivery | United States |
| Plausible | Privacy-friendly website analytics (no cookies, no personal data) | European Union |
| Hetzner | Server infrastructure and data hosting | European Union (Germany) |
We maintain Data Processing Agreements (DPAs) with all processors as required under Article 28 of the GDPR.
7. International Data Transfers
Some of our third-party processors are based in the United States (Clerk, Stripe, Resend). Where personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, including:
- EU-U.S. Data Privacy Framework certification of the processor
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Additional technical and organizational measures where necessary
Our primary server infrastructure is hosted by Hetzner in Germany, within the European Union.
8. Your Rights Under the GDPR
As a data subject, you have the following rights under the GDPR:
Right of Access (Art. 15)
You can request a copy of the personal data we hold about you.
Right to Rectification (Art. 16)
You can request correction of inaccurate or incomplete personal data.
Right to Erasure (Art. 17)
You can request deletion of your personal data, subject to legal retention obligations.
Right to Data Portability (Art. 20)
You can request your data in a structured, commonly used, machine-readable format.
Right to Restrict Processing (Art. 18)
You can request that we limit the processing of your personal data in certain circumstances.
Right to Object (Art. 21)
You can object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds.
Right to Withdraw Consent (Art. 7(3))
Where processing is based on consent (e.g., newsletter), you may withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at privacy@aithreatalert.com. We will respond within 30 days as required by law.
You also have the right to lodge a complaint with your local data protection supervisory authority.
9. Cookies
We minimize the use of cookies. Our analytics provider, Plausible, does not use cookies and does not track individual users.
Essential cookies may be used by our authentication provider (Clerk) to maintain your session when you are logged in. These cookies are strictly necessary for the service to function and do not require consent under the GDPR.
For more details, see our Cookie Policy.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (TLS) and at rest
- Authentication delegated to a specialized provider (Clerk) rather than custom implementation
- Payment processing delegated to a PCI DSS Level 1 certified provider (Stripe)
- Server infrastructure hosted in EU data centers (Hetzner, Germany)
- Regular security reviews and access controls
11. Children's Privacy
Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify registered users by email for significant changes
- Post a visible notice on our website
We encourage you to review this page periodically. Continued use of our services after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, contact us at:
AI Threat Intelligence
Email: privacy@aithreatalert.com
We aim to respond to all privacy-related inquiries within 30 days.