Privacy Policy
This Privacy Policy explains how Surface Drift handles information when you use the product, website, and related services.
Information We Collect
We collect account information such as your name, email address, authentication data, plan details, and basic billing or subscription metadata where applicable.
We also process operational data needed to provide the service, including monitored domains, scan configurations, scan results, findings, inventory records, notification settings, and audit events tied to your account.
How We Use Information
We use information to operate the platform, authenticate users, run scans, generate reports, send security notifications, prevent abuse, troubleshoot issues, and improve the reliability and safety of the service.
We may also use service metadata for internal analytics, capacity planning, fraud prevention, and incident response.
Customer Scan Data
Domains, findings, report data, and related operational artifacts are treated as customer data. We use that data only to deliver the service, secure the platform, provide support, and maintain the product.
We do not sell customer scan data or customer findings to third parties.
Notifications and Email
If you enable notifications, we process the destination email address and the alert content needed to deliver those messages. Auth flows such as password reset or account verification also require transactional email delivery.
Security and Retention
We use administrative, technical, and organizational measures designed to protect account data and service data. No system is perfectly secure, but we work to reduce unauthorized access, misuse, and accidental disclosure.
We retain information for as long as needed to operate the service, comply with legal obligations, resolve disputes, and maintain security records, after which data may be deleted or anonymized.
Service Providers
We may rely on infrastructure, hosting, email, analytics, and operational vendors to provide the service. Those providers may process data only as needed to support Surface Drift.
Your Responsibilities
You should only submit domains, assets, and systems you are authorized to monitor. You are responsible for the accuracy of the data you provide and for managing access to your account.
Policy Updates
We may update this Privacy Policy from time to time to reflect changes in the product, legal requirements, or operational practices. Continued use of the service after an update means the revised policy applies.