Privacy Policy

At MatrixSentry, we take security seriously, starting with your data. This Privacy Policy explains how we collect, use, and protect your information when you visit our website, sign up for our services, or use our email security platform.

1. Information We Collect

We collect only the information necessary to provide our services and communicate with you:

• Personal Information: When you sign up for our waitlist or contact us, we collect your name, email address, and company name.
• Usage Data: We may collect anonymous metrics (such as page views or device type) to improve website performance and security.
• Email Data: When your organization uses our email security platform, we access email metadata (sender, recipient, subject, headers, timestamps), email content (message bodies and attachments), and mailbox status information for the purpose of automated threat detection and remediation.

2. How We Use Your Information

For the purposes of data protection laws, MatrixSentry acts as the Data Processor for the email data analyzed on behalf of your organization. We act as the Data Controller only for the personal information collected directly from you when you create an account or contact us.

We use your data solely for the following purposes:

• To provide early access to the MatrixSentry platform.
• To send critical updates regarding our service or security alerts.
• To respond to your inquiries or support requests.
• To analyze inbound email for threats including phishing, malware, business email compromise, and spam.
• To take remediation actions (quarantine, move, or delete) on emails identified as threats.
• To generate threat reports and security analytics for your organization's dashboard.

3. Email Data Processing

All email analysis is performed by automated systems. Human access to email data is strictly limited to security diagnosis, troubleshooting specific system errors, or when explicitly requested by your organization's administrator for support. Data is retained according to the following schedule:

• Raw content: Raw email bodies and attachments are retained for up to 14 days for processing and then permanently deleted.
• Email metadata: Identifiable email information (sender, recipient, subject, and remediation logs) is retained for up to 30 days to support investigation of recent threats.
• Threat intelligence: Anonymized, derived data (such as file hashes, URL patterns, and threat signatures) that cannot be reverse-engineered to reveal user content is retained for up to 90 days to improve global detection capabilities.

Your organization's administrator may revoke MatrixSentry's access to your email environment at any time, triggering the deletion of identifiable data within 30 days.

4. AI-Assisted Security Analysis

MatrixSentry's core threat detection and remediation pipeline operates entirely within our Google Cloud Platform infrastructure. No email content or metadata leaves our infrastructure during detection, classification, or remediation.

Separately, MatrixSentry offers an optional AI-assisted rule tuning service that uses third-party large language model (LLM) providers to improve detection accuracy. When enabled, this service may send the following to external AI providers:

• Email metadata: Sender domain, subject line, classification result, confidence score, and email authentication results (DKIM, DMARC, SPF).
• Redacted email content: Email body text with personally identifiable information removed. Before any content is sent externally, our automated redaction system replaces email addresses, phone numbers, Social Security numbers, credit card numbers, cryptocurrency addresses, bank account numbers, IP addresses, and names detected in greeting patterns with typed placeholders (e.g., [EMAIL_1], [NAME_1]).

File attachments are never sent to third-party AI providers and remain exclusively within our Google Cloud Platform infrastructure.

The AI providers we use for this service are:

• Anthropic (Claude API): Data is automatically deleted within 7 days. API data is never used for model training under commercial terms. Zero data retention is available by agreement. See Anthropic's data retention policy.
• Google (Gemini API, paid tier): Data is retained for up to 30 days for abuse monitoring only. Paid tier data is not used to improve Google products. Zero data retention is available. See Google's zero data retention policy.

This service can be disabled entirely at the customer's request. When disabled, no email content or metadata is sent to any external AI provider.

5. Data Protection

We implement enterprise-grade security measures to protect your personal information and email data. All data is stored in secure, encrypted environments on Google Cloud Platform in the United States and is accessible only to authorized personnel. By using the Services, you acknowledge that your data will be processed in the United States.

In the event of a data breach compromising your organization's email data or personal information, MatrixSentry will notify your designated account administrators without undue delay, and in no event later than 72 hours after becoming aware of the incident.

6. Third-Party Services

We do not sell, trade, or rent your personal identification information or email data to others. We do not use email data for advertising or marketing purposes. We use third-party subprocessors solely to provide the Services:

• Cloud Infrastructure Providers: Primary infrastructure for data storage, internal event messaging, and processing (e.g., Google Cloud Platform). All core email data processing remains within highly secure, US-based cloud environments.
• Anthropic and Google Gemini: AI-assisted security rule tuning only, as described in Section 4 above. Optional and can be disabled.

A complete list of our authorized subprocessors is available to enterprise customers upon request during the vendor onboarding process.

We may share generic, aggregated threat statistics that are not linked to any specific user or organization.

7. Your Rights

Depending on your location, you may have rights under the GDPR, CCPA, or other regional privacy laws to access, correct, delete, or restrict the processing of your personal data. Organization administrators may request deletion of all email data associated with their account. To submit a data subject access request (DSAR) or exercise any of these rights, please contact us at [email protected].

8. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

MatrixSentry Support
[email protected]