SSHwatch Privacy Policy

1. Introduction

SSHwatch (“we,” “our,” or “us”) is committed to protecting your privacy and the security of your information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service, website, and related applications (collectively, the “Service”).

By accessing or using SSHwatch, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. This policy applies to all users of our Service, including those on free trials or paid subscriptions.

Last Updated: March 3, 2025

2. Information We Collect

We collect different types of information to provide, improve, and protect our Service:

2.1 Personal Information

  • Account Information: When you register for an account, we collect personal information such as your name, email address, company name, job title, and billing information.
  • Authentication Information: We store credentials necessary to authenticate your account, such as encrypted password data and API key information.
  • Contact Information: Information you provide when contacting our support team or participating in surveys.

2.2 SSH and Server Log Data

  • Authentication Logs: Information about SSH login attempts, including usernames, IP addresses, timestamps, and authentication outcomes (success/failure).
  • Session Data: Information about SSH sessions, including duration, commands executed (if enabled), and session termination details.
  • Server Identification: Hostname, operating system information, and network configuration details necessary for log analysis.
  • System Performance Metrics: Resource usage data related to the SSHwatch agent’s operation.

2.3 Usage Data

  • Service Usage Information: Data about how you interact with our Service, including features used, pages visited, actions taken, and time spent on the dashboard.
  • Technical Information: Device information (type, operating system, browser), IP addresses, and network information.
  • Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar technologies when you use our website or dashboard.

2.4 Payment Information

  • Billing Details: When you purchase a subscription, we collect payment information, which may include credit card details or other financial account information.
  • Transaction History: Records of your purchases, subscription changes, and billing history.

3. How We Collect Information

We collect information through various methods:

3.1 Direct Collection

  • Information you provide when creating an account, configuring settings, or communicating with us.
  • Data submitted through our website forms, support tickets, or other direct interactions.

3.2 Automated Collection

  • Our SSHwatch agent installed on your servers automatically collects and transmits log data.
  • Cookies and similar technologies collect information when you interact with our website and dashboard.
  • Server-side logging of API requests and service interactions.

3.3 Third-Party Sources

  • Integration partners when you connect third-party services or applications.
  • Public sources for IP reputation data and threat intelligence.

4. How We Use Your Information

We use the collected information for the following purposes:

4.1 Service Provision

  • To create and manage your account.
  • To authenticate users and verify identity.
  • To process and fulfill subscription purchases.
  • To analyze SSH logs for security threats and suspicious activities.
  • To generate security alerts and notifications based on your configured rules.
  • To provide dashboards, reports, and analytics about your servers’ security status.

4.2 Communication

  • To send essential service notifications, security alerts, and important updates.
  • To respond to your inquiries, support requests, and feedback.
  • To send promotional communications, newsletter updates, and educational content (with your consent where required by law).
  • To inform you about new features, services, and offers that may interest you.

4.3 Service Improvement and Development

  • To analyze usage patterns and optimize the user experience.
  • To identify, diagnose, and fix issues with our Service.
  • To develop new features, functionality, and services.
  • To conduct research and statistical analysis to improve security detection capabilities.

4.4 Security and Protection

  • To detect and prevent fraudulent activities, unauthorized access, and other potential security issues.
  • To protect the security and integrity of our Service, users, and systems.
  • To verify compliance with our terms and policies.

5. Legal Basis for Processing (GDPR and Applicable Laws)

If you are located in the European Economic Area (EEA), United Kingdom, or in jurisdictions with similar data protection laws, we collect and process your personal information based on one or more of the following legal grounds:

5.1 Performance of Contract

  • Processing necessary to provide the Service as outlined in our Terms and Conditions.

5.2 Legitimate Interests

  • Processing necessary for our legitimate interests, such as:
    • Improving and developing our Service
    • Protecting against fraud and unauthorized transactions
    • Ensuring network and information security
    • Managing our customer relationships

5.3 Consent

  • Processing based on your specific and informed consent, such as:
    • Sending marketing communications
    • Collecting certain types of sensitive data
    • Using certain cookies not essential to service provision

5.4 Legal Obligation

  • Processing necessary to comply with our legal obligations.

6. Information Sharing and Disclosure

SSHwatch does not sell your personal information or SSH log data to third parties. We may share information in the following limited circumstances:

6.1 Service Providers

  • We share information with trusted third-party service providers who perform services on our behalf, such as:
    • Cloud infrastructure and hosting providers
    • Payment processors
    • Customer support and communication tools
    • Analytics and monitoring services
  • All service providers are contractually bound to use the data only for the specific purposes of providing services to us and are required to maintain appropriate security measures.

6.2 Business Transfers

  • If SSHwatch is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any such change in ownership or control of your personal information.

6.3 Legal Requirements

  • We may disclose information if required to do so by law or in response to valid requests by public authorities (e.g., court order, government request).
  • To protect and defend our rights, property, or safety, or that of our users or third parties.
  • To investigate potential violations of our Terms and Conditions or this Privacy Policy.

6.4 With Your Consent

  • We may share information with third parties when you have explicitly consented to such sharing.

7. Data Security

We implement and maintain reasonable security measures to protect your information:

7.1 Technical Safeguards

  • Encryption of data in transit and at rest using industry-standard protocols.
  • Access controls and authentication mechanisms for our systems and services.
  • Regular security testing, vulnerability assessments, and patching.
  • Monitoring systems for potential security incidents.

7.2 Organizational Safeguards

  • Employee training on data protection and security best practices.
  • Access to your data limited to authorized personnel on a need-to-know basis.
  • Security incident response procedures.

7.3 Third-Party Assessments

  • Regular security assessments and compliance checks of our infrastructure and processes.
  • Vendor security evaluations for third-party service providers.

Despite our efforts, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your information. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.

8. Data Retention

We retain different types of information for different periods:

8.1 Account Information

  • We retain your account information for as long as your account is active, plus a reasonable period thereafter to handle any follow-up questions or comply with legal obligations.

8.2 SSH Log Data

  • Raw SSH log data is retained according to your subscription plan, ranging from 7 days up to 180 days.
  • The specific retention period for your account is determined by your selected subscription tier.
  • Aggregated or anonymized security analytics derived from log data may be retained for up to 12 months.
  • You can view your current data retention period in your account settings.

8.3 Payment Information

  • We retain payment and billing information as required by financial and tax regulations, typically for 7 years.

8.4 Usage Data

  • Service usage data is retained for up to 24 months to support service improvement and security.

8.5 Legal Compliance

  • We may retain certain information for longer periods if required by law or necessary for legal claims or compliance purposes.

9. Your Privacy Rights

Depending on your location, you may have various rights regarding your personal information:

9.1 Access and Portability

  • You have the right to access the personal information we hold about you.
  • You may request a copy of your personal data in a structured, commonly used, and machine-readable format.

9.2 Correction and Update

  • You can correct inaccurate information or update incomplete information through your account settings or by contacting us.

9.3 Deletion and Restriction

  • You have the right to request deletion of your personal information in certain circumstances.
  • You may request restriction of processing of your personal information under specific conditions.

9.4 Objection and Withdrawal of Consent

  • You may object to the processing of your personal information in certain situations.
  • Where processing is based on consent, you have the right to withdraw consent at any time.

9.5 Automated Decision-Making

  • You have the right to not be subject to decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects, except in certain circumstances permitted by law.

9.6 Complaint

  • You have the right to lodge a complaint with a data protection authority about our collection and use of your personal information.

To exercise these rights, please contact us using the information provided in the “Contact Us” section. We will respond to your request within the timeframe required by applicable law (typically within 30 days).

10. International Data Transfers

SSHwatch is based in the Netherlands, and we may process and store your information in various locations depending on our service providers’ infrastructure. When we transfer personal information outside the European Economic Area, United Kingdom, or other regions with data protection laws, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules
  • Privacy Shield certification (where applicable)
  • Other legally approved mechanisms

By using our Service, you acknowledge and consent to these transfers in accordance with this Privacy Policy.

11. Cookies and Similar Technologies

11.1 Types of Cookies We Use

  • Essential Cookies: Required for the operation of our website and dashboard.
  • Functional Cookies: Enable enhanced functionality and personalization.
  • Analytics Cookies: Help us understand how visitors interact with our website.

11.2 Your Cookie Choices

You can control cookies through your browser settings and our cookie preference center. However, blocking certain cookies may impact your experience with our Service.

11.3 Do Not Track

Some browsers transmit “Do Not Track” signals. We currently do not respond to these signals.

12. Children’s Privacy

SSHwatch is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us. If we learn that we have collected personal information from a child without parental consent, we will take steps to delete that information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by:

  • Posting the new Privacy Policy on this page with an updated effective date
  • Sending an email notification for material changes
  • Displaying a notice on our dashboard before the changes take effect

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, in accordance with applicable law.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at [email protected].

Book a demo

Fill in the form below to book a demo without obligation.
Request a demo