Privacy Policy

Introduction

Breakpoint ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our incident response training platform.

Information We Collect

Information You Provide

• Account Information: Name, email address, company name, and phone number when you create an account
• Profile Information: Job title, role, and other professional information
• Exercise Data: Scenarios created, exercises run, participant responses, and performance metrics
• Payment Information: Billing details and payment card information (processed securely through third-party payment processors)
• Communications: Messages sent through our platform or to our support team

Information Collected Automatically

• Usage Data: Pages viewed, features used, time spent, and interaction patterns
• Device Information: IP address, browser type, operating system, and device identifiers
• Cookies: We use cookies and similar tracking technologies (see our Cookie Policy)

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send administrative information, updates, and security alerts
• Respond to your comments, questions, and support requests
• Generate analytics and insights to improve our platform
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations and enforce our terms
• Send marketing communications (with your consent)

How We Share Your Information

We do not sell your personal information. We may share your information with:

• Service Providers: Third-party vendors who perform services on our behalf (hosting, analytics, payment processing, customer support)
• Organization Members: Other members of your organization who have appropriate permissions
• Legal Requirements: When required by law, subpoena, or other legal process
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize us to share your information

Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

• 256-bit AES encryption for data at rest
• TLS 1.3 encryption for data in transit
• Regular security assessments and penetration testing
• Access controls and authentication measures
• Regular backups and disaster recovery procedures
• Employee security training and background checks

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention

We retain your information for as long as your account is active or as needed to provide services. We will retain and use your information as necessary to:

• Comply with legal obligations
• Resolve disputes
• Enforce our agreements
• Maintain business records

You may request deletion of your account and associated data at any time. We will delete your information within 30 days, except where retention is required by law.

Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information
• Portability: Request transfer of your information
• Objection: Object to processing of your information
• Restriction: Request restriction of processing
• Withdraw Consent: Withdraw consent for data processing

To exercise these rights, contact us at privacy@breakpoint.com. We will respond within 30 days.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers, including:

• Standard contractual clauses approved by the European Commission
• Privacy Shield certification (where applicable)
• Other legally approved transfer mechanisms

Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, and shared
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising CCPA rights

GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), we process your information based on the following legal bases:

• Contract: Processing necessary to provide our services
• Consent: You have given explicit consent
• Legitimate Interests: For fraud prevention, security, and analytics
• Legal Obligation: To comply with applicable laws

Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@breakpoint.it.com
• Mail: Breakpoint, 8865 Stanford Blvd, Suite #202, Columbia, MD 21045, USA
• Phone: +1 443 756 3449