Privacy Policy

Sicuro Group LLC ("we", "us", "our") is the data controller responsible for the processing of your personal data collected through CHARIS ("the Platform"). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

Our Data Protection Officer (DPO) can be contacted for any privacy-related enquiries: Data Protection Officer, Sicuro Group LLC — Email: dpo@sicurogroup.com

We collect and process the following personal data when you register for and use the Platform: full name, email address, organisation name, hashed password, two-factor authentication secret, configuration preferences (countries, posture, triggers, distribution list), assessment data, and optional anonymous personnel manifest data (aggregate group counts only — no names or identifiers).

We process your personal data under: contract performance (Article 6(1)(b) GDPR) — to provide the Platform's services; legitimate interests (Article 6(1)(f)) — security, fraud prevention, and service improvement; and consent (Article 6(1)(a)) — where explicitly provided during registration.

Sicuro Group LLC does not sell, trade, rent, or share your personal data with any third parties. Your data is used solely for the purpose of providing and improving the Platform's services. The only external data processing involves anonymised, aggregated queries to AI services for crisis assessment generation. No personally identifiable information is included in these queries.

Account data (name, email, organisation) is retained for the duration of your active account, and deleted within 30 days of account deletion. Assessment data is retained for 12 months from the date of generation, after which it is automatically purged. Authentication logs are retained for 90 days for security monitoring purposes.

Under the GDPR you have the right of access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability (JSON format), the right to object, and the right to withdraw consent. To exercise any of these rights, contact our DPO at dpo@sicurogroup.com.

We implement appropriate technical and organisational measures including: passwords hashed with bcrypt, mandatory TOTP two-factor authentication, encrypted data transmission (HTTPS/TLS), role-based access controls, and regular security reviews.

The Platform uses essential session cookies for authentication purposes only. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

We may update this Privacy Policy from time to time. We will notify registered users of any material changes via email. Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.

For privacy-related enquiries, please contact: Data Protection Officer, Sicuro Group LLC — Email: dpo@sicurogroup.com