Privacy Policy

Last Updated: January 14, 2026

At paware.io, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our security awareness training platform.

1. Information We Collect

1.1 Information You Provide

When you use our services, we may collect:

Account Information: Name, email address, company name, job title
Profile Data: User preferences, language settings, notification preferences
Payment Information: Billing address, payment method (processed securely through third-party providers)
Communications: Any information you provide when contacting our support team

1.2 Training and Campaign Data

As part of our security awareness training service, we collect:

Training Session Data: Completion status, quiz scores, time spent, slide views
Phishing Simulation Data: Email opens, link clicks, form submissions, timestamps
Risk Assessment Data: Individual risk scores, performance trends, subject mastery metrics
Behavioral Analytics: Interaction patterns, engagement metrics, training effectiveness data

1.3 Automatically Collected Information

We automatically collect certain information when you access our platform:

Device Information: IP address, browser type, operating system, device identifiers
Usage Data: Pages viewed, features used, time stamps, referring URLs
Cookies and Tracking: We use cookies and similar technologies (see Section 6)

1.4 Supply Chain Assessment Data

For vendor assessments, we may collect:

Vendor Information: Company name, domain, contact details
Security Scan Results: DNS records, SSL/TLS configurations, security headers, breach history
Questionnaire Responses: Answers to security assessment questions

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Delivery

Deliver security awareness training content
Conduct phishing simulations and track results
Generate analytics and reports
Provide supply chain security assessments
Calculate individual and organizational risk scores

2.2 Service Improvement

Analyze usage patterns to improve our platform
Develop new features and functionality
Personalize training content using AI algorithms
Optimize campaign effectiveness

2.3 Communication

Send training notifications and reminders
Provide customer support
Send service updates and security alerts
Share product announcements (with your consent)

2.4 Security and Compliance

Detect and prevent fraud and abuse
Ensure platform security
Comply with legal obligations
Enforce our Terms of Service

3. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

3.1 With Your Organization

If you access our platform through your employer or organization, we share training data and analytics with designated administrators and security managers within your organization.

3.2 Service Providers

We work with third-party service providers who assist us in operating our platform:

Cloud hosting providers (data storage and processing)
Email delivery services (Mailgun for transactional emails)
Payment processors (for billing and subscriptions)
Analytics providers (for usage analysis)

3.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to:

Comply with legal obligations
Protect our rights or property
Prevent fraud or security issues
Protect the safety of users or the public

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4. Data Security

We implement industry-standard security measures to protect your information:

Encryption: Data transmitted over HTTPS/TLS encryption
Access Controls: Role-based access with granular permissions
Authentication: SSO support (Azure AD, Google, SAML)
Monitoring: Real-time security monitoring and logging
Infrastructure: EU-hosted data centers with physical security
Regular Audits: Periodic security assessments and penetration testing

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

Active Accounts: Data retained while your account is active
Training Records: Retained for the duration of your subscription plus 12 months for audit purposes
Deleted Accounts: Data deleted within 30 days of account deletion, except where required by law
Backup Data: May be retained in backups for up to 90 days

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Essential Cookies: Required for platform functionality (authentication, session management)
Analytics Cookies: Track usage patterns and improve our service
Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may limit platform functionality.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

7.1 Access and Portability

Request a copy of your personal information
Export your data in a portable format

7.2 Correction and Deletion

Update or correct inaccurate information
Request deletion of your personal information

7.3 Restriction and Objection

Restrict how we process your information
Object to certain processing activities

7.4 Withdrawal of Consent

Withdraw consent for marketing communications
Opt-out of non-essential data processing

To exercise these rights, contact us at [email protected]

8. GDPR Compliance (EU Users)

For users in the European Union, we comply with the General Data Protection Regulation (GDPR):

Legal Basis: We process data based on contract performance, legitimate interests, or consent
Data Transfers: EU data is stored within EU data centers
DPO Contact: For GDPR inquiries, contact our Data Protection Officer at [email protected]
Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

9. Children's Privacy

Our platform is not intended for individuals under 18 years of age. We do not knowingly collect information from children. If we become aware that we have collected personal information from a child, we will delete it promptly.

10. International Data Transfers

Your information may be processed in countries other than your own. We ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions by relevant data protection authorities
Your explicit consent where required

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on our website
Sending an email notification to registered users
Displaying an in-app notification

Your continued use of our platform after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]

General Inquiries: [email protected]

Data Protection Officer: [email protected]

Website: https://paware.io

This Privacy Policy is effective as of the date stated above and applies to all users of the paware.io platform.