NetFoundry Customer Data Privacy Statement

The protection of private information is one of the most significant issues of the modern era to any modern business. NetFoundry takes these concerns very seriously. Fortunately, as NetFoundry does not maintain significant data at rest for customers, this is very straightforward. NetFoundry's business is the agility and security of data in motion, using dynamic and ephemeral keys to enable strong encryption. The encryption and decryption operations are performed on customer owned systems, and NetFoundry owned systems only see the encrypted stream, rendering it unavailable.

The only data NetFoundry maintains purposefully that can be considered personally identifiable information PII) is the console login details of administrative users. This is a name and email, necessary for such processes as password recovery. The other potential store of PII is in the logging streams available. NetFoundry collects logs for its own operational processes and to facilitate the retrieval and storage of the logs for customers to enhance their operational and audit processes. Some of these logs contain the IP address of the endpoint at attachment, which NetFoundry enhances with geographic data by lookup. This data is generally accurate to the city level, it does not use any endpoint or network based location services. These records also contain the endpoint label given it by the customer. Internally, NetFoundry uses GUID based naming for endpoints, so that there is no collision between customers, and to obfuscate the information. However, if customers choose to place PII, such as names or email addresses in the endpoint labels, then the logs contain location data that is attributable to a natural person, which may be protected depending on the laws of the customer and user. NetFoundry does not process endpoint names and associated data in any way that attributes actions to a natural person outside the collection of the logs above. We do use the IP and location information to track network operations globally, understand events in the context of physical geography and Internet geography, etc. It is the customers' prerogative to place any label they wish in the field, that they can then map internally to whatever purpose they require. This will not affect NetFoundry processes in any way and can remove the PII completely by breaking the union between the log entries and a natural person.

Regardless of whether or not the customer uses labels that can be attributed to a natural person, NetFoundry protects this information from improper access using a number of security controls and is consistent with GDPR and other privacy laws around the world. As noted above, NetFoundry does not process the label data, and we protect it from access by other customers and our internal users that are not authorized. If there are any questions regarding the security of customer data within the NetFoundry systems, please reach out to your sales representative or security@netfoundry.io.