Privacy Policy

DarkScout LLC ("DarkScout," "we," "us," or "our") is a cybersecurity and threat-intelligence company headquartered in Denver, Colorado, United States. We provide darknet-intelligence services, credential-exposure monitoring, and advanced security analytics to both Business Customers and Individual Users worldwide. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our website, interact with us, submit demo or contact forms, or use our security-platform services.

This Privacy Notice (the "Notice") applies to two categories of users:

DarkScout is committed to respecting and protecting your privacy. We process personal data to operate and improve our services, deliver threat-intelligence insights, facilitate communication and support, and comply with our legal and regulatory obligations. This Policy also explains your rights under applicable data-protection laws and how you may exercise them.

We may update this Privacy Policy from time to time to reflect changes in our services, technology, or legal obligations. Any updates will be posted on our website, and the "Last Updated" date at the top of this Policy will be revised accordingly. By continuing to access our website or use the Software after any updates take effect, you agree to the revised Policy. You are responsible for reviewing this Policy periodically to stay informed of any changes.

DarkScout collects information that helps us deliver our cybersecurity and threat-intelligence services. The information we collect depends on how you interact with us whether you're visiting our website, requesting a demo, signing up for monitoring, or using our darknet-intelligence tools.

1.1 Information You Provide to Us

When you create an account, request access to our platform, or communicate with us, you provide information such as your name, email address, password, and (if applicable) your organization and role. Business Customers may also submit domain names, employee email addresses, or other identifiers they want us to monitor for exposure. If you subscribe to our services, we also receive your billing details through our payment partners.

1.2 Information We Collect Automatically

When you visit our website or log into the platform, we automatically collect technical data such as your IP address, browser type, device information, and how you interact with our pages or dashboard. This helps us secure our systems, understand usage patterns, and improve user experience. We use cookies and similar technologies for functionality, analytics, and security.

1.3 Information Processed Through Our Security Services

As part of providing darknet-monitoring, credential-exposure detection, and email-security intelligence, darkscout ai we process information connected to the identifiers you choose to monitor. This may include email addresses, usernames, domain names, or other digital-footprint data.

We analyze information from publicly exposed or legally accessible sources, including: The darknet (public forums and discussion boards), Publicly known breaches, Threat-actor forums, Security research and other threat-intelligence sources. We do not purchase stolen data, access hidden marketplaces, or participate in illegal data markets. All analysis is conducted solely to identify security risks, compromised assets, or exposed credentials for our users.

Plan-Based Data Processing:

If you use our email-security features, we may process technical email metadata (such as headers or malicious-link indicators) strictly for threat detection. We do not read or store the full content of your emails unless a specific service requires it and you expressly authorize this.

1.4 Information from Third Parties

We may receive information from service providers, security-intelligence partners, public databases, domain registries, or payment processors. These third-party sources help us confirm account details, detect fraud, enhance threat-intelligence accuracy, and provide support for Business Customers.

1.5 High-Risk or Sensitive Data

DarkScout does not intentionally collect sensitive data such as government ID numbers, financial account numbers, medical information, or biometric identifiers. If such data appears in a breach dataset you ask us to monitor, we process it only to alert you and do not use it for any other purpose.

We use the information we collect to operate our platform, detect security threats, and deliver the services you request. Specifically, we use personal data for the following purposes:

2.1 Delivering and Improving Our Services

We use your information to:

• Create and manage your DarkScout account
• Provide darknet-exposure monitoring, threat-intelligence alerts, and email-security insights
• Verify ownership of domains, emails, or identifiers you ask us to monitor
• Generate dashboards, reports, and analytics
• Improve service accuracy, performance, and reliability

2.2 Detecting Breaches, Threats, and Suspicious Activity

We process relevant data to:

• Identify credential leaks, compromised assets, and exposed information
• Match leaked datasets to your monitored domains or identifiers
• Provide early warnings about threat-actor activity or emerging risks
• Perform internal security checks to prevent fraud, abuse, and misuse of our platform

2.3 Customer Support and Communication

We use account and contact information to:

• Respond to support requests
• Send service updates, alerts, or notifications
• Provide onboarding, troubleshooting, and technical assistance
• Communicate about changes to your account, subscription or service availability

2.4 Authentication, Safety, and Platform Integrity

We process technical and log data to:

• Authenticate users and secure access
• Detect unauthorized access or abnormal activity
• Maintain system performance and reliability
• Investigate suspected abuse or violations of our terms

2.5 Research and Product Development

We analyze aggregated or de-identified data to:

• Improve detection models and monitoring accuracy
• Enhance platform performance
• Develop new features, intelligence tools, or analytics capabilities

2.6 Billing and Account Management

We use billing information to:

• Process payments and invoices
• Manage subscriptions, renewals, and plan changes
• Communicate about payment issues or account status

2.7 Legal, Compliance, and Risk Management

We may process information to:

• Meet regulatory or legal obligations
• Enforce agreements with customers
• Respond to law-enforcement requests (where legally required)
• Protect DarkScout's rights, property, users, and systems

We do not sell your personal data. We share information only when it is necessary to deliver our services, operate our platform, comply with the law, or protect our users from security threats.

3.1 Service Providers and Partners

We share information with trusted third-party vendors who help us operate our business and platform, including cloud hosting providers, analytics tools, payment processors, customer-support systems, and security service providers. These providers may access personal data only to perform tasks on our behalf and are contractually required to protect it.

3.2 Darknet and Threat-Intelligence Operations

If you use our monitoring services, we may share limited information such as domain names, email identifiers, or threat indicators with specialized intelligence partners who assist in validating, enriching, or analyzing threat data. We do not share full customer datasets, login credentials, employee lists, or the content of emails with such partners.

All shared information is transmitted using appropriate technical safeguards, including encryption where applicable, and is subject to contractual obligations that require partners to maintain strict confidentiality, limit use to authorized purposes, and implement security measures consistent with industry standards.

3.3 Business Customers (Organizational Accounts)

If you access DarkScout through your employer or another organization:

• Authorized administrators may view certain information about your account, activity, alerts, or security findings.
• We may share monitoring results, risk alerts, or exposure reports with that organization.

3.4 Compliance with Law and Protection of Rights

We may share information where we are legally required to do so—for example, in response to lawful requests from courts, government agencies, or law-enforcement authorities. We may also disclose information to protect the rights, safety, and security of DarkScout, our users, or the public, or to investigate potential misuse of our services.

3.5 Business Transfers

If DarkScout is involved in a merger, acquisition, investment, restructuring, or sale of assets, personal data may be transferred to the relevant successor entity, subject to continued protection consistent with this Privacy Policy.

3.6 With Your Consent

In any situation where sharing is not covered above, we will obtain your explicit permission before doing so.

DarkScout operates globally, with infrastructure, service providers, and threat-intelligence partners located in multiple countries. As a result, your personal data may be transferred to or processed in jurisdictions outside your country of residence, including the United States, the United Kingdom, the European Union, and other regions where we maintain operations or engage trusted partners.

We take appropriate measures to ensure that any international transfers comply with applicable data-protection laws. These measures may include the use of standard contractual clauses, data-processing agreements, certification mechanisms, or other lawful safeguards designed to ensure an equivalent level of protection for personal data. Our service providers are required to handle personal data in accordance with this Privacy Policy and to maintain robust confidentiality and security protections.

Where required, we will provide additional information about the specific transfer mechanisms on request. If you are located in a jurisdiction that grants specific rights related to cross-border transfers, you may exercise those rights in accordance with the "Your Data Protection Rights" section of this Policy.

DarkScout retains personal data only for as long as necessary to provide our services, fulfill contractual obligations, comply with legal or regulatory requirements, or resolve disputes. For Business Customers, account information, monitoring data, and security logs are retained for the duration of the organization's subscription and for a reasonable period thereafter to support audits, investigations, or legal compliance. For Individual Users, account and monitoring data are retained only for the period during which the account is active and are removed or anonymized shortly after account closure.

Certain data, such as anonymized telemetry, aggregated usage statistics, or threat-intelligence indicators, may be retained longer to improve platform performance, enhance threat detection, and support research. All retained data is stored securely and treated according to our security standards.

Users and organizations may request deletion of their accounts or monitoring data at any time. Upon expiration of retention periods or deletion requests, DarkScout takes reasonable measures to securely delete, anonymize, or otherwise de-identify personal data in accordance with applicable laws.

DarkScout uses cookies, pixels, and similar tracking technologies on our website and platform to enhance your experience, understand usage patterns, improve performance, and maintain the security of our services. These technologies may collect information such as your browser type, device identifiers, pages visited, and interactions with our website or platform.

We also use certain cookies and analytics tools to help us analyze platform performance, troubleshoot issues, and optimize content and services for our users. In some cases, we may use cookies to deliver relevant marketing communications or track the effectiveness of our campaigns.

You can manage or disable cookies through your browser settings, although some features of our website or platform may not function properly if cookies are turned off.

DarkScout's services and website are not intended for children under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will take reasonable steps to delete such information as soon as possible.

DarkScout implements appropriate technical, administrative, and physical safeguards to protect personal data against unauthorized access, disclosure, alteration, or destruction. Measures include encryption, secure authentication, role-based access, and continuous infrastructure monitoring.

While we strive to protect data, no system guarantees absolute security. Users acknowledge residual risks.

DarkScout is committed to protecting personal data and will comply with all applicable data-protection and privacy laws in the event of a confirmed data breach. This includes, but is not limited to, GDPR, CCPA, Colorado Privacy Act, Virginia CDPA, Delaware Privacy Act, and Canadian PIPEDA.

In the event of a breach affecting personal data, DarkScout will take appropriate steps to investigate, contain, and mitigate the impact. Affected users will be notified in a timely manner, and notifications may include:

• The nature of the breach
• Types of personal data affected
• Measures DarkScout has taken or will take to mitigate potential risks
• Guidance on steps users can take to protect themselves

Notifications will be provided using reasonable methods, which may include email, platform alerts, or other appropriate communication channels.

Depending on the laws of your jurisdiction, you may have certain rights regarding your personal data. These rights may include:

Access to Your Information

You may request confirmation of whether we process your personal data and obtain a copy of such data in a commonly used, machine-readable format where required by law.

Correction of Inaccurate Data

You may request that we correct or update any personal data that is inaccurate or incomplete. We may retain historical or backup copies as permitted by law.

Deletion of Your Data

You may request that we delete your personal data. We will honor this request where required by law. However, we may need to retain certain information to comply with legal obligations, resolve disputes, enforce agreements, or complete transactions you initiated.

Restriction or Objection to Processing

In some circumstances, you may request that we stop processing your personal data or object to certain types of processing (e.g., profiling or analytics).

Data Portability

Where applicable, you may request to receive your personal data in a portable format or have it transferred to another controller.

Withdrawal of Consent

If we rely on your consent for processing, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of prior processing.

Marketing & Communication Preferences

You may opt out of marketing emails at any time by clicking the unsubscribe link or contacting us directly. If used, cookie-based advertising preferences may be managed through browser settings or our cookie banner.

Authorized Agents (Where Permitted)

You may designate an authorized agent to submit certain requests on your behalf, subject to proper verification.

When submitting a request, you should clearly indicate which right you wish to exercise. To protect your information, we may need to verify your identity before acting on the request.

Limitations & Verification

Some rights may not apply in all circumstances. We may deny a request if:

• The law allows or requires us to retain the data
• We cannot verify your identity
• Granting the request would compromise security, investigations, or the rights of others

We will not discriminate against individuals for exercising their privacy rights.

We may update or revise this Privacy Policy from time to time to reflect changes in our services, technology, legal requirements, or business operations. When we make changes, we will post the updated version on this page and update the "Last Updated" date at the top of the policy.

We encourage you to review this Privacy Policy periodically to stay informed about our data practices. Your continued use of our services after an update constitutes acceptance of the revised policy.