Effective Date: 1st August 2026
This Privacy Policy explains how MSP SecureView LLC-FZ (“SecuVeo“, “we“, “our” or “us“) collects, uses, stores, shares and protects Personal Data when Customers access or use the SecuVeo platform, websites and related Services.
This Privacy Policy applies to:
- https://secuveo.com
- https://app.secuveo.com
- all Services provided by SecuVeo.
This Privacy Policy should be read together with our:
- Terms of Service;
- Data Processing Agreement (“DPA”);
- Cookie Policy (where applicable); and
- any other policies published through the SecuVeo Policy Centre.
Where a conflict exists between this Privacy Policy and the Data Processing Agreement, the Data Processing Agreement shall prevail to the extent required by applicable data protection law.
By creating an account, accessing or using the Services, Customers acknowledge that they have read and understood this Privacy Policy.
1. Who We Are
The Services are provided by:
MSP SecureView LLC-FZ
Meydan Grandstand, 6th Floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates
Email: legal@secuveo.com
Website: https://secuveo.com
Application: https://app.secuveo.com
For the purposes of applicable privacy legislation, SecuVeo may act as either:
- a Data Controller in relation to Personal Data relating to Customers, platform users, billing, support and website visitors; or
- a Data Processor where Personal Data is processed on behalf of Customers through the Services.
Where SecuVeo acts as a Data Processor, processing is governed by the Data Processing Agreement and, where applicable, Article 28 of the UK GDPR, EU GDPR and other applicable data protection laws.
2. Definitions
For the purposes of this Privacy Policy:
Account Manager means an individual assigned to a Client within the Services who may appear on Security Review Reports and may optionally include a Meeting Call Link.
AI means artificial intelligence technologies used within the Services to assist with generating content, summaries, recommendations or other automated outputs.
Client means a customer or end customer of the Customer whose information may be stored within the Services.
Controller means the person or organization determining the purposes and means of processing Personal Data.
Customer means the individual or organization that has entered into the Terms of Service with SecuVeo.
Data Processor means an organization processing Personal Data on behalf of a Controller.
Microsoft Graph means Microsoft’s Graph API and associated Microsoft cloud services used to retrieve authorized Microsoft security information.
Personal Data means any information relating to an identified or identifiable natural person.
Policy Centre means the area within the Services where legal policies, notices and updates are published.
Processor means SecuVeo when processing Personal Data on behalf of Customers.
PSA means a supported Professional Services Automation platform integrated with the Services.
Report Compliance Record means the PDF audit record generated by the Services recording disclaimer acknowledgment information and related audit events.
Security Evidence means Microsoft security configuration information, security settings and related information retrieved through authorized Microsoft Graph connections.
Security Review means an IT Security Review created using the Services.
Security Review Report means any report, PDF, recommendation summary, AI-generated content or related output generated through the Services.
Services means the SecuVeo cloud platform, websites, applications, software, integrations and related services provided by SecuVeo.
Sub-Processor means a third party engaged by SecuVeo to assist in providing the Services.
3. Scope of this Privacy Policy
This Privacy Policy applies to Personal Data collected through:
- the SecuVeo websites;
- the SecuVeo application;
- Customer accounts;
- Security Reviews;
- Security Review Reports;
- Report Compliance Records;
- Microsoft Graph integrations;
- PSA integrations;
- Support Tickets;
- email communications;
- platform usage;
- cookies;
- analytics technologies; and
- any other interaction with the Services.
It does not apply to:
- third-party websites;
- third-party PSA platforms;
- Microsoft services;
- payment processors;
- or other third-party services governed by their own privacy policies.
Customers are responsible for reviewing the privacy policies of third-party providers they choose to connect to the Services.
4. Information We Collect
The type of Personal Data we collect depends upon how the Services are used.
4.1 Information Provided Directly by Customers
Customers may provide information including:
- names;
- business names;
- email addresses;
- telephone numbers;
- job titles;
- postal addresses;
- billing information;
- payment information processed through third-party payment providers;
- branding assets including company logos;
- meeting scheduling links;
- custom email domains;
- DNS configuration information;
- Support Ticket information;
- attachments uploaded through Support Tickets;
- account settings;
- report templates;
- Product Library information;
- recommendations;
- report content;
- custom disclaimers;
- and other information voluntarily submitted through the Services.
4.2 Platform User Information
Where Customers create User accounts, we may collect:
- user names;
- email addresses;
- authentication information;
- password hashes (where applicable);
- Microsoft Single Sign-On identifiers;
- Multi-Factor Authentication configuration information;
- role assignments;
- account status;
- login history;
- IP addresses;
- browser information;
- device information;
- audit logs;
- activity history;
- and other information necessary to provide secure access to the Services.
4.3 Client Information
Customers may store information relating to their own Clients.
This information may include:
- Client names;
- company information;
- primary contacts;
- email addresses;
- telephone numbers;
- postal addresses;
- Account Managers;
- meeting scheduling links;
- recurring billing information;
- Security Review history;
- recommendations;
- Product Library information;
- Security Review Reports;
- audit history;
- notes;
- Internal Tasks;
- and other information entered by Customers.
Customers remain responsible for ensuring they have the legal authority to collect, store and process such information using the Services.
4.4 Information Imported from PSA Platforms
Where Customers enable supported PSA integrations, the Services may import:
- Client information;
- Client Contacts;
- recurring billing information;
- products;
- services;
- Account Managers;
- company identifiers;
- contact information;
- and other supported information made available through the connected PSA platform.
Customers remain responsible for reviewing and validating imported information before relying upon it.
4.5 Information Retrieved from Microsoft Graph
Where Customers authorize Microsoft Graph and GDAP integrations, the Services may retrieve Security Evidence including:
- Microsoft security configuration information;
- Microsoft licensing information;
- Microsoft security settings;
- Microsoft compliance settings;
- Microsoft Defender information;
- Microsoft Entra information;
- Conditional Access information;
- Multi-Factor Authentication status;
- Secure Score information;
- and other supported Microsoft security information.
Customers remain responsible for ensuring they have appropriate authority to access Microsoft Tenants connected to the Services.
4.6 Data We Do Not Intentionally Collect
The Services are designed for managing IT Security Reviews and are not intended to collect or process special categories of Personal Data or other highly sensitive information unless expressly required by the Customer.
Customers should not intentionally upload or process:
- medical or health information;
- biometric information;
- genetic information;
- information relating to racial or ethnic origin;
- religious or philosophical beliefs;
- political opinions;
- trade union membership;
- criminal convictions or offenses; or
- any other sensitive Personal Data unless legally permitted and necessary for the Customer’s own purposes.
Customers remain solely responsible for determining what information they choose to upload to the Services.
5. How We Use Personal Data
We use Personal Data only where necessary to provide, maintain, secure, improve and administer the Services.
Depending on how the Services are used, Personal Data may be used to:
- provide access to the Services;
- create and manage Customer accounts;
- authenticate Users;
- provide Microsoft Single Sign-On (SSO);
- provide Multi-Factor Authentication (MFA);
- process subscription payments;
- administer subscriptions;
- generate Security Reviews;
- generate Security Review Reports;
- generate Report Compliance Records;
- generate AI-assisted Executive Summaries;
- generate AI-assisted Changes Since Last Review;
- assist with AI-generated recommendations;
- synchronize information from supported PSA platforms;
- retrieve Security Evidence from authorized Microsoft Graph connections;
- deliver Security Review Reports;
- deliver email notifications;
- maintain audit logs;
- provide customer support;
- investigate suspected misuse of the Services;
- detect, prevent and investigate fraud or unauthorized access;
- improve the reliability, usability and security of the Services;
- develop new features and functionality;
- communicate important product, billing and policy updates;
- comply with legal and regulatory obligations;
- enforce our Terms of Service and other policies; and
- protect the rights, property and security of SecuVeo, our Customers and third parties.
We will process Personal Data only where we have an appropriate legal basis to do so.
6. Artificial Intelligence Processing
Certain features within the Services use artificial intelligence (“AI”) to assist Customers in generating Security Review content.
AI-assisted functionality may include:
- Executive Summaries;
- Changes Since Last Review;
- Recommendations;
- PSA keyword recommendations;
- deployment recommendations;
- report drafting assistance;
- historical comparisons;
- and other AI-assisted functionality introduced from time to time.
AI-generated content is intended solely to assist Customers.
Customers remain solely responsible for reviewing, validating and approving all AI-generated content before relying upon it, distributing it or including it within any Security Review Report.
AI-generated content should not be considered legal, regulatory, financial, cybersecurity or professional advice.
6.1 Information Submitted for AI Processing
Depending on the feature being used, information submitted for AI processing may include:
- Customer names;
- Client names;
- Security Review findings;
- recommendations;
- recurring billing information;
- Product Library information;
- Security Evidence;
- report content;
- historical Security Review information;
- operational information required to generate AI-assisted outputs; and
- other information reasonably necessary to provide AI-assisted functionality.
AI processing is performed solely for the purpose of providing the requested functionality within the Services.
6.2 AI Service Providers
SecuVeo may use approved third-party AI providers to process information submitted for AI-assisted functionality.
Such providers act as authorized Sub-Processors under our Data Processing Agreement.
SecuVeo only engages approved AI providers that are contractually required to process Customer Data solely for the purpose of providing the requested AI-assisted functionality and in accordance with applicable data protection laws. Customer Data submitted for AI-assisted functionality is not used by SecuVeo to train public or third-party AI models.
6.3 AI Accuracy
Artificial intelligence may generate inaccurate, incomplete, outdated or inappropriate content.
SecuVeo does not guarantee the accuracy, completeness or suitability of AI-generated outputs.
Customers remain solely responsible for:
- reviewing all AI-generated content;
- validating AI-generated information;
- verifying recommendations;
- confirming technical accuracy;
- confirming legal and regulatory compliance;
- and determining whether AI-generated content is appropriate before use.
7. Microsoft Graph & GDAP
Where authorized by the Customer, the Services may connect to Microsoft Graph and Microsoft Granular Delegated Admin Privileges (“GDAP”) to retrieve Security Evidence from authorized Microsoft Tenants.
Retrieved information may include:
- Microsoft security configuration information;
- Microsoft licensing information;
- Conditional Access information;
- Microsoft Defender information;
- Microsoft Entra information;
- Multi-Factor Authentication status;
- Secure Score information;
- compliance settings;
- and other supported Microsoft security information.
This information may be used to:
- populate Security Review Items;
- generate Security Review Reports;
- generate Executive Summaries;
- generate Changes Since Last Review;
- provide supporting Security Evidence;
- compare historical security configurations;
- and assist Customers in completing Security Reviews.
Customers remain responsible for:
- ensuring they have authority to connect Microsoft Tenants;
- maintaining appropriate GDAP relationships;
- maintaining delegated permissions;
- removing access when authorization no longer exists;
- complying with Microsoft’s licensing requirements;
- and validating all retrieved Security Evidence before relying upon it.
Microsoft Graph integrations are optional.
8. PSA Integrations
Where supported, Customers may connect Professional Services Automation (“PSA”) platforms to synchronize information with the Services.
Imported information may include:
- Client information;
- Client Contacts;
- recurring billing information;
- products;
- services;
- Account Managers;
- company identifiers;
- contact information;
- and other supported information made available through the connected PSA platform.
Customers may alternatively:
- import Client information using spreadsheet templates provided by SecuVeo; or
- manually enter supported information within the Services.
Customers remain responsible for reviewing and validating all imported or synchronized information before relying upon it.
8.1 AI-Assisted PSA Matching
Where supported, the Services may use artificial intelligence to recommend keywords that may correspond to recurring billing items imported from supported PSA platforms.
Customers may:
- accept AI-generated keyword recommendations;
- modify AI-generated recommendations;
- delete AI-generated recommendations; or
- create their own keyword matching rules.
Based upon Customer-configured keyword matching rules, the Services may automatically recommend or populate deployment statuses for Security Review Items.
Customers remain solely responsible for reviewing and confirming all automatically populated deployment statuses before generating or distributing any Security Review Report.
8.2 PSA Opportunities and Tickets
Where supported by the connected PSA platform, Customers may create opportunities or service tickets directly from within the Services.
Information submitted to the PSA platform is controlled by the Customer.
SecuVeo does not guarantee the availability, successful synchronization or ongoing compatibility of any third-party PSA integration.
9. Report Generation
The Services generate Security Review Reports based upon information entered by Customers, imported from connected services and generated through supported automated functionality.
Generated reports may include:
- Security Review findings;
- recommendations;
- Security Scores;
- Product Library information;
- AI-generated content;
- Security Evidence;
- recurring billing information;
- historical comparisons;
- executive summaries;
- report branding;
- Personal Data included by the Customer or generated from Customer-provided information;
- and other information selected by the Customer.
Customers remain solely responsible for reviewing all report content before distribution.
SecuVeo does not independently verify the accuracy of Customer-supplied, imported or AI-generated information included within Security Review Reports.
10. Report Compliance Records & Disclaimer Acknowledgment
Where enabled by the Customer, recipients of Security Review Reports may be required to acknowledge a disclaimer before accessing a report.
As part of the acknowledgment process, recipients may be asked to provide the email address to which the Security Review Report was originally sent.
This information is collected solely to:
- identify the acknowledging recipient;
- maintain the report audit trail;
- generate the Report Compliance Record;
- demonstrate disclaimer acknowledgment;
- assist Customers with compliance recordkeeping;
- and help protect the integrity of report access records.
Report Compliance Records may include:
- acknowledgment date and time;
- the email address entered by the recipient;
- IP address;
- browser information;
- device information;
- and other audit information reasonably necessary to demonstrate report access and disclaimer acknowledgment.
This information is not used for marketing purposes.
11. Cookies and Similar Technologies
The Services use cookies and similar technologies to provide functionality, improve security, enhance user experience and analyze usage of the Services.
Cookies are small text files placed on a user’s device when visiting a website.
The Services may use:
- essential cookies;
- authentication cookies;
- session cookies;
- security cookies;
- preference cookies;
- analytics cookies; and
- other similar technologies necessary to operate the Services.
Customers may configure browser settings to reject certain cookies. However, disabling certain cookies may affect the functionality or availability of parts of the Services.
Where required by applicable law, Customers will be provided with appropriate choices regarding the use of non-essential cookies.
A separate Cookie Policy may provide additional information regarding cookies and similar technologies used by the Services.
11.1 Essential Cookies
Essential cookies are required for the operation of the Services and cannot normally be disabled.
These cookies may be used to:
- authenticate Users;
- maintain secure login sessions;
- provide Multi-Factor Authentication;
- remember authentication status;
- protect against fraudulent activity;
- maintain platform security;
- load balancing;
- maintain application performance; and
- provide other core functionality required to operate the Services.
11.2 Analytics
SecuVeo may use analytics technologies to better understand how the Services are used.
Analytics information may include:
- pages visited;
- features used;
- session duration;
- browser type;
- operating system;
- device type;
- approximate geographic location;
- referring websites;
- IP address;
- application performance metrics; and
- usage trends.
Analytics information helps us:
- improve the Services;
- identify usability issues;
- improve performance;
- diagnose technical issues;
- monitor reliability;
- prioritize product improvements; and
- understand how Customers interact with the Services.
Where possible, analytics information is aggregated or de-identified.
11.3 Preference Cookies
Preference cookies may be used to remember Customer preferences, including:
- language;
- display preferences;
- time zone;
- login preferences;
- dashboard settings;
- report preferences; and
- other personalization settings.
12. Legal Basis for Processing
Where required by applicable privacy laws, SecuVeo processes Personal Data only where an appropriate legal basis exists.
Depending on the circumstances, processing may be based upon:
Performance of a Contract
Processing necessary to:
- provide the Services;
- administer subscriptions;
- authenticate Users;
- generate Security Reviews;
- generate Security Review Reports;
- deliver reports;
- provide customer support;
- process payments; and
- fulfill our contractual obligations.
Legitimate Interests
Processing necessary to:
- improve the Services;
- maintain platform security;
- detect fraud;
- investigate misuse;
- prevent unauthorized access;
- monitor performance;
- develop new functionality;
- maintain audit logs;
- protect Customers;
- protect SecuVeo;
- and improve reliability.
Where required, we balance our legitimate interests against the rights and freedoms of individuals.
Legal Obligations
Processing necessary to:
- comply with applicable laws;
- comply with court orders;
- satisfy regulatory requirements;
- respond to lawful government requests;
- enforce legal rights; and
- maintain legally required records.
Consent
Certain processing activities may be based upon Customer or User consent.
Where consent is relied upon, it may be withdrawn at any time, subject to applicable law.
Withdrawal of consent does not affect processing already lawfully carried out before consent was withdrawn.
13. Sharing Personal Data
SecuVeo does not sell Personal Data.
We share Personal Data only where reasonably necessary to provide the Services, comply with legal obligations or protect our legitimate interests.
Depending upon how the Services are used, Personal Data may be shared with:
- authorized Sub-Processors;
- payment providers;
- hosting providers;
- authentication providers;
- AI service providers;
- email delivery providers;
- analytics providers;
- professional advisers;
- auditors;
- insurers;
- regulators;
- law enforcement authorities where legally required; and
- other parties where disclosure is required or permitted by applicable law.
All recipients are expected to process Personal Data only for legitimate purposes consistent with this Privacy Policy and our contractual obligations.
13.1 Current Service Providers
Current Sub-Processors and Service Providers may include:
- Amazon Web Services (AWS) – cloud hosting and infrastructure;
- Auth0 – authentication and identity management;
- Stripe – payment processing;
- Mandrill – transactional email delivery;
- Anthropic (Claude) – AI-assisted functionality;
- Google Analytics – website and platform analytics.
SecuVeo may replace existing providers or appoint additional providers from time to time.
Current providers may change as the Services evolve.
13.2 Professional Advisers
Personal Data may be disclosed where reasonably necessary to:
- lawyers;
- accountants;
- auditors;
- insurers;
- compliance advisers; or
- other professional advisers.
Such disclosures will be limited to information reasonably necessary for the relevant purpose.
13.3 Legal Requirements
SecuVeo may disclose Personal Data where we reasonably believe disclosure is necessary to:
- comply with applicable law;
- comply with a court order;
- comply with lawful requests from public authorities;
- establish, exercise or defend legal claims;
- investigate fraud;
- investigate security incidents;
- enforce our legal rights;
- enforce our Terms of Service;
- or protect the rights, property or safety of SecuVeo, our Customers or others.
Where legally permitted, we will seek to notify the affected Customer before disclosing Personal Data.
Where legally permitted, SecuVeo may also challenge, narrow or seek clarification of requests that we reasonably believe are unlawful, invalid or disproportionate before disclosing Customer Data.
14. International Data Transfers
SecuVeo is incorporated in the United Arab Emirates.
The Services are primarily hosted using Amazon Web Services infrastructure located within the United States.
Accordingly, Personal Data may be transferred to, stored in or processed within:
- the United Arab Emirates;
- the United States; and
- other jurisdictions where authorized Sub-Processors operate.
Where required by applicable law, SecuVeo will implement appropriate safeguards to protect Personal Data, which may include:
- Standard Contractual Clauses (SCCs);
- adequacy decisions;
- contractual commitments with Sub-Processors;
- technical safeguards;
- organizational safeguards; and
- other lawful transfer mechanisms recognized under applicable privacy laws.
By using the Services, Customers acknowledge that international transfers may be necessary to provide the Services.
14.1 Data Security During Transfers
SecuVeo uses commercially reasonable technical and organizational safeguards designed to protect Personal Data during transmission and storage.
These safeguards may include:
- encryption in transit;
- encrypted storage;
- secure authentication;
- role-based access controls;
- access monitoring;
- audit logging;
- network security controls; and
- other reasonable security measures appropriate to the nature of the Services.
Despite these measures, no method of electronic transmission or storage can be guaranteed to be completely secure.
15. Data Security
SecuVeo is committed to protecting Personal Data using commercially reasonable technical, administrative and organizational security measures appropriate to the nature of the Services and the information processed.
Security measures may include:
- encryption in transit using TLS/HTTPS;
- encryption at rest where appropriate;
- Multi-Factor Authentication (MFA);
- Microsoft Single Sign-On (SSO);
- role-based access controls;
- authentication monitoring;
- audit logging;
- secure password handling;
- access controls;
- vulnerability management;
- security monitoring;
- infrastructure monitoring;
- regular software updates; and
- other security measures designed to protect the confidentiality, integrity and availability of Personal Data.
Security measures may be reviewed and updated from time to time to address evolving threats, changes in technology and improvements to the Services.
Although SecuVeo uses commercially reasonable safeguards, no system, network or method of electronic storage or transmission can be guaranteed to be completely secure.
Customers remain responsible for maintaining appropriate security within their own organizations, including securing their User accounts, devices and connected systems.
15.1 Security Incident Notification
If SecuVeo becomes aware of a confirmed Personal Data breach affecting Customer Data, we will notify affected Customers without undue delay where required by applicable law. Where appropriate, we will provide reasonable information regarding the nature of the incident, the likely impact, the measures taken to address it, and any information reasonably required to assist Customers in complying with their own legal obligations.
16. Data Retention
SecuVeo retains Personal Data only for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, maintain security and satisfy legitimate business purposes.
Retention periods may vary depending on the type of information involved.
Information may be retained for:
- providing the Services;
- maintaining Security Review history;
- maintaining audit records;
- fraud prevention;
- security investigations;
- legal or regulatory compliance;
- disaster recovery;
- backup and restoration;
- enforcing contractual rights; and
- other legitimate operational purposes.
16.1 Customer Data
Unless otherwise required by applicable law or our contractual obligations, Customer Data will typically be retained until the Customer’s account is terminated and applicable retention periods have expired.
Following termination:
- Customer access to the Services will be removed;
- Customer Data will be processed for deletion in accordance with our Data Processing Agreement;
- certain information may remain temporarily within encrypted backup systems;
- monthly platform backups may be retained for up to six (6) months;
- generated PDF Security Review Reports may be retained for up to two (2) years where reasonably necessary for audit, legal, regulatory, fraud prevention, security or operational purposes; and
- information retained for legal or regulatory purposes may continue to be stored until such obligations have been satisfied.
Following expiration of applicable retention periods, retained information will be securely deleted or anonymized where appropriate.
16.2 Audit Records
Audit information may be retained longer than Customer-generated content where reasonably necessary to:
- investigate security incidents;
- demonstrate compliance;
- resolve disputes;
- protect the integrity of the Services;
- comply with legal obligations; or
- establish, exercise or defend legal claims.
Audit records may include:
- login history;
- authentication events;
- administrative actions;
- report generation history;
- disclaimer acknowledgments;
- Report Compliance Records;
- Support Ticket activity;
- account changes;
- and other platform audit information.
16.3 Customer Responsibility Before Deletion
Customers remain responsible for exporting any reports, records or other information they wish to retain before requesting account termination or deletion.
Available export functionality may change from time to time as the Services evolve.
17. Customer Responsibilities
Customers remain responsible for ensuring they have the legal authority to collect, use and process any Personal Data submitted to the Services.
Customers are responsible for:
- obtaining all necessary permissions, authorizations and consents where required;
- ensuring information entered into the Services is lawful;
- complying with applicable privacy laws;
- protecting User credentials;
- enabling Multi-Factor Authentication where appropriate;
- reviewing AI-generated content before use;
- validating information imported from PSA platforms;
- validating Security Evidence retrieved from Microsoft Graph;
- ensuring Microsoft permissions remain authorized;
- removing access to connected services when authorization no longer exists;
- ensuring recipients of Security Review Reports are appropriately authorized;
- and using the Services in accordance with the Terms of Service.
Customers remain solely responsible for determining what Personal Data they choose to upload, import or otherwise process using the Services.
18. Your Privacy Rights
Depending on your location and applicable law, you may have certain rights regarding your Personal Data.
These rights may include the right to:
- request access to your Personal Data;
- request correction of inaccurate Personal Data;
- request deletion of Personal Data;
- request restriction of processing;
- object to certain processing activities;
- request data portability;
- withdraw consent where processing is based upon consent;
- and lodge a complaint with an applicable supervisory authority.
These rights are not absolute and may be subject to legal exceptions or limitations.
Where SecuVeo processes Personal Data solely on behalf of a Customer as a Data Processor, requests relating to Customer Data should normally be directed to the relevant Customer, who acts as the Data Controller.
SecuVeo will reasonably assist Customers in responding to applicable data subject requests where required by law or contract.
18.1 Exercising Your Rights
Requests relating to Personal Data may be submitted by contacting:
To protect Personal Data, SecuVeo may take reasonable steps to verify the identity and authority of the individual making the request before responding.
We will respond within the timeframes required by applicable law.
Where permitted by law, we may decline requests that are:
- manifestly unfounded;
- excessive;
- repetitive;
- technically impractical;
- or otherwise exempt under applicable law.
19. California Privacy Rights
If applicable, residents of California may have additional rights under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), or other applicable California privacy laws.
Subject to applicable law, California residents may have the right to:
- know what Personal Data we collect;
- request access to Personal Data;
- request correction of inaccurate Personal Data;
- request deletion of Personal Data;
- request information regarding the categories of Personal Data collected;
- request information regarding categories of third parties with whom Personal Data has been shared; and
- exercise applicable privacy rights without unlawful discrimination.
SecuVeo does not sell Personal Data.
SecuVeo does not knowingly share Personal Data for cross-context behavioral advertising as those terms are defined under applicable California privacy laws.
California privacy requests may be submitted using the contact information provided in this Privacy Policy.
20. Marketing Communications
SecuVeo may send communications relating to the Services.
These communications may include:
- account notifications;
- subscription information;
- billing notices;
- payment confirmations;
- Security Review delivery notifications;
- security notifications;
- product announcements;
- feature releases;
- maintenance notifications;
- policy updates;
- service availability notices;
- support communications; and
- other communications necessary for the operation of the Services.
Transactional communications that are necessary to provide the Services cannot generally be opted out of while a Customer maintains an active account.
Where required by applicable law, Customers may opt out of receiving marketing communications by:
- using the unsubscribe link included within marketing emails;
- updating communication preferences within the Services where available; or
- contacting SecuVeo using the contact information provided in this Privacy Policy.
Opting out of marketing communications will not prevent Customers from receiving essential service-related communications.
21. Children’s Privacy
The Services are intended solely for business use by organizations and individuals who are at least eighteen (18) years of age.
The Services are not intended for use by children.
SecuVeo does not knowingly collect Personal Data directly from individuals under the age of eighteen (18).
If we become aware that Personal Data has been collected directly from a child without appropriate legal authorization where required, we will take commercially reasonable steps to delete such information.
If you believe a child has provided Personal Data directly to SecuVeo, please contact us using the contact information provided in this Privacy Policy.
22. Third-Party Websites and Services
The Services may contain links to third-party websites, products, services or resources.
The Services may also integrate with third-party platforms including, but not limited to:
- Microsoft;
- Professional Services Automation (PSA) platforms;
- payment providers;
- authentication providers;
- artificial intelligence providers;
- analytics providers; and
- other third-party services.
SecuVeo does not own or control third-party services.
This Privacy Policy applies only to the Services provided by SecuVeo.
The collection, processing and protection of Personal Data by third-party providers are governed by their own privacy policies, terms and applicable contractual arrangements.
Customers are responsible for reviewing the privacy practices of any third-party services they choose to connect to the Services.
SecuVeo is not responsible for the privacy practices, security measures or content of third-party websites or services.
23. Business Transfers
As SecuVeo continues to develop, our business structure may change.
If SecuVeo or substantially all of its assets are involved in:
- a merger;
- acquisition;
- corporate restructuring;
- financing transaction;
- sale of assets;
- change of ownership; or
- similar business transaction,
Personal Data may be transferred to the acquiring or successor organization as part of that transaction.
Any successor organization will be required to continue processing Personal Data in accordance with applicable law and any contractual obligations that continue to apply.
Where required by applicable law, Customers will be notified of material changes affecting the processing of Personal Data.
24. Our Commitment to Customer Data
SecuVeo is committed to protecting the confidentiality, integrity and security of Customer Data and to maintaining the trust placed in us by our Customers.
SecuVeo’s business is providing software to Managed Service Providers. We do not provide managed IT services and have no commercial interest in competing with our Customers or developing direct commercial relationships with their Clients. We believe Customer Data belongs to the Customer, and our role is solely to process that data on the Customer’s behalf in accordance with the Customer’s instructions, our contractual obligations and applicable law.
The Customer retains all right, title and interest in and to Customer Data at all times.
Except as necessary to provide, maintain, secure, support and improve the Services, as instructed by the Customer, or as required by applicable law, SecuVeo will not use Customer Data for its own commercial benefit.
Without the Customer’s express authorization, and except where required by applicable law, SecuVeo will never knowingly:
- use Customer Data to provide managed IT services or operate a competing managed service business;
- market, advertise or sell products or services directly to a Customer’s Clients, except where expressly instructed by the Customer as part of the Services;
- sell, rent, license or otherwise commercially exploit Customer Data;
- use Customer Data to build customer lists, marketing databases, commercial profiles or marketing intelligence for SecuVeo’s own benefit;
- use Customer Data or Client Data to train any public, shared or third-party artificial intelligence (AI) models;
- disclose Customer Data except as described in this Privacy Policy, the Terms of Service, the Data Processing Agreement or as required by applicable law.
Where SecuVeo engages authorized Sub-Processors to assist in providing the Services, those Sub-Processors will process Customer Data solely on SecuVeo’s behalf, only for the purpose of providing the Services, and are contractually required to protect Customer Data in accordance with applicable data protection laws.
Nothing in this section restricts SecuVeo from using aggregated, anonymized or de-identified information that cannot reasonably be used to identify or re-identify an individual, Customer or Client.
Such aggregated, anonymized or de-identified information may be used to:
- improve the Services;
- develop new features and functionality;
- analyze platform performance;
- identify product usage trends;
- enhance the security, reliability and performance of the Services;
- produce statistical, operational or benchmarking reports; and
- support the ongoing development and improvement of the Services.
Aggregated, anonymized or de-identified information will never be used to identify, contact, profile or target individual Customers or their Clients.
25. Changes to this Privacy Policy
SecuVeo may update this Privacy Policy from time to time to reflect:
- changes to applicable law;
- changes to the Services;
- changes to our privacy practices;
- changes to Sub-Processors;
- changes to security practices; or
- other legitimate business or operational requirements.
Where changes materially affect how Personal Data is processed, SecuVeo will provide reasonable notice through the Policy Center and may also notify Customers by email, through the Services or via the SecuVeo website.
Where required by the Services, Customers may be required to acknowledge updated privacy policies before continuing to use all or part of the Services.
The “Effective Date” shown at the beginning of this Privacy Policy indicates when the current version became effective.
Continued use of the Services after an updated Privacy Policy becomes effective constitutes acceptance of the revised version, except where applicable law requires a different method of obtaining consent.
26. Contact Us
If you have any questions regarding this Privacy Policy, the processing of Personal Data, your privacy rights, or wish to exercise any rights available under applicable privacy laws, please contact us.
Data Protection Contact
Email: legal@secuveo.com
Websites:
Address:
MSP SecureView LLC-FZ, Meydan Grandstand, 6th Floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates
We will use commercially reasonable efforts to respond to privacy-related inquiries promptly and within any timeframes required by applicable law.
27. Regional Privacy Information
Depending on where you are located, additional privacy rights or obligations may apply under local privacy laws.
Nothing in this Privacy Policy limits or excludes any rights that cannot lawfully be limited or excluded under applicable data protection legislation.
Where required by applicable law, SecuVeo will comply with additional regional privacy requirements, including those relating to:
- lawful processing;
- transparency;
- international transfers;
- data subject rights;
- breach notifications;
- children’s privacy;
- data retention;
- consumer privacy rights; and
- regulatory cooperation.
Where SecuVeo acts solely as a Data Processor on behalf of a Customer, requests relating to Personal Data should generally be directed to the relevant Customer, who is responsible for determining how such requests should be handled.
28. Automated Decision-Making
The Services include automated functionality designed to assist Customers in completing Security Reviews.
Examples include:
- AI-generated Executive Summaries;
- AI-generated Changes Since Last Review;
- AI-assisted keyword recommendations;
- automated deployment status recommendations;
- historical report comparisons;
- Security Score calculations;
- report generation; and
- other automated platform functionality.
These features are intended solely to assist Customers.
SecuVeo does not use Personal Data to make solely automated decisions that produce legal effects concerning individuals or similarly significant decisions without appropriate human involvement.
Customers remain solely responsible for reviewing, validating and approving all automated outputs before relying upon them.
29. Do Not Track
Some web browsers support a “Do Not Track” (“DNT”) preference.
At this time, there is no universally accepted standard for recognizing or responding to DNT browser signals.
Accordingly, the Services do not currently respond differently based solely on DNT signals received from a web browser.
If industry standards relating to Do Not Track evolve, SecuVeo may update its practices accordingly.
30. Accessibility
SecuVeo is committed to making information about our privacy practices accessible to our Customers.
If you require this Privacy Policy in an alternative format due to a disability or accessibility requirement, please contact us using the contact information provided in this Privacy Policy.
We will use commercially reasonable efforts to provide reasonable accommodations where appropriate.
31. Interpretation
Headings are provided for convenience only and do not affect the interpretation of this Privacy Policy.
References to:
- “including”;
- “includes”;
- “such as”;
- “for example”; and
- similar expressions,
are illustrative only and shall not be interpreted as limiting the scope of the words preceding them.
Unless the context requires otherwise:
- words importing the singular include the plural and vice versa;
- references to persons include individuals, companies, partnerships and other legal entities; and
- references to applicable law include amendments, replacements and successor legislation.
32. Entire Privacy Policy
This Privacy Policy, together with the Terms of Service, Data Processing Agreement and any documents expressly incorporated by reference, represents SecuVeo’s complete privacy notice relating to the Services.
If there is any conflict between this Privacy Policy, the Terms of Service and the Data Processing Agreement, the documents shall apply in the following order of precedence:
- The Data Processing Agreement, where applicable;
- The Terms of Service; and
- This Privacy Policy.
Nothing in this Privacy Policy limits any obligations imposed upon either party under the Terms of Service or the Data Processing Agreement.
33. Acceptance
By creating an account, subscribing to the Services, renewing a Subscription, accessing the Services or otherwise using the Services, the Customer acknowledges that they have read and understood this Privacy Policy.
Where required by applicable law or by the Services, Customers may be required to acknowledge updated versions of this Privacy Policy before continuing to use all or part of the Services.
Continued use of the Services following the effective date of an updated Privacy Policy constitutes acceptance of the revised version, except where applicable law requires a different method of obtaining consent.