Privacy Policy

Preside Inc., a Delaware corporation doing business as PresideTech ("PresideTech," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and protect information in connection with our website, communications, and Assessment Services.

1. Information We Collect

1.1 Information You Provide

When you purchase Assessment Services, contact us, or engage with us, we collect:

• Contact information: Name, email address, phone number, company name
• Engagement information: Active Directory forest FQDN, Marketplace order reference, tier selection
• Communications: Emails and other correspondence you send to us

1.2 Assessment Data (Customer Data)

When you submit an encrypted .rc4d output file to PresideTech, we receive and process the .rc4d file and all Active Directory security data contained within it, together with all content derived from that file during decryption and report generation ("Customer Data"). Customer Data is processed solely for the purpose of generating your Assessment Report. See Section 3 for how we handle Customer Data.

1.3 Automatically Collected Information

We may collect standard website analytics data (page views, referrer URLs, browser type) when you visit presidetech.com. We do not use cross-site tracking cookies or third-party advertising cookies.

1.4 Microsoft Marketplace Data

When you purchase through the Microsoft Azure Marketplace, Microsoft provides us with a lead notification containing your contact information and purchase details. This is subject to Microsoft's privacy terms as well as ours.

2. How We Use Your Information

We use the information we collect to:

• Deliver Assessment Services and fulfill our obligations under the SOW;
• Generate your Assessment Report from the Customer Data you submit;
• Communicate with you about your engagement, including sending your Product Key, collector download link, and Assessment Report;
• Respond to your inquiries and support requests;
• Maintain engagement records for billing, legal, and compliance purposes;
• Generate fully anonymized and aggregated industry benchmark statistics (see Section 3.3);
• Improve our services and develop new features, using only anonymized data.

We do not sell your personal information or Customer Data to any third party. We do not use your information for targeted advertising.

3. Customer Data — Special Handling

3.1 Encryption and Access Controls

Customer Data arrives encrypted with AES-256-CBC encryption. It is decrypted only within PresideTech's secure decryption portal, accessible only to authorized PresideTech personnel with a legitimate need to process your Assessment. Customer Data is never stored in unencrypted form outside of the decryption and report generation process.

3.2 Retention and Deletion

PresideTech retains Customer Data — meaning the .rc4d file and all content contained within it or derived from it — only for the period necessary to generate and deliver your Assessment Report. The .rc4d file and all derived content will be permanently deleted from PresideTech's systems within thirty (30) days of Report delivery. The delivered Assessment Report (the HTML output file) may be retained as an engagement record for up to three (3) years for PresideTech's internal legal, billing, and business continuity purposes. PresideTech does not retain any copy of the .rc4x local data bundle or its decryption key after Report delivery.

3.3 Aggregated Data

PresideTech may derive fully anonymized statistical data from assessments — such as aggregate RC4 exposure rates across industries, prevalence of specific vulnerability patterns, or remediation trend data — and use such data for research, benchmarking, and service improvement. This data cannot be used to identify any individual Customer or their environment.

3.4 .rc4x Local Data Bundle

For large environments, a local encrypted data bundle (.rc4x file) is created on the Customer's own systems. This file is never transmitted to PresideTech. PresideTech does not have access to the contents of .rc4x files. The one-time decryption key embedded in the Assessment Report is not retained by PresideTech after Report delivery.

4. Information Sharing and Disclosure

We do not sell, rent, or share your personal information or Customer Data with third parties except in the following limited circumstances:

• Service providers: We may share information with trusted vendors who assist in delivering our services (such as cloud hosting providers), subject to confidentiality agreements and only to the extent necessary;
• Microsoft Marketplace: Purchase and lead data is shared with Microsoft as necessary to process Marketplace transactions, subject to Microsoft's privacy terms;
• Legal requirements: We may disclose information if required by law, court order, or governmental authority, and will provide you with reasonable advance notice where legally permissible;
• Business transfers: In the event of a merger, acquisition, or sale of substantially all of our assets, your information may be transferred as part of that transaction, subject to the same privacy protections;
• With your consent: We may share information in other circumstances with your prior written consent.

5. Data Security

We implement commercially reasonable technical and organizational measures to protect information against unauthorized access, disclosure, alteration, or destruction, including:

• AES-256-CBC encryption of all Customer Data in transit and at rest during processing
• Access controls limiting Customer Data access to authorized personnel
• Secure deletion of Customer Data within 30 days of Report delivery
• HTTPS encryption for all web communications

No security measure is perfect. We cannot guarantee absolute security of any information transmitted to or stored by us.

6. Data Retention Summary

7. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your data. To exercise these rights, contact us at engage@presidetech.com. We will respond within thirty (30) days.

Note: Customer Data (Active Directory environment details) is processed as a data processor on behalf of your organization. Requests regarding that data should be directed to your organization's data controller.

8. Children's Privacy

PresideTech's services are intended for business use by adults. We do not knowingly collect personal information from individuals under the age of 18.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by posting an updated policy at presidetech.com/Privacy-MSRC4 with a revised effective date. Continued use of our services after posting constitutes acceptance.

10. Contact