Introduction
This document outlines how personal data is collected, processed, and retained within our HRM systems, with a focus on the technical implementation, data ingestion processes, and alert management for mapped users.
Data Ingestion Architecture
Technical Implementation
Our HRM system ingests data as logs from customer-enabled integrations. The system processes only events explicitly enabled by customers in their integration configuration. This selective ingestion ensures we only collect and process data relevant to human risk management and nothing excessive.
Event Classification & Processing
Mapped Events: Events directly correlated to an email address of a user who exists in the system
Unmapped Events: Events not correlated to an existing user email in the system
Data Minimization: We only process events relevant to human risk management (clicks, file executions, malware detections, behavioral anomalies, data loss events, etc.)
Events of No Interest: Logs are automatically purged from the system within 30 days
Retention of Mapped Events: Retained for the duration needed for risk analysis while license is active
Alert Management
User Alert Visibility
Only alerts for mapped users are displayed in the portal. Alerts generated for users who are not mapped in the portal are ignored and not displayed. This ensures that customers only see relevant security alerts for users they have provisioned in the system.
Alert Processing Workflow
System ingests logs from security tools
Events are classified as mapped or unmapped
Only mapped events generate visible alerts
Integration Safety
Secure Integration Framework
Our integration architecture is designed with security as a priority, ensuring safe connection with various security tools:
Encrypted Connections: All data transfers use TLS 1.2+ encryption
API Authentication: Secure token-based authentication for all integrations
Minimal Permissions: All integrations require only read access to specific event logs
Data Filtering: Pre-processing filters ensure only relevant data is transferred
Audit Logging: All data access through integrations is logged for security purposes
User Information Processing
Category | Data Elements | Purpose | Retention |
Customer Information | • Customer Name • Customer Email • Address • Postal Address | Product Administration: Providing licenses and general account management | Not Applicable |
Administrator Information | • Administrator Name • Administrator Email | Enable administrator access to the cyber-ready.right-hand.ai administrator portal and service operations | Removed 90 days after license expiration |
Employee Information | • Employee Name • Employee Email • Department • City • Office Location | • Email serves as primary employee identifier for assignments and campaign exposure • Department, City, and Office Location are used for user administration | Data retained while license is active. Information is purged after 90 days of account removal |
Technical Identifiers
Category | Data Elements | Purpose | Retention |
IP Addresses | User IP addresses configured to HRM | • User identification from events • Collection of user IPs during phishing email interactions to identify false positives | For HRM information is Retained while the license for HRM is active. Data is purged 90 days after license expiry. For simulations, the data is active until the license for the product is active and removed after 90 days of license expiry. |
MAC Addresses [HRM Only] | Device MAC addresses | User identification from events | For HRM, information is Retained while the license for HRM is active and Data is purged 90 days after license expiry. |
Company Identifiers [HRM Only] | Usernames, Employee IDs | User identification from events | For HRM, information is Retained while the license for HRM is active and Data is purged 90 days after license expiry. |
Device Identifiers [HRM Only] | Device-specific identifiers | User identification from events | For HRM, information is Retained while the license for HRM is active and Data is purged 90 days after license expiry. |
Integrated Products & Communication
Category | Data Elements | Purpose | Retention |
Event Logs [HRM Only] | Logs from integrated security products | Processing to extract information for personalized training and micro-learning | 30 days from date of log transfer to HRM product |
Communication Channel Availability | Employee availability status on: • Slack • MS Teams | • Enable delivery of micro-learning through appropriate communication channels • Delivery of training communication and reminders | Retained while integration is active. Information is removed on integration removal |
For more information about our data processing practices, please contact your account representative.