TLM Logo
Threat Landscape Monitoring

Privacy Policy
Last Updated: 2025-10-29

This Privacy Policy explains how Ecliptica Labs AB, a company incorporated under the laws of Sweden with its principal place of business in Stockholm, corporate registration number 5591448443 (“Ecliptica Labs”, “we”, “us”, or “our”), collects, uses, and safeguards personal data in connection with its SaaS platform available at threatlandscapemonitoring.com.

By creating an account or otherwise using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller
For purposes of the EU General Data Protection Regulation (“GDPR”) and applicable Swedish data protection laws, Ecliptica Labs AB acts as the data controller with respect to the personal data described in this Privacy Policy.

2. Data We Collect
2.1 Information You Provide Directly:

Email address (required for account creation and authentication).

Password (hashed and stored securely for authentication).

2.2 Information Not Collected by Us:

We do not intentionally collect IP addresses, browser metadata, analytics, or tracking cookies.

We do not collect payment card data; all payment processing is handled by Stripe, our third-party payment processor.

2.3 Third-Party Technical Data Collection:

Supabase (authentication and hosting provider) may process limited technical data in the course of providing secure login services.

Cloudflare (network proxy and security provider) may collect temporary technical data (e.g., IP addresses, security logs) to protect the Service from abuse and attacks.
Such data is collected and processed under the respective providers’ privacy policies, beyond the control of Ecliptica Labs.

3. Purposes of Processing
We process personal data solely for the following purposes:
(a) to create and maintain your account and provide access to the Service;
(b) to authenticate users and secure access;
(c) to manage subscriptions and billing via Stripe;
(d) to comply with legal obligations.

We do not use your personal data for marketing, profiling, or advertising purposes.

4. Legal Basis for Processing
Our processing of personal data is based on:

Contractual necessity (Art. 6(1)(b) GDPR): to provide the Service to you.

Legal obligations (Art. 6(1)(c) GDPR): to comply with statutory accounting, tax, and regulatory requirements.

Legitimate interests (Art. 6(1)(f) GDPR): ensuring the security and integrity of the Service.

5. Data Retention
Account data (email, password) is retained for the duration of your subscription and deleted within ninety (90) days after account termination.

Backups may persist for a limited period consistent with our data retention practices.

6. Subprocessors
We use carefully selected subprocessors to support the Service:

Stripe – payment processing.

Supabase – user authentication and data storage.

Cloudflare – proxy, CDN, and network security.

Each subprocessor processes data only to the extent necessary to provide their respective services.

7. Data Transfers
Where personal data is transferred outside the European Economic Area (“EEA”), we rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs) adopted by the European Commission.

8. Data Subject Rights
Under GDPR, you have the following rights (subject to legal conditions and exceptions):

Right of access to your personal data.

Right to rectification of inaccurate or incomplete data.

Right to erasure (“right to be forgotten”).

Right to restriction of processing.

Right to data portability.

Right to object to processing.

Requests to exercise these rights may be submitted to: [Insert contact email address].

9. Security
We implement appropriate technical and organizational measures to protect personal data, including encryption, secure password hashing, and restricted access. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

10. Cookies
Ecliptica Labs does not use marketing, tracking, or analytics cookies. Only strictly necessary cookies, if any, may be set by third-party service providers (e.g., Cloudflare, Supabase) for security and technical functionality.

11. Children’s Data
The Service is intended for business use by corporate entities. We do not knowingly collect personal data from individuals under the age of 18.

12. Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised “Last Updated” date.

13. Governing Law
This Privacy Policy and any disputes arising hereunder shall be governed by and construed in accordance with the laws of Sweden.

14. Contact Information
For questions or concerns regarding this Privacy Policy, or to exercise your data protection rights, please contact us at:

Ecliptica Labs AB
Email: privacy[at]threatlandscapemonitoring[dot]com