Join Newsletter

Menu

Join Newsletter

Data Protection Disclosure

Last Updated :

Jul 1, 2025

Effective Date: 09/23/23
Scope: United States only

Herd Security, Inc. (“Herd Security,” “we,” “our,” or “us”) is a U.S.-based cybersecurity company that uses artificial intelligence (AI) to detect social engineering threats and deliver personalized security training to employees through workplace platforms like Slack, Microsoft Teams, and Discord. This disclosure outlines our data protection practices under applicable U.S. privacy laws and regulations.

1. What Data We Collect and Why

We collect limited personal data from users to provide, support, and improve our services. This includes:

Data Type

Purpose

Name, email, and organization

To provision user accounts and deliver training

Metadata (e.g., message timestamps, frequency, channel type)

To detect social engineering threats

Behavioral interaction data (e.g., clicks, quiz results)

To personalize training and measure engagement

Admin configuration data

To support platform deployment and usage analytics


2. How We Use Personal Data

We use personal data solely to:

  • Detect security risks through AI-based behavioral analysis

  • Deliver targeted training to improve employee security awareness

  • Monitor and report training performance to authorized Customer Admins

  • Comply with applicable legal obligations

  • Improve the security and functionality of our platform

We do not use personal data to train AI models.


3. Use of AI

Herd Security uses AI only for real-time inference, such as identifying risk signals and personalizing training.

We do not use any Customer or User data to train or fine-tune foundational AI models, including those provided by our subprocessors.


4. Subprocessors and Data Sharing

We may share limited data with trusted service providers (subprocessors) under strict contractual obligations. These include:

  • Amazon Web Services (AWS) – infrastructure and hosting

  • OpenAI – inference-only natural language processing (via secured APIs)

  • Twilio Segment – analytics and user experience optimization

  • Slack, Microsoft Teams, Discord – integrations for training delivery

We do not sell personal data to any third parties.


5. Rights Under U.S. Law

California Residents (CCPA):

If you are a California resident, you have the right to:

  • Know what categories of personal information we collect and why

  • Request access to or deletion of your personal data

  • Opt out of the sale of personal information (note: we do not sell data)

  • Not be discriminated against for exercising these rights


6. Data Security and Retention

We use industry-standard safeguards to protect your data, including:

  • Encryption in transit and at rest

  • Role-based access controls

  • Secure audit logging and monitoring

    Personal data is retained only for as long as necessary to provide services or fulfill legal obligations, then securely deleted.


7. Exclusions and Sensitive Data Handling

Herd Security does not collect or process the following types of sensitive information:

  • Protected Health Information (PHI) under HIPAA

  • Payment card information under PCI DSS

  • Financial or consumer data covered by GLBA

  • Information from children under 13, as defined under COPPA

We instruct customers not to upload or transmit any of the above data to our platform.

If we work with educational institutions, we act as a “School Official” under FERPA, processing student data under the direction of the school or district.


8. Contact Us

For any questions about this disclosure or to exercise your rights under applicable U.S. laws, please contact us:

Email: info@herdsecurity.io

We are committed to protecting your data and will respond promptly to all reasonable inquiries.