Privacy Policy

Introduction

This Privacy Policy (“Policy”) explains how Tenchi Security (“Tenchi”, “we”), as Personal Data Controller, collects, uses, shares, handles and processes the information and personal data of individuals, including users, customers and commercial partners, for the purpose of our activities, either through Zanshin Portal, website or services offering.

Furthermore, this Policy presents information about your Rights in relation to your personal data, in accordance with LGPD (Brazilian General Data Protection Law), Law No. 13.709/18.

Privacy Policy Updates

Whenever necessary, Tenchi Security reserves the right to change this Policy to comply with current legislation or to reflect other changes in our data processing, policies, or privacy and risk management strategy.

Glossary

The terms below are used in this Policy:

Tenchi or Tenchi Security: company providing cloud security services.

LGPD: Brazilian General Data Protection Law, No. 13.709/2018 or “Lei Geral de Proteção de Dados”.

National Data Protection Authority (ANPD): The Brazilian public administration entity responsible for regulating, supervising and applying administrative penalties related to data protection.

Data Controller: Any natural or legal person, public or private, who processes personal data for any purposes provided in LGPD are considered processing agents. In this case, LGPD lists the Data Controller and Data Processor as processing agents.

Data Processor: Any natural or legal person, public or private, who processes personal data on behalf of the Controller.

Data Protection Officer (DPO): An individual formally appointed as responsible for the privacy and protection of regulated personal data managed by Tenchi and also responsible for responding to requests from the Data Owner and for communicating and reporting to the privacy regulation authorities.

Personal data: information related to an identified or identifiable natural person.

Sensitive personal data: personal data about racial or ethnic origin, religious conviction, political opinion, union affiliation or religious, philosophical or political organization, data referring to health or sex life, genetic or biometric data when linked to a natural person.

Data Owner: natural person to whom the personal data resulting from processing refers.

Data Treatment/Processing: operations carried out involving personal data, which may include the collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, assessment or control of the information, modification, communication, transfer, diffusion or extraction.

Website and Portal: Tenchi websites and Zanshin Portal that can be accessed by users and/or customers.

User: person who visits Tenchi Security websites.Customer: person who contracts Tenchi Security services and/or uses the Zanshin Portal.

Security and Privacy of Personal Data

Tenchi is committed to safeguarding the information of our Data Owners using measures aimed at the protection, integrity, availability and confidentiality of personal data processed in our environment, since there is no privacy without security.

Tenchi also implements mechanisms to prevent, detect and minimize the probability and impact of incidents in our technological environment through a variety of security controls.

Data We Collect

Tenchi collects the following categories of personal data:

Contact data:

In order to establish proper communication with our users, customers and commercial partners and facilitate communication, we may collect data such as name and contact details (Email, Phone, etc.).

Marketing and event information:

To provide you with information about our products or services, newsletters, and event invitations, we may collect your name, email address, phone number and current employer using our own or a third-party platform.

Hiring:

From the application process to hiring and onboarding, some information is required, such as: full name, identity documents, email, phone number, date of birth, marital status, full address, LinkedIn, current or last annual remuneration, certifications, information about previous jobs, bank account information and authorization for background checks.
We may request additional personal information if necessary.

Services data (Zanshin):

Personal data may be provided to us by customers  in order to contract our service, such as name and email to register and enable authentication. Once registered, our service can collect the IP address and link to customer photos used by email or authentication providers (Gmail, Outlook, etc.).

Navigation data on Tenchi websites:

Visitors to Tenchi websites may have certain data collected, such as their IP address, the sequence of pages they visit, details related to how they interact with those pages. For more information about the data collected by our websites, read our Cookie Policy, which is also available on our website.

Treatment and Processing of Personal Data

Tenchi Security performs the treatment and processing of personal data manually and electronically, allowing employees access to the information only on a need-to-know basis. For further safety, Tenchi provides security and privacy training to the professionals involved and intended for this activity.

Tenchi may process personal data in accordance with several legal requirements and purposes provided for in the LGPD, with some examples highlighted below:

To perform contracted services:

  • To perform actions related to the contract, including previous and subsequent steps of contracting the service provided.
  • Activities such as public bids or evaluation of requests for proposal (RFP).
  • Interact with our customers, prospects and commercial partners.

When processing is necessary to improve products or services for existing customers:

  • Conduct customer surveys to improve our products and services.
  • Evaluate browsing behaviors and the profile of users and customers, including adding instrumentation to Zanshin Portal, that is, understanding if there is any failure in our websites according to the path that led the user to access a certain page.

To comply with regulatory duties:

  • Fulfill legal, regulatory and/or self-regulatory obligations, for example, internal audit and compliance activities.
  • Comply with judicial, administrative and arbitration orders and decisions, from privacy regulation authorities, for example.

For marketing purposes:

  • To perform marketing campaigns and use information technologies and online advertising solutions.
  • Measure and evaluate interactions with us, for example on our social media.
  • Promote and carry out in-person or webinars events, sponsorships and similar activities.

Based on your consent:

  • Tenchi processes your data for other purposes if you give us specific consent to do so, where these will be clearly specified and provided to you at the time you do so.

Your Rights as a Data Owner

The LGPD guarantees certain rights to Data Owner, such as:

Free Access: You have the right to access the personal data that Tenchi stores about you.

Correction: You have the right to request updating and correction of your data if it is incomplete, inaccurate, or out of date.

Exclusion/Elimination: You have the right to request the total or partial deletion of your personal data, without the need to explain the motivation, except in the event that maintaining the data is necessary for regulatory purposes and current legislation and to prevent unwanted future processing.Portability: You have the right to request the portability of the data you provided to Tenchi where processing is based on Consent granted or services performed under contract. Tenchi must allow you to obtain and reuse your personal data for your own purposes in a safe and secure way without this affecting the usability of your data.

Opposition to Processing: Where processing is based on Legitimate Interests, you have the right to object to Tenchi processing your data. Pending a review of your request, Tenchi will stop processing your data, unless we can demonstrate legitimate reasons for continuing to do so.

Revoke Consent: You have the right to revoke consent you provide at any time by requesting revocation through our standard communication channels (email, phone, contact form, etc).To exercise your Rights over your personal data, contact our Data Protection Officer.

Storage of Personal Data

Tenchi will keep your personal data only while doing so is necessary to provide products and services under contract. In addition, it may be necessary to keep some of your data for compliance with current legislation and legal purposes.

Disclosure or Sharing of Information

Tenchi only shares your personal data with your Consent or in accordance with this policy. Tenchi does not otherwise share, sell or distribute any of the information you provide to us.

Cookies

Cookies enable us to gather navigation-related data depending on the type of device used, the authorizations granted by you through your device settings and the functionality used in each application. We may use our own and/or third-party cookies on our website.

For more information regarding Cookies, consult the Cookies Policy available on our website

Data Protection Impact Assessment

Whenever a personal data processing operation seems likely to generate risks to the Data Owner, Tenchi may produce a Data Protection Impact Assessment (DPIA), a report designed to analyze, identify and minimize the data protection risks of a project or plan.
This document is for Tenchi internal use, but may be requested and made available to privacy regulation authorities at any time.

Cross-border Data Transfer

Tenchi may manage, access or process your personal data in Brazilian and foreign territories, provided they have legislation similar or equivalent to Brazilian law.

Data Protection Officer

For more information about this Policy, about how we manage and process your personal data, or exercise your Rights, you can contact us at dpo@tenchisecurity.com

General Matters

If you choose not to provide certain personal information to Tenchi, it may not be possible to provide some of our services or perform them fully or optimally.

We are not responsible for the privacy practices of any websites, mobile applications or other digital services not operated by Tenchi, including those that may be linked to Tenchi, and we encourage you to review their privacy policy.

Third-party Services

Tenchi uses the following commercial partners to provide its services:

  • Amazon Web Services: infrastructure service provider. Privacy Policy
  • Slack: corporate communication solution. Privacy Policy
  • Auth0: identity management solution for Zanshin. Privacy Policy
  • LogRocket: website usage pattern and error analysis (Tenchi and Zanshin). Privacy Policy
  • FreshDesk: ticket management solution. Privacy Policy
  • WPEngine: Tenchi website CMS solution. Privacy Policy
  • EmailOctopus: email marketing solution. Privacy Policy
  • LinkedIn: events and newsletter solution. Privacy Policy
  • Google: corporate solution (email, docs, meeting, etc.). Privacy Policy
    Note: If you use Zanshin application available on Google Marketplace, we collect personal data from your authenticated user, such as full name, primary and secondary email, phone number and authentication method, and we keep them as long as you are our customer.
    To perform the scans in Google Workspace, we connect to Google APIs through read-only OAuth2 credentials and collect only metadata to further notify our customers about alerts issued by Zanshin. The metadata is stored encrypted and remains there until the customer requests that the Google Workspace scanning and historical results are removed.
    Zanshin’s use and transfer of information received from Google APIs to any other app comply with Google API Services User Data Policy, including the Limited Use requirements.