Skip to main content
Skip table of contents

Privacy Policy

EFFECTIVE DATE: April 9, 2026

This Privacy Policy ("Policy") describes how Soteri LLC ("we," "us," or "our") collects, uses, and discloses information that we obtain about your use of the soteri.io website (the "Site") and Soteri products and hosted services, collectively the "Service."

We store your information in the United States. By using or downloading the Service you agree that your personal information may be transferred to and stored in the United States and handled as described in this Policy.

Data Privacy Framework Participation

Soteri LLC commits to comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Soteri LLC commits to adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Soteri LLC commits to adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, please visit https://www.dataprivacyframework.gov/ .

Scope of DPF Coverage

The EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF apply to the following categories of personal data that Soteri receives from the EU, UK, and Switzerland: name, email address, account information, usage data, and communications data as further described in "The Information We Collect About You" section below, as well as personal data contained within customer content processed by Soteri's scanning services on behalf of customer organizations as described in "Customer Content and Our Role as Data Processor" below.

The Information We Collect About You

We collect information directly from you, from devices and third party services you connect, as well as automatically through your use of our Service. If you purchase a Service that will be hosted on your server, Soteri does not collect any information from the device it is installed upon.

When You Create, Update, or add information to Your Profile. When you register to use the Service, we collect the personal information you provide us, including your name and email address. We may also collect information that you provide to Atlassian and which Atlassian sends to us on your behalf.

AND

We collect additional information from Devices you connect to the Service:

  • When You Contact Us. When you contact Soteri directly, such as when you contact our Customer Support team, we will receive the contents of your message or any attachments you may send to us, as well as any additional information you choose to provide.

  • Third Party Analytics. We use automated devices and applications, such as Google Analytics, to evaluate usage of our Service. We also may use other analytic means to evaluate our Service. Soteri does not use any analytic software for Services that are hosted by you on your server.

Customer Content and Our Role as Data Processor

Soteri's products (including Security for Confluence and Security for Jira) scan customer content — including Confluence pages, Jira issues, and associated metadata — to detect secrets, credentials, and other sensitive data. For cloud-hosted versions of our products, this scanning is performed on Soteri's servers in the United States.

When performing these scanning services, Soteri acts as a data processor on behalf of its customers, who are the data controllers. Customer content processed during scanning may contain personal data, such as names, email addresses, or other identifying information present in pages, issues, or comments authored by end users. Soteri processes this content solely for the purpose of providing the scanning service and does not use it for any secondary purpose, including marketing, analytics, or model training.

Soteri retains scan metadata — such as issue or page identifiers and character offsets indicating the location of detected findings — necessary to provide the service. Soteri does not retain the underlying text content of scanned pages or issues beyond what is transiently required for service operation. Operational logs, which may include user identifiers and system activity records, are retained for a limited period and are used solely for security, debugging, and service reliability purposes.

Soteri's security controls applicable to customer content, including our SOC 2 Type II certification, are described in our Trust Center at https://soteri.safebase.us/ .

Customers who are subject to GDPR or other data protection laws and who use Soteri's cloud-hosted services to process personal data may view our Data Processing Addendum (DPA) at https://docs.soteri.io/support/latest/data-processing-addendum . For questions about the DPA, please contact privacy@soteri.io.

How We Use Your Information

We process your information, including your personal information, for the following purposes:

  • To provide our Service to you, to communicate with you about your use of our Service, to respond to your inquiries, and for other customer service purposes.

  • For marketing and promotional purposes, to the extent permitted by law and, where required, with your consent. For example, we may use your information, such as your email address, to send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our services on third party websites. You can opt-out of receiving marketing at any time as described below.

  • To better understand how users access and use our Service, both on an aggregated and individualized basis, in order to improve our Service and respond to user desires and preferences, and for other analytical purposes.

  • To administer surveys and questionnaires.

  • To comply with legal obligations, as part of our general business operations, and for other business administration purposes.

  • Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our End User License Agreement or this Privacy Policy.

How We Share Your Information

We may share your information, including personal information, as follows:

  • With Your Consent. With your prior consent, we may share information from the Service with other third-party partners, including your personal information and data collected from your devices.

  • Aggregate and De-Identified Information. We may share aggregate or de-identified information—so that it cannot reasonably be used to identify an individual—with third parties for marketing, advertising, research or similar purposes.

  • We may disclose the information we collect from you to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your personal information will be subject to this Policy.

  • Service Providers. We may disclose the information we collect from you to third party vendors, service providers, contractors or agents who perform functions on our behalf, such as providers of hosting, email communication, customer support services, analytics, marketing, and advertising, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures.

  • Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding or reorganization, we will give affected users notice before transferring any personal information to a new entity.

  • In Response to Legal Process. We also may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.

Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.

  • To Protect Us and Others. We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Policy, or as evidence in litigation in which Soteri is involved.

Accountability for Onward Transfers. With respect to personal data received or transferred pursuant to the EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF, Soteri LLC requires third-party agents that process personal data on our behalf to do so in a manner consistent with the DPF Principles. If Soteri LLC has knowledge that an agent is processing personal data in a manner contrary to the DPF Principles, Soteri LLC will take reasonable steps to stop and remediate such processing. Soteri LLC is potentially liable in cases of onward transfer of personal data received pursuant to the EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF to third parties.

Cookies

Cookies are small text files stored on your device and used by web browsers to deliver personalized content and remember logins and account settings. In addition to improving user experience, we use cookies and similar technologies for analytic and advertising purposes. You can manage your cookies locally by adjusting your browser settings, or you can opt-out of targeted advertising through cookies by visiting http://networkadvertising.org/choices or http://aboutads.info/choices . We honor opt-out preference signals such as the Global Privacy Control (GPC), where required by applicable law. For more information about GPC, visit https://globalprivacycontrol.org/ .

Our Service may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third party websites. We are not responsible for the information practices of such third party websites. Specifically, use of the Service will require a subscription to services provided by Atlassian, and the access and use of Atlassian services is not governed by this policy.

Security of My Personal Information

We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee security.

You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

Access to and Deleting My Personal Information

In accordance with the EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF Principles, we acknowledge the right of EU, UK, and Swiss individuals to access their personal data. You may modify personal information that you have submitted by logging into your account and updating your profile information. Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Service for a period of time.

We store information associated with your account until your account is deleted. You can delete your account at any time by contacting Customer Support at support@soteri.io. Please note that it may take a bit of time to delete your account information, and we may preserve it for legal reasons or to prevent harm, including as described in the How Information Is Shared section.

What Choices Do I Have Regarding Promotional Emails?

We may send periodic promotional emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email. Please note that it may take up to 10 business days for us to process opt-out requests. We may still send you emails about your account or any services you have requested or received from us.

Users Under 18

Our services are not designed for users under 18. If we discover that a user under 18 has provided us with personal information, we will delete such information from our systems.

GDPR – Rights For EEA Users and Soteri's Capabilities for Worldwide Users

What Rights Do I Have? Individuals located in the European Economic Area (EEA) have certain rights in respect of your personal information and Soteri will provide these capabilities to all our worldwide users, including:

  • the right of access to your personal data;

  • the right to correct or rectify any inaccurate personal data;

  • the right to restrict or oppose processing of personal data;

  • the right to erase your personal data; and

  • the right to receive your personal data in a portable format.

We rely on your consent as a lawful basis processing personal data for the following purposes:

  • initial collection of personal data through the Service;

  • providing you with marketing or promotional communications. You may opt out of such communications at any time by clicking the "unsubscribe" link found within Soteri email updates and changing your contact preferences.

We process personal data in order to perform our contract with you.

Additionally, we process personal data based on our "legitimate interests" in providing you the Service as described in the section "How We Use Your Information", including:

  • To enable the Service to function as expected; and

  • To communicate with you in response to customer service inquiries, to deliver non-promotional, service-related emails, or to administer surveys and questionnaires.

  • In some cases, Soteri may process personal information pursuant to a legal obligation or to protect your vital interests or those of another person.

How May I Exercise My Individual Rights? Soteri users located worldwide may access and update their personal information as follows:

  • Account holders may access and update personal information through their account settings in Atlassian;

  • Account holders may exercise their rights to data deletion and data portability by contacting Soteri's Data Controller Representative at privacy@soteri.io.

  • Soteri does not retain any personal information from users who do not evaluate or purchase Services.

Please note that Soteri may request additional information from you to verify your identity before we disclose any personal or account information.

EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework — Complaints and Dispute Resolution

In compliance with the EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF Principles, Soteri LLC commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF should first contact Soteri LLC at: privacy@soteri.io.

Soteri LLC has further committed to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

FTC Jurisdiction

Soteri LLC is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Binding Arbitration

Under certain conditions, more fully described on the Data Privacy Framework website at https://www.dataprivacyframework.gov/ , you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Your California Privacy Rights

Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"), California residents have certain rights regarding their Personal Information. You may exercise these rights by contacting us through the form at https://soteri.atlassian.net/servicedesk/customer/portal/2/group/2/create/19 , and Soteri will respond upon verification of your identity.

Your Rights. California residents have the right to:

  • Know what Personal Information Soteri collects about you, the sources from which it is collected, the business purposes for collecting it, the categories of third parties with whom it is shared, and the specific pieces of Personal Information Soteri holds about you;

  • Delete your Personal Information, subject to certain exceptions;

  • Correct inaccurate Personal Information that Soteri maintains about you;

  • Opt out of the sale or sharing of your Personal Information; and

  • Limit the use and disclosure of Sensitive Personal Information to purposes necessary to provide the Service.

For additional detail on the categories of information we collect, how we use it, and how we share it, please see the sections of this Privacy Policy titled The Information We Collect About You, How We Use Your Information, and How We Share Your Information.

Sale and Sharing of Personal Information. Soteri does not sell your Personal Information, and Soteri does not share your Personal Information for cross-context behavioral advertising purposes. If you are 16 years of age or older, you have the right to direct us not to sell or share your Personal Information at any time. We do not sell or share the Personal Information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization from either the consumer who is at least 13 but not yet 16 years of age, or the parent or guardian of a consumer less than 13 years of age.

Sensitive Personal Information. To the extent Soteri processes Sensitive Personal Information as defined under the CCPA, Soteri uses it only for purposes necessary to provide the Service and as otherwise permitted by law.

Non-Discrimination. Soteri will not discriminate against you for exercising any of your rights under the CCPA. We will not deny you goods or services, charge you a different price or rate, or provide you a different level or quality of goods or services because you exercised such rights.

Financial Incentives. We may offer certain financial incentives, as permitted by the CCPA, in exchange for your providing us certain information. Any such incentive will reasonably relate to the value of your Personal Information and will include written terms describing the program's material aspects. Participation requires your prior opt-in consent, which you may revoke at any time.

Authorized Agents. You may designate an authorized agent to submit a request on your behalf. We may require the agent to provide proof of your written authorization, and we may require you to verify your identity directly with us.

Contact Us

If you have questions about our privacy practices, please contact us at privacy@soteri.io.

Soteri LLC
6201 W 87th St
Ste D #322
Los Angeles, California 90045

If you are an EEA, UK, or Swiss customer and are unable to reach Soteri at the contact information provided above regarding your issue, you have the right to contact your local Data Protection Authority.

Changes to this Policy

This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Service. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close