Brighton Ignitra Logo
ISO 27001 Certified CISSP Approved CVE Database Partner
Security Testing Services / Vulnerability Assessment
Emergency: +6655322350 contact@brighton-ignitra.com

Privacy Policy

Effective Date: January 15, 2025

At Brighton Ignitra, we understand that security professionals and businesses trust us with sensitive information. This privacy policy explains exactly how we handle your data, your rights regarding that information, and the practical steps you can take to control your privacy.

Information We Collect

When you work with Brighton Ignitra for security testing and vulnerability assessments, we collect information necessary to provide effective cybersecurity services. Here's what we gather and why:

Business Contact Information

We collect your name, business email, phone number, company name, and job title when you reach out for consultations or services. This helps us understand your security needs and communicate effectively about your projects.

Technical Information During Assessments

  • Network configurations and system architectures you authorize us to test
  • Vulnerability scan results and security assessment findings
  • Application logs and security event data relevant to our testing
  • Documentation about your current security measures and policies

All technical data collection happens only within the scope of authorized security testing. We never access systems or information beyond what you've explicitly approved for assessment.

How We Use Your Information

Your information serves specific, legitimate business purposes related to cybersecurity services:

Primary Use: Conducting authorized security assessments, vulnerability testing, and providing detailed security reports tailored to your infrastructure.

Specific Usage Categories

  • Performing comprehensive penetration testing and vulnerability assessments
  • Creating detailed security reports with actionable recommendations
  • Providing ongoing security consultation and support services
  • Communicating about project progress, findings, and next steps
  • Maintaining records for compliance with Thai cybersecurity regulations

We don't use your information for marketing to third parties, selling contact lists, or any purpose unrelated to the security services you've requested.

Data Sharing and Disclosure

Brighton Ignitra operates on a principle of minimal data sharing. We understand the sensitive nature of security information and limit disclosure accordingly.

When We Share Information

Situation What We Share With Whom
Subcontracted services Specific technical data needed for specialized testing Vetted security professionals under strict NDAs
Legal compliance Required information only Thai regulatory authorities when legally mandated
Business continuity Client contact and project status Qualified successor in case of business transfer

We never share your vulnerability data, security findings, or confidential business information with competitors, vendors, or unauthorized third parties. Any contractor or partner who might access your data signs comprehensive confidentiality agreements.

Your Privacy Rights

Under Thai privacy laws and our own ethical standards, you have significant control over your personal and business information.

Access Your Data

Request a complete copy of all information we hold about you and your organization, including assessment reports and communication records.

Correct Information

Update any inaccurate contact details, business information, or technical documentation we maintain about your systems.

Delete Your Data

Request removal of your information, subject to legitimate business needs and legal retention requirements for security records.

Restrict Processing

Limit how we use your information while maintaining necessary records for ongoing security services or compliance.

To exercise these rights, contact us directly. We'll respond within 30 days and work with you to address any privacy concerns promptly and thoroughly.

Data Security and Protection

As a security testing company, we implement robust protection measures for all client information. Our approach combines technical safeguards with strict procedural controls.

Technical Security Measures

  • End-to-end encryption for all data transmission and storage
  • Multi-factor authentication on all systems containing client data
  • Regular security audits of our own infrastructure and practices
  • Isolated environments for client data processing and analysis
  • Automated backup systems with encrypted, geographically distributed storage

Procedural Safeguards

Our team follows strict protocols for handling sensitive information. All staff undergo comprehensive security training, sign detailed confidentiality agreements, and follow least-privilege access principles. We maintain detailed audit logs of all data access and processing activities.

Incident Response: If any security incident affects your data, we'll notify you within 72 hours and provide a detailed explanation of what happened, what information was involved, and what steps we're taking to address the situation.

Data Retention and Deletion

We keep your information only as long as necessary for legitimate business purposes and legal compliance. Here's our practical approach to data retention:

Retention Periods

  • Active project data: Duration of engagement plus 2 years for follow-up support
  • Security assessment reports: 5 years for compliance and reference purposes
  • Contact information: Until you request removal or 3 years of inactivity
  • Financial records: 7 years as required by Thai business law

When data reaches its retention limit, we use secure deletion methods that make information unrecoverable. For highly sensitive data, we employ cryptographic erasure and multiple overwrite cycles.

International Data Transfers

Brighton Ignitra primarily processes data within Thailand. However, some situations may require international data transfer, such as using cloud services with global infrastructure or collaborating with international security researchers.

When we transfer your data internationally, we ensure adequate protection through:

  • Contracts requiring equivalent privacy protection standards
  • Use of services that comply with international privacy frameworks
  • Additional encryption and security measures during transfer
  • Clear documentation of data location and processing activities

We'll always inform you if your specific project requires international data processing and obtain your explicit consent before proceeding.

Changes to This Privacy Policy

As our services evolve and privacy regulations change, we may update this policy. Significant changes will be communicated directly to active clients via email, with at least 30 days notice before new terms take effect.

We'll always maintain previous versions of our privacy policy available upon request, so you can understand how our privacy practices have evolved over time.

Privacy Questions and Concerns

For any privacy-related questions, data requests, or concerns about how we handle your information, contact our privacy team directly:

Email: contact@brighton-ignitra.com

Phone: +66 55 322 350

Address: 77/47 ศัล วิธาน พลาซ่า ซ ศรีพรสวรรค์ ถ ประชาราษฎร์ ต.สวนใหญ่ อ.เมือง Nonthaburi 11000, Thailand

We're committed to addressing your privacy concerns promptly and transparently. Most inquiries receive a response within 24-48 hours.