Privacy Policy

1. Introduction

Eshay Ltd ("we," "our," or "us") operates AgentForce Shield, a comprehensive Salesforce security auditing and threat management platform. We are committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services. Please read this policy carefully. If you do not agree with the terms of this privacy policy, please do not access or use our services.

2. Information We Collect

2.1 Personal Information

We may collect personally identifiable information that you voluntarily provide to us when you:

• Register for an account
• Connect your Salesforce organization
• Contact us for support
• Subscribe to our newsletter or marketing communications
• Participate in surveys or feedback forms

This information may include:

• Name and contact information (email address, phone number)
• Company name and job title
• Salesforce organization credentials and API tokens
• Billing and payment information
• User preferences and settings

2.2 Salesforce Data

When you connect your Salesforce organization to AgentForce Shield, we access and process:

• User and profile configurations
• Permission sets and security settings
• Object and field-level security configurations
• Login history and audit logs
• Custom code and metadata
• Security-related metadata and configurations

2.3 Automatically Collected Information

We automatically collect certain information when you visit, use, or navigate our platform:

• Log data (IP address, browser type, operating system)
• Usage data (pages viewed, time spent on pages, click-through rates)
• Device information (device type, unique device identifiers)
• Geolocation data (based on IP address)
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

• Provide, maintain, and improve AgentForce Shield services
• Perform security audits and threat analysis on your Salesforce organization
• Generate security reports and recommendations
• Monitor and detect security vulnerabilities and threats
• Send alerts and notifications about security issues

3.2 Account Management

• Create and manage your user account
• Authenticate and authorize access to our platform
• Process payments and manage subscriptions
• Respond to your inquiries and support requests

3.3 Communication

• Send administrative information, updates, and security alerts
• Provide customer support and technical assistance
• Send marketing communications (with your consent)
• Conduct surveys and gather feedback

3.4 Analytics and Improvement

• Analyze usage patterns and trends
• Improve our platform's functionality and user experience
• Develop new features and services
• Conduct research and analysis

3.5 Legal and Security

• Comply with legal obligations and regulations
• Protect against fraud, abuse, and security threats
• Enforce our terms of service and policies
• Resolve disputes and protect our rights

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We may share your information with trusted third-party service providers who assist us in:

• Cloud hosting and infrastructure (AWS, Google Cloud)
• Payment processing and billing
• Analytics and monitoring services
• Email and communication services
• Customer support tools

These service providers are contractually obligated to protect your information and use it only for specified purposes.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal requests (subpoenas, court orders)
• Government or regulatory inquiries
• Protection of our legal rights or property
• Investigation of potential violations of our policies
• Prevention of harm to individuals or the public

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity.

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data in transit is encrypted using TLS/SSL; data at rest is encrypted using AES-256
• Access Controls: Strict role-based access controls and authentication mechanisms
• Infrastructure Security: Secure cloud infrastructure with regular security audits
• Monitoring: 24/7 security monitoring and intrusion detection systems
• Regular Audits: Periodic security assessments and penetration testing
• Employee Training: Regular security awareness training for all personnel
• Incident Response: Comprehensive incident response and breach notification procedures

6. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal and regulatory requirements
• Resolve disputes and enforce agreements
• Maintain business records and audit trails

When your account is terminated or upon your request, we will delete or anonymize your personal information within 90 days, unless we are required to retain it for legal, regulatory, or security purposes. Security audit logs and reports may be retained for up to 7 years for compliance purposes.

7. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

7.1 Access and Portability

• Request access to your personal information
• Receive a copy of your data in a structured, machine-readable format

7.2 Correction and Deletion

• Request correction of inaccurate or incomplete information
• Request deletion of your personal information (subject to legal requirements)

7.3 Restriction and Objection

• Request restriction of processing in certain circumstances
• Object to processing based on legitimate interests
• Opt-out of marketing communications at any time

7.4 Withdrawal of Consent

• Withdraw your consent to data processing where consent is the legal basis

To exercise any of these rights, please contact us using the information provided in Section 12 below.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and authentication state
• Remember your preferences and settings
• Analyze usage patterns and improve our services
• Provide personalized content and recommendations

8.1 Types of Cookies We Use

• Essential Cookies: Required for the platform to function properly
• Performance Cookies: Help us understand how users interact with our platform
• Functional Cookies: Remember your preferences and choices
• Analytics Cookies: Collect information about usage patterns (Google Analytics)

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our platform.

9. Third-Party Services

Our platform may contain links to third-party websites or integrate with third-party services, including:

• Salesforce (for organization connectivity and data access)
• Google Analytics (for usage analytics)
• Payment processors (for billing and subscriptions)
• Email service providers (for communications)

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your jurisdiction.

When we transfer your personal information internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for certain countries
• Privacy Shield frameworks (where applicable)
• Data Processing Agreements with service providers

11. Children's Privacy

AgentForce Shield is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date at the top of this policy
• Sending you an email notification (for significant changes)
• Displaying a prominent notice on our platform

Your continued use of AgentForce Shield after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

14. Regulatory Compliance

We are committed to compliance with applicable data protection regulations, including:

• GDPR (General Data Protection Regulation) - European Union
• CCPA (California Consumer Privacy Act) - California, USA
• PIPEDA (Personal Information Protection and Electronic Documents Act) - Canada
• UK GDPR - United Kingdom
• Other applicable local and international data protection laws