Privacy Policy
June, 2026.
Sun Security Technologies Ltd.
In this Privacy Policy, Sun Cyber Security Technologies 2026 Ltd. and Sun Security Technologies Inc. ("Sun Security", the "Company", "we", "us", or "our"), will describe our practices regarding the collection, use, disclosure and protection of personal data, as this term is defined under the Privacy Protection Law, 5741-1981 and the regulations promulgated thereafter (the "Law"), or any similar term used in any applicable data protection law with the same meaning ("Personal Data"). We will also describe what rights and choices may be available to you under applicable law.
We collect and/or process and/or store your data when you: (a) visit or use our website (the "Website"); (b) register for, access or use our platform and related services (the "Platform"); (c) communicate with us (including through the contact form on the Website, email, or phone); and/or (d) apply for a job with us. The Website and the Platform are collectively referred to as the "Services".
Unless stated otherwise in this Policy, we do not sell your Personal Data. We do not share, sell, auction off or give away your Personal Data to any third party except as described in this Policy, with your consent, or as required or permitted by applicable law.
This Privacy Policy (the "Policy") forms an integral part of our Terms of Use (the "Terms of Use"). We will process Personal Data only as described in this Policy, our Terms of Use and/or any other legal instrument in effect between us, and as otherwise permitted or required by applicable law.
We will update this Policy from time to time, and it is your responsibility to check it periodically. Changes to this Policy will become binding and effective from the date they are published at our Website. Your continued use of the Website or the Services after changes take effect constitutes your acceptance of the updated Policy.
Unless otherwise required by applicable law, the provision of Personal Data to us is voluntary. However, where certain Personal Data is necessary for us to provide the Website, the Platform, support, recruitment processing, or other requested Services, failure to provide such Personal Data may prevent us from providing you with the relevant Services, features or responses.
If you do not agree to any of the terms described in our Policy or in our Terms of Use, please do not use the Website or the Platform.
1. How and What Personal Data We Collect
During your use of our Services we may collect the following Personal Data:
1.1 Information You Provide Us During Website Communications or Recruitment
You may provide us with information about you, including Personal Data, by corresponding with us via the contact form, by phone or email, in the course of a business relationship with us, when making a payment or providing billing details in connection with the Services, and when you apply for a job with us through our recruitment process (including by uploading your resume/CV, where applicable). The information you provide may include your name, business email address, phone number, job title, company name, department, country, billing details, payment-related information, resume/CV, recommendations, and any other information you choose to share with us. Please do not provide us with sensitive Personal Data unless we specifically request it.
By submitting your application, you acknowledge and consent that your information may be transferred internationally as part of our evaluation and recruitment process. If, now or in the future, you submit an application via our Website or through a third-party recruitment provider, any information collected via such third-party service will also be subject to that third party's privacy notice, in addition to this Policy to the extent applicable.
1.2 Information We Collect Automatically Using the Website and the Platform
When you visit or use our Services, we may automatically receive and record information from your device and browser, including cookie identifiers, your country, regional and language settings, device model, operating system, mobile carrier and software and hardware attributes.
In addition, we may automatically collect and store the following information for statistical, security and operational purposes (log data): technical information including the internet protocol (IP) address used to connect your device to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and information about your visit and usage, including the full uniform resource locators (URL) clickstream to, through and from our Website (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the Website.
We use this data to generate aggregated analytics about the use of our Website, maintain and improve the Website, develop new products or services we provide on our Website, prevent fraud, and protect the security and integrity of our Website.
Some cookies and similar technologies may be used to provide you with advertising for our products and Services or services based on your preferences and interests. The legal basis for processing this data includes our legitimate interests to operate, secure, develop and improve our Website, market our products and Services or services, and prevent fraud. Where required by applicable law, we use cookies and similar technologies (including for targeted advertising) only based on your consent. For more information about how we use cookies on our Website, and for managing cookie consents, please refer to Section 4 "Cookies and Similar Technologies" in this Policy.
1.3 Customer Data Processed on Behalf of Customers (Platform Content)
Sun Security provides a security platform for AI agents that enables organizations to discover and monitor AI agents used in their environments, understand their behavior, permissions and access to data, understand workflows, and apply security controls in real time. In connection with providing the Platform, customers may submit, upload, transmit or otherwise make available data, logs and other content for analysis and monitoring, and may receive outputs, insights and alerts generated by the Platform ("Customer Data"). Customer Data may include Personal Data, for example identity data such as name, business email, job title, department and manager, and technical data such as IP addresses, login credentials, device identifiers and audit logs. To the extent Sun Security processes such Customer Data on behalf of a customer, Sun Security acts as a processor/service provider acting under the customer's instructions, and the relevant customer remains responsible for determining the lawful basis for processing and for its compliance obligations under applicable law. Customer Data shall be treated and regarded between the parties as confidential information.
Customers are solely responsible for ensuring that their submission, collection, use and other processing of any Personal Data through the Platform complies with applicable privacy and data protection laws, including obtaining all required notices, consents, permissions and other lawful bases, and for responding to data subject requests relating to Customer Data where required by law or contract. This also applies where Customer Data is obtained by the customer from third parties or other sources. For more information about the use of our Platform, please refer to our Terms and Conditions and any applicable data processing agreement or other agreement entered into with the relevant customer.
1.4 Information We May Receive from Third Parties
We may also receive Personal Data from third parties in connection with our business and the provision of the Services, for example from our customers, affiliates, service providers, business partners, publicly available sources, event or webinar organizers, referral sources, or recruitment-related service providers. Such information may include business contact details, professional information, account-related information, and other information relevant to our business relationship, recruitment process, or the operation and security of the Services. We will process such information in accordance with this Policy and applicable law.
2. Why Do We Process Personal Data – Purposes and Legal Bases
Under applicable data protection laws, including, where applicable, the Privacy Protection Law, 5741-1981 and the regulations promulgated thereunder, the Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR")/UK GDPR, and the California Consumer Privacy Act as amended by the CPRA ("CCPA/CPRA"), we must have a legal basis to process Personal Data.
Depending on the context, we process Personal Data based on one or more of the following legal bases: (i) performance of a contract or taking steps at your request prior to entering into a contract; (ii) our legitimate interests (for example, to operate, secure, and improve the Services, prevent fraud, and market our products, subject to applicable law); (iii) your consent (for example, for certain cookies and targeted advertising where required); and/or (iv) compliance with legal obligations.
The Personal Data we collect or otherwise process may be used for the following purposes (as applicable):
- Improve, maintain, secure and operate our Services, Website or Platform.
- Provide updates, technical troubleshooting, understand and analyze trends in connection with usage of the Services, and administer the Services.
- Process payments, subscriptions, invoices and related transactions, maintain billing and accounting records, detect and prevent fraudulent or unauthorized payment activity, and comply with applicable legal, tax and financial reporting obligations.
- Manage and support our business relationships with customers, prospects, partners and vendors, including onboarding, account administration, contract management, responding to requests, providing support, and maintaining records of our interactions.
- Send service-related, operational and administrative communications, and, where permitted by applicable law, marketing or promotional communications regarding our products and services. We will send direct marketing communications only in accordance with applicable law, including based on consent or another lawful basis where permitted, and you may opt-out at any time using the unsubscribe mechanism in the message or by contacting us.
- Comply with applicable laws, enforce our Terms of Use and agreement terms, protect our rights, property and safety and those of others, operate security, fraud-prevention and incident-detection processes, and create aggregated, anonymized and/or de-identified analytics, statistics and product insights that do not reasonably identify an individual, in order to improve and develop our Services, detections and security capabilities. For the avoidance of doubt, we do not use Customer Data for these purposes or to train AI models.
3. How Do We Share Personal Data
We do not sell Personal Data for money. We may share Personal Data with service providers and third parties for our operational purposes, and for any of the following purposes as described below:
3.1 Affiliates
We may share your Personal Data with our affiliated entities where necessary for internal administrative purposes and to provide, operate, and improve the Services.
3.2 Service Providers
We may disclose Personal Data to service providers that help us operate our business and provide the Services (for example, website and cloud hosting, security, analytics, customer support tools, recruitment tools, and billing/payment-related providers if and when relevant). As required by the Law and any applicable data protection laws, we contractually require our Service Providers to use Personal Data only as necessary to provide services to us, and to apply confidentiality, data protection and information security measures designed to protect the Personal Data to which they are granted access. Where appropriate, we may also make available a public list of certain sub-processors or service providers ("Sub-Processors List") used in connection with the Platform. We may update the Sub-Processors List from time to time (including by adding or replacing sub-processors) as our business and vendors change. Where required under applicable law or our contractual commitments, we will provide notice of material updates to the Sub-Processors List.
3.3 Corporate Transactions
We may disclose your Personal Data in connection with a proposed or actual corporate merger, acquisition, consolidation, sale of assets, bankruptcy, insolvency or other corporate change.
3.4 Law Enforcement Related Disclosure
We may share your Personal Data with government agencies or other relevant parties, such as a law office or independent auditor, under the following circumstances: (i) if we believe that such disclosure is appropriate to protect our rights, property or safety (including the enforcement of this Policy) or those of a third party; (ii) if required by law or court order; or (iii) as is necessary to comply with any legal and/or regulatory obligations, such as audit requirements.
3.5 Professional Advisers
We may share your Personal Data with our professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
3.6 Compliance with Applicable Laws and Regulations
We may also share Personal Data to comply with applicable laws and regulations or to respond to a lawful request for information we receive. We may also disclose such personal data if we believe disclosure is necessary to prevent physical, financial, or other harm, injury, or loss.
3.7 Law Enforcement
We may disclose your Personal Data to law enforcement agencies where we believe it is necessary to prevent or investigate illegal activity.
4. Cookies and Similar Technologies
When you visit or access our Services, we use (and authorize third parties to use) cookies, pixels, tags, web beacons, events, SDKs and other similar technologies (together, "Cookies and Similar Technologies"). These technologies allow us to automatically collect information about you, your device and your interactions with our Services in order to operate the Services, enhance navigation and user experience, remember preferences, improve the Services' performance, perform analytics, measure the effectiveness of communications and campaigns, maintain security, and, where applicable, support advertising, remarketing and content customization. Some of these technologies are placed by us, and some may be placed by third parties acting on our behalf or, where applicable, by third parties providing content, analytics or advertising services.
We use the following categories of Cookies and Similar Technologies on our Website:
Strictly Necessary Cookies
These cookies and similar technologies are necessary for the operation, security and integrity of the Website and related Services. They help us distinguish legitimate users from automated traffic, maintain session management, enable core functionality, support network management, and mitigate abusive, fraudulent or malicious activity. Because these cookies are generally required for the Website to function properly, they cannot typically be disabled through our preference tools without affecting Website availability or performance.
Functional and Analytics Cookies
We may use cookies and similar technologies to remember settings and preferences, support Website functionality, understand how visitors interact with our Website, improve performance, monitor traffic patterns, troubleshoot errors, maintain security, and better understand the effectiveness of our content and services. Analytics tools may help us collect information such as pages visited, approximate location derived from IP address, device and browser type, session activity, referral source and interactions with Website features.
Marketing and Advertising Cookies
Where applicable, we or authorized third parties may use marketing, targeting or advertising cookies and similar technologies to measure the effectiveness of campaigns, understand engagement with our Website and communications, prevent repeated display of the same advertisement, and help deliver more relevant content or advertising on our Website or on third-party platforms. Where required by applicable law, these technologies will be used only after obtaining your consent.
Some Cookies and Similar Technologies may be set by third-party providers that deliver services to us. Those third parties may collect information in accordance with their own privacy and cookie notices.
We may combine information collected through Cookies and Similar Technologies with other information we hold, and such combined information may constitute Personal Data.
You can manage Cookies and Similar Technologies in several ways: (i) through our cookie banner, consent manager or other preference tool, where available; (ii) through your browser settings, which may allow you to block, restrict or delete cookies; and (iii) in some cases, through device-level settings or controls provided by third-party services. Browser providers typically offer help pages explaining how to manage cookies, including for Chrome, Safari, Firefox, Edge and other commonly used browsers. You can also find additional general information about cookies and how they work on publicly available educational resources such as www.allaboutcookies.org. Please note that, where required by applicable law, we will use non-essential cookies, including analytics and marketing cookies, only after obtaining any required consent from you.
Please note that disabling or removing Cookies and Similar Technologies may impact the availability, functionality and performance of certain parts of the Services, and some features may not work as intended. In addition, if you delete cookies from your browser after making choices through our cookie banner or settings tool, you may need to renew your preferences. Cookies and Similar Technologies used on the Website may change from time to time as we update the Website and the tools we use. For additional details regarding the specific cookies and similar technologies currently used on the Website, their duration, provider and purpose, and for updated information on how to manage or withdraw your preferences, please refer to our Cookie Policy or cookie settings tool, where available.
To the extent required by applicable law, you may withdraw your consent to non-essential cookies at any time through the cookie settings tool made available on the Website. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
5. Data Retention and Data Protection
We retain Personal Data for as long as reasonably necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by applicable law, or is necessary to establish, exercise or defend legal claims.
We may retain communications with you in order to process your inquiries, respond to your requests and improve our Services. Platform account and billing records may be retained for the duration of the customer relationship and thereafter as reasonably necessary for accounting, tax, audit, dispute resolution, and legal compliance purposes.
We may periodically review and delete, anonymize, or otherwise de-identify Personal Data that is no longer necessary for the purposes described in this Policy, unless we are required or permitted to retain it longer (for example, for legal, regulatory, security, backup, audit, accounting, tax or dispute-resolution purposes). Retention periods are determined based on the nature of the data, the purposes for which it was collected and processed, applicable legal requirements, and our legitimate business needs.
6. Transfer of Personal Data Outside of Your Territory
We may store and process Personal Data in Israel, United States and in various other locations throughout the globe, including through cloud services. In some cases, the laws in those countries may provide a different level of data protection than the laws of your own country.
As a global company with operations and facilities in multiple territorial jurisdictions, we transfer data across borders as part of our regular business operations. These transfers are essential to provide you with our optimal services and to ensure efficient internal business processes. Such transfers may occur between our various offices, subsidiaries, affiliated entities, and service providers located in different countries.
When transferring your information internationally, we implement appropriate safeguards and security measures to protect your data and ensure compliance with applicable data protection laws, including, where required, contractual protections such as Standard Contractual Clauses or equivalent transfer mechanisms, reliance on adequacy decisions where available, and additional measures where appropriate.
7. Information Security
We use our best efforts to implement appropriate physical, technical and organizational measures to reduce the risks of damage, loss of information and unauthorized access or use of information and abide by the best industry standards. Nonetheless, these measures do not provide absolute information security. Therefore, it is not guaranteed, and you cannot expect, that the Services will be immune to information security risks.
8. Privacy Rights
You may have certain rights in connection with your Personal Data and the way we handle it, depending on where you reside and the applicable law. Some of these rights may be subject to certain exceptions or limitations. The following is a non-exhaustive list of certain privacy rights you may be able to exercise:
8.1 Right to Access
Under the Law, and any applicable law, you may contact the Company at any time as provided below and request to access the Personal Data we hold about you.
8.2 Right to Correct
Under the Law, and any applicable law, you may request that we correct the Personal Data we hold about you by providing us with the necessary information about you, if you find that such data is not accurate, complete or updated.
8.3 Right to Delete or Restrict
Under applicable law, you may request to delete or restrict access to your Personal Data. We may postpone or deny your request where permitted by applicable law (for example, where the Personal Data is necessary to provide the Services, comply with legal obligations, for security/fraud prevention, or to establish, exercise or defend legal claims), in which case we will let you know if we are unable to do so and why. Note that for Israeli residents under the Law, the right to delete may apply differently, for more information you may contact us as provided below.
8.4 Cookie Choices
Your browser or device can allow you to opt-out of data collection through cookies or similar technologies and, where available, you may use our cookie banner or other consent tool to manage preferences. Please note that your experience using our Services might be degraded or certain functionalities may not work if you block or disable cookies. For more information about how we use cookies on our Website, please refer to "Cookies and Similar Technologies" in this Policy.
8.5 Marketing Communications
If you wish to opt-out of our use of your contact information for our direct marketing purposes, you can click the "Unsubscribe" button located within the most recent marketing email you received from us or contact us as provided below.
8.6 Additional Information for EU/UK Residents
If you are located in the European Economic Area, the United Kingdom or Switzerland, you may have additional rights under applicable law, including the right to object to certain processing (including processing based on our legitimate interests), the right to withdraw consent where processing is based on consent, and the right to data portability.
8.7 Additional Information for California Residents (CCPA/CPRA)
If you are a California resident, you may have certain rights under the CCPA/CPRA, subject to applicable exceptions and limitations, including the right to: (i) request to know the categories and specific pieces of Personal Information (as such term is defined under California law) we collected about you, the categories of sources from which it was collected, the business or commercial purposes for collecting, using, disclosing, selling or sharing it, and the categories of third parties to whom we disclose it; (ii) request deletion of Personal Information; (iii) request correction of inaccurate Personal Information; (iv) opt-out of the "sale" or "sharing" of Personal Information; (v) limit the use and disclosure of sensitive personal information, to the extent applicable under the CCPA/CPRA; and (vi) not receive discriminatory treatment for exercising any of your privacy rights under the CCPA/CPRA. We do not sell Personal Information for money, and we do not use or disclose sensitive personal information for purposes that would trigger a right to limit under the CCPA/CPRA, except to the extent applicable law requires otherwise. To submit a request, contact us as described below.
8.8 Other U.S. States
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MTCDPA), and other states with comprehensive privacy laws have similar rights to access, delete, correct, and opt-out. Please contact us to exercise these rights.
If you are located in another jurisdiction with applicable data protection laws, we will comply with your local requirements. Please contact us to exercise your rights under your local law.
9. Children Data
We do not knowingly collect Personal Data from children, and our Services are generally intended for business and enterprise users rather than minors. If you believe that a child has provided us with Personal Data, please contact us and we will take appropriate steps in accordance with applicable law.
10. Use of Artificial Intelligence (AI)
As part of the Platform, we may use automated and AI-assisted capabilities to analyze AI agents, related workflows, permissions, access patterns, logs and security events, generate insights, and support security-related recommendations and decision support. The use of AI may involve the processing of Personal Data. We take reasonable technical and organizational measures designed to ensure such processing is lawful, fair, and limited to what is necessary for the purposes described in this Privacy Policy.
No Training on Customer Data
We do not use Customer Data to train, retrain, fine-tune or otherwise improve any artificial intelligence or machine-learning models, whether our own or those of third parties. Customer Data is processed solely to provide the Platform and the Services to the relevant customer, in accordance with our agreement with that customer.
We may also use chatbots or other automated support tools (including tools provided by third parties) to help respond to inquiries, provide customer support, and route requests. When you interact with these tools, we may collect the content you submit (including messages and any information you choose to provide), along with related technical and usage information (such as timestamps and device/browser details). We use this information to provide support, improve our Services, maintain security, and comply with legal obligations. Please do not submit sensitive Personal Data through a chatbot unless we specifically request it.
We do not use AI for automated decision-making that produces legal effects concerning you or similarly significantly affects you, without appropriate human involvement, unless such processing is permitted by applicable law and appropriate safeguards are in place.
If you have any questions about our use of AI, you are welcome to contact us using the contact details below.
11. Direct Marketing
If we send direct marketing communications in the future, we will do so in a controlled manner and in accordance with applicable law, including based on consent, an existing business relationship, or another lawful basis where permitted, and each marketing communication will include an option to opt-out or unsubscribe.
12. How to Contact Us
If you have any concerns about the way we process your Personal Data, you are welcome to write to us at privacy@sun.security. We will look into your request and make good faith efforts to resolve any concern you may have, in accordance with applicable law.
See every agent. Control every action.
Get started today in just 5 minutes.