PocketSOC Privacy Policy

Last updated: March 2026

1. Overview

This Privacy Policy explains how WeaveHub Technologies LLC ("PocketSOC", "we", "us") collects, uses, and protects personal data in connection with the PocketSOC mobile application, web-based administration portal, and related services (the "Service"). Our backend infrastructure and email processing are operated through Cloudflare.

PocketSOC is available on the Apple App Store and Google Play Store. These distribution platforms may independently collect device or usage data under their own privacy policies; such collection is outside of PocketSOC's control.

2. Data We Collect

Depending on customer configuration and third-party security platform integrations, we may process:

Device identifiers associated with mobile devices (iOS and Android) receiving notifications
Organization identifiers, stored as cryptographic blind indexes (HMAC-SHA256 hashes)
User email addresses and authentication data (processed via WorkOS for portal sign-in)
Push notification tokens (encrypted at rest)
Vendor API credentials provided by Customer (encrypted at rest with AES-256-GCM; used to retrieve alerts on behalf of Customer)
Team membership, group assignments, and on-call schedule configurations
Alert metadata transmitted by customer-authorized third-party security platforms (see Section 3)
Audit log records of administrative actions (device registration, schedule changes, credential updates)
Billing and subscription data (processed via Stripe; PocketSOC does not store payment card numbers)
Limited server logs (IP address, timestamps, delivery status)

PocketSOC does not control the schema or content of alert data provided by third-party platforms.

On Android devices, limited technical data such as device type, OS version, and push token may be processed to enable app functionality and notification delivery. This data is not used for marketing, advertising, or profiling.

Analytics Data

We use Firebase Analytics (powered by Google Analytics) in our mobile applications to collect anonymous usage data, including:

App opens, sessions, and engagement duration
Screen views and navigation patterns
Feature usage (e.g., which actions are used most frequently)
Device type, operating system, and general location (country/region)

This data is aggregated and does not include any security alert content, hostnames, IP addresses, usernames, or other sensitive information from your connected security platforms. We collect this data under our legitimate interest in improving our services, and it is used solely to improve the app experience and prioritize feature development. No advertising identifiers are collected or used.

3. Alert Metadata

Alert metadata processed by PocketSOC may include identifiers such as usernames, hostnames, IP addresses, endpoint identifiers, and alert subject lines, as determined by the customer's third-party security platform configuration.

This data is processed solely for alert delivery and incident response functionality. It is not used for marketing, profiling, analytics unrelated to service delivery, or resale. Retention of alert metadata is limited to what is operationally necessary for notification delivery.

4. Purpose of Processing

We process data solely to:

Deliver security alert push notifications by organization
Manage team membership, group assignments, and vendor configurations through the administration portal
Store and deliver encrypted vendor API credentials to authorized devices
Enforce on-call schedules and group-based notification targeting
Operate, secure, and maintain the Service
Process billing and subscription management
Troubleshoot delivery issues
Analyze anonymous app usage patterns to improve features and user experience
Comply with legal obligations

Alert data is not used for profiling, marketing, or monitoring.

5. Legal Bases for Processing (GDPR)

Where the GDPR applies, PocketSOC processes personal data on the following bases:

Performance of a contract
Legitimate interests in operating and securing the Service
Consent, where required by applicable law

6. Data Retention

User accounts and organization data: retained while the account is active; deleted upon account closure or Customer request
Vendor API credentials (encrypted): retained while the vendor configuration is active; deleted when the configuration is removed
Device registrations and push tokens (encrypted): retained while the device is active; deleted upon deactivation or unregistration
On-call schedules and group assignments: retained while the associated configuration is active
Audit log records: retained for up to 1 year for security and compliance purposes
Alert metadata for push notifications: processed transiently for notification delivery and not persistently stored
Server logs: retained for up to 90 days, unless required longer for security or legal reasons
Billing data: retained as required by applicable tax and financial regulations

7. Account Deletion

When a user account is deleted by a customer administrator, associated account data is removed from active systems. Certain transactional records, such as email invitation logs, may be retained for operational, fraud prevention, or audit purposes. Users may request deletion of any residual records by contacting us via our contact form.

8. International Data Transfers

Data may be processed in the United States and other jurisdictions where our service providers operate. For international transfers of personal data outside the European Economic Area (EEA) or United Kingdom, appropriate safeguards such as Standard Contractual Clauses (SCCs) are used where applicable.

9. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or port your personal data. Requests may be submitted via our contact form.

Requests for access, correction, export, or deletion will be acknowledged within a reasonable timeframe and fulfilled within 30 days, unless an extension is legally permitted and necessary.

10. Security Measures

We implement technical and organizational safeguards, including:

TLS encryption for all data in transit
AES-256-GCM encryption for vendor credentials, device tokens, and sensitive fields at rest
HMAC-SHA256 blind indexes for identifier lookups (no plaintext storage of tokens or identifiers)
Platform-native secure storage (iOS Keychain, Android Keystore) for on-device credentials
Least-privilege access controls and role-based permissions
Biometric authentication (Face ID, fingerprint) required for sensitive actions
Automated processing of alert content without human review
Rate limiting and abuse prevention on all API endpoints

11. Subprocessors

We use the following subprocessors to operate the Service:

Cloudflare, Inc. — hosting, Workers, backend infrastructure, and email processing
Apple Inc. — push notification delivery via Apple Push Notification service (APNs) and iOS application distribution via the App Store
Google LLC (Firebase Cloud Messaging) — push notification delivery to Android devices
Google LLC (Firebase Analytics) — anonymous app usage analytics in mobile applications
Google LLC (Google Play) — Android application distribution
Resend — transactional email delivery for portal invitations
Stripe, Inc. — payment processing and subscription management
WorkOS, Inc. — portal authentication and identity management

Firebase Cloud Messaging (FCM) is used to deliver push notifications to Android devices; only device push tokens are transmitted for notification delivery. Firebase Analytics is used in our mobile applications to collect anonymous, aggregated usage data as described in Section 2; no advertising identifiers or personally identifiable information are collected. Firebase operates under Google's privacy policy(opens in new tab).

We will notify customers of material changes to this subprocessor list. A current list is also available upon request.

12. Contact

For privacy-related questions or to exercise your data subject rights, please use our contact form.