Home Services Areas Served Threat Intelligence FAQ Contact Client Login Free Security Check
Legal

Privacy Policy

Last updated: March 10, 2026

RocketCore LLC ("Company," "we," "us") operates the Prometheus AI platform. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. We are committed to protecting the privacy and security of your information.

1. Data We Collect

We collect the following categories of data:

  • Account Information: Name, email address, company name, and billing details provided during registration.
  • Security Event Telemetry: Process activity, network connections, authentication logs, DNS queries, file system events, TLS handshake metadata, and memory scan results collected by the Prometheus agent from your endpoints.
  • Agent Telemetry: Agent version, operating system, architecture, heartbeat data, queue depth, and health metrics.
  • Platform Usage Data: Login timestamps, portal interactions, API call patterns, and configuration changes.
  • Detection and Response Data: Threat detections, kill chain actions, isolation sessions, forensic evidence bundles, and incident reports generated by the platform.

We do not collect personal files, email content, browsing history, or keystroke data from monitored endpoints. Our agent collects only security-relevant metadata necessary for threat detection.

2. How We Use Your Data

  • Threat Detection: Security telemetry is analyzed in real time by our detection engines and ML models to identify threats, classify attacks, and trigger automated responses.
  • Model Training: Anonymized and aggregated security event data is used to train and improve our machine learning models. Individual client data is never used in its raw form for model training. Features are extracted and anonymized before training.
  • Service Improvement: Usage patterns help us improve platform performance, optimize detection accuracy, and develop new features.
  • Federated Threat Intelligence: When enabled, anonymized indicators of compromise (IOCs) may be shared across clients via our BOLO (Be On the Lookout) system. Source client identities are always anonymized using SHA256 hashing.
  • Billing and Communication: Account information is used for subscription management, invoicing, and essential service communications.

3. Data Retention

  • Security Events: Retained for 90 days by default, configurable per client up to 365 days. Older events are automatically purged by our cleanup workers.
  • Forensic Evidence: Retained for 1 year from the date of creation to support investigation and compliance requirements.
  • Account Data: Retained for the duration of your subscription plus 30 days after termination to allow data export.
  • ML Training Data: Anonymized feature vectors used for model training are retained indefinitely. They cannot be traced back to individual clients or endpoints.
  • Billing Records: Retained for 7 years as required by tax and financial regulations.

4. Third-Party Sharing

We do not sell, rent, or trade your data to third parties. We do not share your data with third parties except in the following circumstances:

  • Payment Processing: Billing data is shared with Stripe for payment processing. Stripe's privacy policy governs their handling of your payment information.
  • Legal Requirements: We may disclose data if required by law, subpoena, court order, or government request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.
  • With Your Consent: We may share data with third parties when you explicitly authorize us to do so.

5. Your Rights

You have the following rights regarding your data:

  • Access: Request a copy of the data we hold about you and your organization.
  • Deletion: Request deletion of your account and associated data. Note that anonymized training data cannot be deleted as it is not identifiable.
  • Export: Export your security events, detections, and configuration data in JSON format via the Client Portal or API.
  • Correction: Update inaccurate account information through the Client Portal settings.
  • Restriction: Request that we limit processing of your data to essential service operations only.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

6. Data Security

We implement industry-standard security measures to protect your data, including: HMAC-SHA256 authentication for all agent-to-platform communication, bcrypt password hashing, TLS encryption in transit, Content Security Policy headers, rate limiting, brute force protection, and access controls. Our platform undergoes continuous security testing with 600+ automated tests covering authentication, authorization, and input validation.

7. Cookies

The Prometheus platform uses essential cookies only. We use session cookies (session_token and admin_auth) for authentication purposes. These cookies are set with SameSite=Strict and HttpOnly flags. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

8. Children's Privacy

The Service is designed for business use and is not directed at individuals under the age of 18. We do not knowingly collect data from minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

For privacy-related inquiries, contact our privacy team at [email protected]. For general inquiries, visit our Contact page.