This Privacy Policy is issued by Digibator Oy, the company operating Attestor.ai (“we,” “our,” “us”). We respect your privacy and are committed to protecting the personal information you share with us. This policy explains what information we collect, how we use it, and your rights. It applies to visitors to our website, newsletter subscribers, and users of Attestor.ai services.
1. Information We Collect
1.1 Newsletter Subscriptions
- When you subscribe to our newsletter, we collect your email address.
- We use this only to send product updates, news, and educational resources.
1.2 Website Analytics
- We use Google Analytics to understand website traffic and improve our content.
- Google Analytics may collect anonymized information such as page views, device type, browser, and referral source.
- You can opt out by adjusting your browser settings or using Google’s opt-out tools.
1.3 Attestor.ai GPT Services
- Our GPT features are managed by OpenAI.
- Attestor.ai does not log, track, or store who is using the GPT service or what is entered into it.
- Your prompts and responses are handled directly by OpenAI under their Privacy Policy.
1.4 Azure Function Services
- Attestor.ai provides Azure-based functions that return cybersecurity datasets (e.g., MITRE ATT&CK techniques, CVEs, CWEs, mitigations, vulnerabilities).
- These services only process technical identifiers such as
technique_id or vulnerability_id. - No user identity information is collected, logged, or stored.
- Input parameters are processed in real time and discarded after the response is returned.
2. How We Use Information
We use collected information only for:
- Delivering newsletters to subscribers.
- Analyzing website traffic to improve our services.
- Providing GPT and Azure-based features to users.
- Maintaining the security and reliability of our systems.
We do not sell, rent, or trade personal information.
3. Sharing and Disclosure
We may share limited information with:
- Service providers: Google Analytics (traffic analysis), OpenAI (GPT functionality), Microsoft Azure (cloud hosting).
- Legal obligations: if required by applicable law or lawful request.
We do not share newsletter email addresses with third parties.
4. Data Security
We implement technical and organizational safeguards, including:
- Encryption of data in transit and at rest.
- Strict access controls and monitoring.
- Hosting on Microsoft Azure, which is certified under leading security frameworks (ISO/IEC 27001, SOC 2, etc.).
We align our practices with standards such as NIST SP 800-53 and ISO 27001.
5. Data Retention
- Newsletter emails are kept until you unsubscribe.
- Analytics data is retained according to Google’s policies.
- Azure function inputs are processed only in real time and are not stored.
- GPT interactions are not visible to Attestor.ai and are handled by OpenAI.
6. Your Rights
Depending on your jurisdiction (e.g., GDPR, CCPA), you may have the right to:
- Access, correct, or delete your personal data.
- Opt out of marketing communications.
- Restrict or object to certain processing activities.
- Request data portability.
You may unsubscribe from newsletters at any time by clicking the “unsubscribe” link in our emails. For other requests, contact us at privacy@digibator.com.
7. International Transfers
If you are located outside the European Union or European Economic Area, your data may be transferred internationally. Where required, we apply safeguards such as Standard Contractual Clauses (SCCs) to ensure adequate protection.
8. Children’s Privacy
Attestor.ai is not directed to children under 16. We do not knowingly collect personal information from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised “Last updated” date.
10. Contact Us
Digibator Oy
Attestor.ai Privacy Office
📧 privacy@digibator.com
Albertinkatu 5 B 37
00150 Helsinki
