Close this search box.


SpyCloud is committed to the security of your data. We will never misuse any of the breach-related data we have found. We have carefully studied major regulatory actions across the world, covering privacy frameworks such as The General Data Protection Regulation (GDPR) & The California Consumer Privacy Act (CCPA).

SpyCloud collects two types of personal data: (i) data that individuals have provided to SpyCloud directly – this includes portal accounts, email addresses, and web site analytic data generated when using our sites – and (ii) breached asset data which we discover on the dark web, which is publicly and permanently available.

Here, you’ll find information about how we process your data under these legal frameworks. If you have further questions about our compliance with data privacy laws and regulations, please e-mail us at

SpyCloud hosts all production data within a secure industry leading hosting services provider, Amazon Web Services. This provider is compliant with multiple frameworks, such as SOC2 and ISO27001. SpyCloud utilizes AWS within the United States.

Under both the GDPR and CCPA, indviduals are granted privacy-related rights. The following rights are granted to all individuals regardless if they live in a jurisdiction applicable to the GDPR and/or CCPA.

    • Right of Access – See the sources from which we have collected your personal information, what personal information we have or have disclosed about you, if any, covering a minimum period of 12 months, and the business or commercial purpose of the collection of such personal information.
    • Right to Rectification – Change/correct any information we have about you.
    • Right to Erasure – Have us delete any personal information we have about you.
    • Right to Object – Express any concern you have about our use of your personal information.
    • Right to Data Portability – Have us transmit any personal information directly to another organization, in certain circumstances.
    • Right to Lodge a Complaint – Lodge a complaint with a competent data protection authority.
    • Right to Opt out of Future Contacts – The ability to opt-out of communications

SpyCloud’s usage of this data aligns with lawful bases set forth in the GDPR, such as: (i) your consent; (ii) necessity for performance of a contract; (iii) our legitimate interests and also your legitimate interests and the legitimate interest of third parties who use our services; and (iv) this processing being in the public interest to promote security and for law enforcement obligations.

As declared in the CCPA, we use this data for a variety of reasons such as: (i) meeting our legal obligations (ii) using this data to improve the security for individuals by acting as a potential deterrent for  fraudulent activity  and (iii) your legitimate interests and the legitimate interest of third parties who use our services; and (iv) necessary for the completion of a transaction as defined in CCPA.

Transforming recaptured data to protect your business.

[2024 REPORT] The biggest identity threats to have on your radar. Read Now

Close this search box.