Privacy Policy
Effective May 25, 2026
This Privacy Policy explains how Red Hound Information Security LLC ("Red Hound," "we," "us") collects, uses, and protects personal information when you use Focus, our cybersecurity framework advisor at focus.redhound.us(the "Service"). By using the Service you agree to the practices described here.
1. Who we are
Focus is operated by Red Hound Information Security LLC, a Massachusetts limited liability company. Questions, requests, or complaints can be sent to hello@redhound.us.
2. Information we collect
We collect the following categories of data:
- Account data. Name, email address, and authentication identifiers provided when you sign in via our authentication provider (Clerk). If you sign in with Google, GitHub, or Apple, we receive the basic profile fields those providers return (typically name, email, and a unique user ID). We never receive your provider password.
- Organization data. The organization name, size, industry, geography, and other attributes you enter so that Focus can recommend applicable security frameworks.
- Assessment answers. Responses you provide to questionnaires, including free-text context you supply when prompted.
- Billing data. If you subscribe to a paid plan, our payment processor (Stripe) collects and stores your payment details. Red Hound receives only billing metadata (plan, subscription status, last four digits of the card) — not your full payment card number.
- Communications. Email correspondence and any messages you send us, including support requests.
- Usage and device data. IP address, browser type, pages visited, referring URL, and event-level interactions, collected through our product analytics (PostHog) and error monitoring (Sentry). This data is used to operate, secure, and improve the Service.
- Cookies. Session cookies (set by Clerk) keep you signed in. Analytics cookies (set by PostHog) help us understand product usage. We do not use third-party advertising cookies.
3. How we use your information
- To provide the Service — including running the framework recommendation engine, control assessments, and generating reports.
- To authenticate you and protect your account.
- To process payments and manage subscriptions.
- To send transactional emails (welcome, password reset, billing receipts, assessment results).
- To monitor errors, detect abuse, and improve product quality.
- To comply with legal obligations and enforce our Terms.
4. AI processing
Focus uses large language models to interpret your free-text answers and to generate narrative summaries of your assessment results. We send relevant assessment context — never your raw account credentials or payment data — to our AI provider (OpenRouter, which routes to upstream model providers including Anthropic). AI outputs are informational only and are not legal advice or a substitute for a qualified compliance professional. See our Terms of Service for the limits of what AI-generated guidance represents.
5. Sub-processors and sharing
We share data only with vendors who help us operate the Service, under written contracts that restrict their use of your data. Current sub-processors include:
- Clerk — authentication and identity.
- Neon — managed PostgreSQL database hosting (US region).
- Vercel — application hosting and content delivery.
- Stripe — payment processing.
- Resend — transactional email delivery.
- OpenRouter — AI model routing (with Anthropic as the primary upstream provider).
- PostHog — product analytics.
- Sentry — error and performance monitoring.
- Google Analytics — website traffic measurement and audience insights.
- Google Ads — advertising attribution and conversion measurement.
We do not sell your personal information. We may disclose data if compelled by law, to enforce our Terms, or to protect the rights, property, or safety of Red Hound, our users, or the public.
6. Data retention
We keep account and assessment data for as long as your account is active. Billing records are kept for the period required by tax and accounting laws (typically seven years). Server and security logs are kept for up to 12 months. When you delete your account, we delete or anonymize your personal data within 30 days, except where we are legally required to retain it.
For fraud and abuse prevention, when an account is deleted we retain a minimal record beyond that window: a one-way hash of the account email, the email domain, a normalized company name, and a flag indicating whether the free tier was used. This record contains no assessment answers, reports, or evidence, and is used solely to prevent repeated free-tier sign-ups that abuse our service. You may request its removal by contacting us.
7. Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal information; to object to or restrict certain processing; or to withdraw consent. To exercise any of these rights, email hello@redhound.us. We will respond within 30 days. California residents have additional rights under the CCPA/CPRA, including the right to know what categories of information we collect and to whom we disclose it (see Section 5).
8. International transfers
Focus is operated from the United States. If you access the Service from outside the U.S., your data will be transferred to and processed in the U.S. and other jurisdictions where our sub-processors operate. We rely on standard contractual clauses or equivalent safeguards where required by applicable law.
9. Security
We follow industry-standard practices to protect your data: TLS in transit, encryption at rest at the database layer, least- privilege access controls, MFA on all administrative accounts, and continuous monitoring. No system is perfectly secure; if you suspect a security issue, please contact hello@redhound.us.
10. Children
Focus is intended for businesses and is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced in the Service or by email at least 14 days before they take effect. The "Effective" date at the top of this page indicates when the current version was published.
12. Contact
Red Hound Information Security LLC
Massachusetts, United States
Email: hello@redhound.us
Website: redhound.us