Privacy Policy

Introduction

Sherlock Agent, a product of Milan Rajkovic Pty Ltd (ABN 33 133 412 503) ("we," "us," or "our"), operates the sherlockagent.ai website and the Sherlock Agent platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Sherlock Agent is an AI-powered investigation platform designed for Managed Service Providers (MSPs) and enterprise IT teams. Given the nature of our Service, we process endpoint telemetry data, investigation logs, and user account information. We are committed to protecting the privacy and security of all data entrusted to us.

By accessing or using our Service, you agree to the terms of this Privacy Policy. If you do not agree with the practices described herein, please do not use our Service.

Information We Collect

Account Information

When you create an account or interact with our Service, we may collect:

• Name, email address, and contact information
• Organization name and role
• Billing and payment information (processed through secure third-party payment processors)
• Authentication credentials and multi-factor authentication settings
• Account preferences and notification settings

Endpoint Telemetry Data

Through the Sherlock Agent platform, we collect endpoint telemetry data from devices managed by our customers, which may include:

• System configuration, hardware specifications, and operating system details
• Installed software, running processes, and service states
• Network configuration and connectivity status
• Event logs, error reports, and system performance metrics
• Security posture indicators and compliance status
• Device health and resource utilization data

Investigation Logs

When you use our investigation and diagnostic features, we collect:

• Investigation queries and parameters
• AI-generated analysis results and root cause findings
• Remediation actions taken and automation scripts generated
• Investigation history, notes, and resolution outcomes
• Timestamps and user activity associated with investigations

Usage and Technical Data

We automatically collect certain information when you interact with our Service:

• IP address, browser type, and device identifiers
• Pages visited, features used, and interaction patterns
• Referring URLs and access times
• API usage metrics and integration activity

How We Use Information

We use the information we collect for the following purposes:

• Service delivery: To provide, operate, and maintain our AI-powered investigation platform, including diagnosing endpoint issues, performing root cause analysis, and generating remediation actions
• Platform improvement: To enhance our AI models, improve diagnostic accuracy, and develop new features that better serve MSPs and enterprise IT teams
• Account management: To manage your account, process payments, provide customer support, and communicate service-related updates
• Security: To detect, prevent, and respond to security incidents, fraud, and abuse of our platform
• Compliance: To comply with applicable legal obligations, resolve disputes, and enforce our agreements
• Analytics: To understand how our Service is used, measure performance, and inform product decisions through aggregated and anonymized analytics
• Communication: To send you technical notices, security alerts, support messages, and, with your consent, product updates and marketing communications

We do not sell your personal information or endpoint telemetry data to third parties. Customer telemetry data is used solely to provide and improve the Service for the customer who owns that data.

Data Storage & Security

We take the security of your data seriously and implement industry-standard technical and organizational measures to protect it. These measures include:

• Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption
• Access controls: Role-based access controls and the principle of least privilege govern access to customer data within our organization
• Infrastructure: Our platform is hosted on enterprise-grade cloud infrastructure with SOC 2 compliant data centers
• Monitoring: Continuous security monitoring, intrusion detection, and regular vulnerability assessments protect our systems
• Data isolation: Multi-tenant architecture with strict logical separation ensures that each customer's data is isolated from other customers
• Retention: We retain data only for as long as necessary to fulfill the purposes described in this policy, or as required by law. Investigation logs and telemetry data are retained in accordance with your subscription plan and can be deleted upon request

While we strive to use commercially acceptable means to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly notifying affected parties in the event of a data breach in accordance with applicable law.

Third-Party Services

We may share information with third-party service providers who assist us in operating our platform and delivering our Service. These providers are contractually obligated to protect your data and may only use it for the purposes we specify. Categories of third-party providers include:

• Cloud hosting providers: For infrastructure and data storage
• Payment processors: For secure billing and subscription management
• Analytics services: For aggregated usage analytics and performance monitoring
• Communication platforms: For email delivery, notifications, and customer support
• AI and machine learning services: For powering diagnostic and analytical capabilities within the platform
• Authentication providers: For identity verification and single sign-on integrations

We may also disclose your information if required by law, in response to valid legal process, to protect our rights or safety, or in connection with a merger, acquisition, or sale of assets.

Your Rights

Depending on your location and applicable data protection laws, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete personal data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Portability: Request an export of your data in a structured, machine-readable format
• Restriction: Request that we limit processing of your personal data under certain circumstances
• Objection: Object to processing of your personal data for specific purposes, including direct marketing
• Withdrawal of consent: Where processing is based on consent, withdraw that consent at any time

To exercise any of these rights, please contact us. We will respond to your request within 30 days or as required by applicable law. We may ask you to verify your identity before processing your request.

For customers subject to GDPR, we act as a data processor on your behalf with respect to endpoint telemetry data. You remain the data controller and are responsible for ensuring you have a lawful basis for collecting and transmitting endpoint data to our platform.

Cookies

Our Service uses cookies and similar tracking technologies to enhance your experience and collect usage information. The types of cookies we use include:

• Essential cookies: Required for the platform to function properly, including authentication, session management, and security tokens
• Functional cookies: Remember your preferences and settings to provide a personalized experience
• Analytics cookies: Help us understand how visitors interact with our website and platform so we can measure and improve performance

You can control cookie settings through your browser preferences. Please note that disabling certain cookies may limit your ability to use some features of our Service.

We do not use cookies for third-party advertising. Any analytics cookies we employ collect aggregated, anonymized data and are used solely to improve our Service.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Sherlock Agent
Contact us
Website: sherlockagent.ai

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the Service or via email. Your continued use of the Service after such notification constitutes acceptance of the updated policy.