Privacy Policy

Constellation Software Engineering, LLC ("Company", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our REAEGIS platform ("Service").

2.1 Information You Provide:

• Account information (name, email address, organization name)
• Profile information (job title, avatar)
• Repository URLs and project configurations
• Evidence artifacts and compliance documentation
• Communications with our support team

2.2 Information Collected Automatically:

• Usage data (features accessed, actions taken)
• Device information (browser type, operating system)
• Log data (IP address, access times, pages viewed)
• Cookies and similar tracking technologies

2.3 Information from Third Parties:

• Repository data from connected source control systems (e.g., GitHub)
• Vulnerability data from security databases (e.g., OSV, NVD)
• Authentication data from identity providers (if SSO is used)

• Provide, maintain, and improve the Service
• Process vulnerability scans and policy evaluations
• Generate compliance reports and POA&M documentation
• Send notifications about security findings and SLA deadlines
• Respond to your requests and provide customer support
• Analyze usage patterns to improve the Service
• Detect and prevent fraud, security incidents, and abuse
• Comply with legal obligations

We do not sell your personal data. We may share information in the following circumstances:

• Service Providers: With vendors who assist in providing the Service (hosting, analytics, support)
• Within Your Organization: With other users in your organization as configured by your administrators
• Legal Requirements: When required by law, legal process, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you have given explicit permission

We implement robust security measures to protect your data:

• Encryption at rest and in transit (TLS 1.3)
• Access controls and role-based permissions
• Regular security audits and penetration testing
• Secure development practices (SSDLC)
• Incident response procedures
• Employee security training

The Service is designed to meet FedRAMP Moderate security requirements and supports IL2/IL4/IL5 deployment configurations for government customers.

We retain your data for as long as your account is active or as needed to provide the Service. Upon account termination, we will delete or anonymize your data within 90 days, except where retention is required by law or for legitimate business purposes (e.g., audit logs for compliance requirements).

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data
• Portability: Request export of your data in a portable format
• Restriction: Request restriction of processing
• Objection: Object to certain processing activities

To exercise these rights, contact us at [email protected].

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and security
• Functionality Cookies: Remember your preferences
• Analytics Cookies: Understand how the Service is used

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

Your data may be transferred to and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy and updating the "Last updated" date. We encourage you to review this policy periodically.

If you have questions about this Privacy Policy or our data practices, please contact us:
Constellation Software Engineering, LLC — Privacy Officer
Email: [email protected]

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt-out of the sale of personal information. We do not sell personal information.