Privacy Policy
Last updated: April 10, 2026
SOCAwake is operated by ProPoint LLC (Wyoming, USA) ("we", "us", "our"). Although our company is registered in the United States, we offer our services to users in the European Union and store all user data on servers located in Germany. This privacy policy explains how we collect, use, store, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR).
1. Data Controller
ProPoint LLC
30 N Gould St Ste N
Sheridan, WY 82801, USA
Email: [email protected]
2. What Data We Collect
2.1 Account Data
When you register or when your organization administrator creates an account for you, we collect:
- Full name — to identify you within the platform
- Email address — for account recovery and notifications
- Username — for authentication
- Password — stored as a cryptographic hash, never in plain text
- Organization name — to associate you with your training company
- Role — your access level (administrator, analyst)
2.2 Usage Data
- Session tokens — to keep you logged in
- Investigation responses — your answers to training scenarios for scoring
- Performance scores — pass/fail rates, response times
- Timestamps — when actions are performed
2.3 Technical Data
- IP address — logged by our web server for security
- Browser user agent — for compatibility
2.4 Data We Do NOT Collect
We do not collect payment information, biometric data, location data, or data from third-party social accounts. We do not use tracking cookies or third-party analytics.
3. How We Use Your Data
We process your data for the following purposes:
- Providing the service — authentication, authorization, delivering training scenarios (Art. 6(1)(b) GDPR — contract performance)
- Scoring and reporting — evaluating your investigation responses and generating performance reports for your organization (Art. 6(1)(b) GDPR)
- Security — protecting against unauthorized access and abuse (Art. 6(1)(f) GDPR — legitimate interest)
- Legal obligations — compliance with applicable laws (Art. 6(1)(c) GDPR)
4. Where Your Data Is Stored
All data is stored on servers located in Germany (Hetzner Online GmbH, Nuremberg). Your data does not leave the European Union.
Specifically, your data is stored in:
- Redis — in-memory database for user accounts, sessions, and training data
- Server logs — standard web server access logs
5. Third-Party Processors
We use the following sub-processors:
- Hetzner Online GmbH (Nuremberg, Germany) — server hosting. Their privacy policy.
- Cloudflare, Inc. (USA) — DNS and CDN. Cloudflare processes IP addresses and request metadata for DDoS protection. Data processing is covered by EU Standard Contractual Clauses. Their privacy policy.
6. Organization Access
If your account was created by an organization (training company), your organization administrator can:
- View your name, username, and email
- View your training scores and performance reports
- Create and deactivate your account
Your organization administrator cannot see your password.
7. Data Retention
- Account data — retained as long as your account is active. Deleted upon account deletion or organization offboarding.
- Session data — automatically expires after 8 hours.
- Server logs — retained for up to 30 days.
- Training scores — retained as long as the organization contract is active.
8. Your Rights Under GDPR
You have the right to:
- Access — request a copy of your personal data (Art. 15)
- Rectification — correct inaccurate data (Art. 16)
- Erasure — request deletion of your data ("right to be forgotten") (Art. 17)
- Restriction — limit how we process your data (Art. 18)
- Data portability — receive your data in a structured format (Art. 20)
- Objection — object to processing based on legitimate interest (Art. 21)
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
9. Cookies and Local Storage
We use browser local storage (not cookies) to store your session token. This is strictly necessary for the platform to function and does not require consent under GDPR. We do not use advertising or tracking cookies.
10. Data Security
We implement the following security measures:
- All connections are encrypted via TLS (HTTPS)
- Passwords are stored as cryptographic hashes
- Server access is restricted to SSH key authentication
- Firewall rules limit open ports to 22, 80, and 443
- Regular security updates applied to all systems
11. Children
SOCAwake is a professional training platform. We do not knowingly collect data from children under 16. If you believe a child's data has been submitted, contact us immediately.
12. Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority. As our servers are hosted in Germany (Hetzner, Nuremberg), the competent authority is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany
www.lda.bayern.de
13. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the platform after changes constitutes acceptance.