SHERIFF-AI is an endpoint detection and response product. To protect your devices it necessarily processes security telemetry from the endpoints you enroll. This policy explains what we collect, why, how long we keep it, and the choices you have. We collect the minimum needed to keep your fleet safe — nothing more.
Who we are
SHERIFF-AI is operated by the SHERIFF-AI team. Business registration number: [PENDING]. For any privacy question, contact privacy@sheriff-ai.example.
What we collect
- Endpoint telemetry — process activity, network connections, file-scan results, and trust scores from agents you deploy. This is generated on your devices and sent to the console you control.
- Device metadata — hostname, operating system, agent version, and enrollment identifiers.
- Account data — administrator username, email, and authentication factors (passwords are stored only as salted hashes; TOTP secrets are stored encrypted).
- Operational logs — audit records of actions taken in the console, for security and compliance.
We do not collect the contents of your personal files, browsing history, keystrokes, or message bodies. Scanning inspects file hashes, entropy, and rule matches — not document contents.
How we use it
- To detect, explain, and help you respond to threats on your endpoints.
- To calculate continuous trust scores that drive network access decisions.
- To authenticate administrators and maintain an audit trail.
- To improve detection quality in aggregate — never by selling your data.
Human-in-command
SHERIFF-AI never executes a remediation without an explicit approval, except for playbooks you have configured to auto-approve. AI suggestions always show their reasoning and an approve/deny choice. Your data is used to inform recommendations, not to act autonomously against you.
Where your data lives
In a self-managed deployment, telemetry stays on infrastructure you operate — the admin console and database run on your own machine or servers. We do not receive your endpoint telemetry unless you explicitly opt into a hosted or support arrangement.
Retention
Telemetry and alerts are retained for as long as they are operationally useful and then aged out; audit logs are kept for the period your compliance regime requires. You can delete an endpoint's data by removing it from the console.
Security
Credentials are hashed, secrets encrypted, and agent identity files are stored with restrictive permissions. Access to the console requires two-factor authentication. We follow the principle of least privilege throughout.
Your rights
You may request access to, correction of, or deletion of account data we hold, and you may object to specific processing. Because most telemetry is under your direct control in a self-managed deployment, you can action much of this yourself in the console. Contact us for anything you cannot.
Changes
We will post any material change to this policy here and update the date above. Continued use after a change means you accept the revised policy.