The purpose of this datasheet is to provide Sophos customers with information on how your personal data is handled when you use our Capsule8 Protect offering. In this document, we provide information about the Capsule8 Protect data handling practices, including personal information collection, use and storage.
SOPHOS CAPSULE8 PROTECT
Sophos Capsule8 Protect provides security relevant information, including alerts, events, audit records and investigations data for security and operations teams on Linux environments. This information is designed to be used to identify security threats or vulnerabilities and then take meaningful action to investigate and/or remediate.
Information Processed by Sophos Capsule8 Protect
The following personal information may be processed by Capsule8 Protect:
- Host Public IP address;
- Customer authentication token;
- Customer login details including username and password; and
- Operations performed within the customer console
PURPOSE OF INFORMATION PROCESSED BY THE CAPSULE8 PROTECT
Data processed by Capsule8 Protect is used for the purposes of:
- validating the customer’s authentication token;
- to provide status and compliance and incident management workflows to the customer within their console;
- to record auditing information on the operation performed within the console;
- send alert data to a customer’s chosen vendor;
- to provide customer support
Data processed by Capsule8 Protect is also processed for the benefit of the customer and analyzed for
purposes of Sophos threat detection and response, reporting, customer-side analysis, and future innovation.
Sophos processes the information identified above for the purpose of performing the service(s) to you in accordance with the Sophos Service Agreement.
To find out about the subprocessors that may be used by Capsule8 Protect, visit our Sub-processor listing to find out more about sub-processors engaged by Sophos.
Sophos applies its retention policies to delete and purge data that is no longer needed for the purpose for which the personal data was originally collected. Other data retention policies are set by the specific products and/or licenses purchased by the customer.
OUR COMMITMENT TO PRIVACY
Sophos is committed to complying with data protection rules and protection of personal data processed on the platform. Unless otherwise stated, Sophos will access data to enable it to provide the services you have signed up for, to enhance features and services that bring benefits to the customer and for R&D innovation of future capabilities.
Sophos may access customer information related to your use of Sophos Capsule8 Protect for purposes of providing technical support. Specific services may also require access to customer accounts as detailed in the applicable EULA.
The information contained in this privacy data sheet may change at any time and is only meant for general awareness. This Privacy Data Sheet is not meant to constitute legal advice, warranty of fitness for a particular purpose or compliance with any applicable laws.