Privacy Policy

Last updated: January 2026

1. Introduction

H2IO ("we", "our", or "us") is committed to protecting the privacy of our customers and users. This Privacy Policy explains how we collect, use, and safeguard information in connection with our infrastructure compliance monitoring services.

2. Data Controller

The data controller for processing activities is triageIO, registered in the European Union. All personnel are exclusively EU member state citizens. For self-hosted deployments, the customer acts as the data controller for their own infrastructure telemetry.

3. Information We Collect

H2IO collects the following categories of information:

4. Purpose of Processing

We process data for the following purposes:

5. Legal Basis

Our processing activities are based on:

6. Data Retention

Infrastructure telemetry and audit logs are retained according to customer-configured policies, with a default retention period aligned to regulatory requirements (typically 5-7 years for financial services). Customers may configure shorter retention periods where permitted.

7. Data Security

Telemetry data is protected using appropriate cryptographic measures in transit and at rest. We endeavor to implement technical and organizational measures appropriate to the risk in accordance with Article 32 GDPR, which may include access controls, audit logging, and periodic security reviews. Access to customer data is restricted to authorized personnel who are exclusively EU member state citizens.

8. Data Transfers

Data processing generally occurs within the European Economic Area. In the event that a transfer outside the EEA becomes necessary, such transfer would be conducted in accordance with GDPR Chapter V requirements.

9. Your Rights

Under applicable data protection law, you have rights including access, rectification, erasure, restriction, portability, and objection. To exercise these rights, contact your account representative or our data protection team.

10. Contact

For privacy-related inquiries, please contact us through the standard customer support channels or at the address listed in your service agreement.