• Information and Communications Technology
• Cybersecurity

Purpose of Data Collection

Avanan processes all files and messages that an organization might store or transmit in a cloud-based service to determine policy compliance or malicious intent. Avanan has no control over the content of these files or messages, which may contain personal data. Once processed, the compliance status or malicious determination is stored as metadata, and the original files deleted after 14 days if non-malicious. A limited amount of personal data may be collected within the metadata to which noncompliant files or malicious code is attached such as email or IP address. The original message or file which could potentially contain personal information is neither stored nor shared with third parties, except in those cases in which the owner of the data has requested that Avanan send files and messages to a third party sub-processor for additional analysis. In these cases, the PrivacyShield and GDPR status of any third party sub-processor is determined and disclosed to the owner.

Questions or Complaints?

If you have a question or complaint, please contact Avanan at: