Privacy Policy

Last Updated: June 2026

Overview

SafeHOWs is committed to protecting the privacy of houses of worship and their communities. This policy explains how we handle data in our threat intelligence screening service.

What Data We Process

  • Threat Intelligence Data: Information from government agencies, law enforcement, international organizations, and trusted industry threat-sharing communities about known threats. This includes publicly available data from official sources as well as indicators shared through collaborative security platforms.
  • Screening Requests: When a house of worship submits a name for screening, we check it against our threat intelligence database. We do not permanently store screening requests.

Threat Indicator Data Handling

SafeHOWs receives threat indicators — such as names, aliases, and identifying information associated with known or suspected threats — from multiple sources including government watchlists, international organizations, and industry threat-sharing platforms. We handle this data as follows:

  • Purpose limitation: Threat indicators are used exclusively to support security screening for houses of worship. They are never used for marketing, advertising, profiling unrelated to security, or any commercial purpose beyond our stated mission.
  • Access controls: Threat indicator data is accessible only to authorized systems and personnel required to operate the screening service. Access is governed by role-based permissions and logged for audit purposes.
  • No unauthorized redistribution: We do not redistribute, resell, sublicense, or publicly disclose raw threat indicator data received from partner platforms or sharing communities. Screening results provided to our customers contain only match/no-match determinations and relevant context, not bulk indicator data.
  • Retention and deletion: Threat indicators are retained only as long as they remain relevant for active screening. Indicators that are revoked, expired, or withdrawn by the originating source are removed from our systems in a timely manner.
  • Compliance with sharing agreements: Where threat indicator data is received under specific sharing agreements, data use terms, or visibility restrictions set by the originating party, we honor those restrictions in full. This includes respecting any limitations on further sharing, required handling classifications, or usage constraints.
  • Aggregation and anonymization: Any statistics, reports, or research derived from threat indicator data are presented only in aggregate or anonymized form that cannot be used to reconstruct the original indicators or identify their source.

What We Do NOT Collect

  • We do not collect personal information about event attendees
  • We do not track individuals
  • We do not sell or share data with third parties for marketing
  • We do not store screening results beyond the immediate response
  • We do not use threat indicator data for purposes other than security screening

Data Security

All data is hosted on Amazon Web Services (AWS) with:

  • Encryption at rest (AES-256) and in transit (TLS 1.2+)
  • Role-based access controls and multi-factor authentication
  • Audit logging of all data access
  • Regular security assessments and updates
  • Isolated storage environments for threat indicator data

Data Breach Notification

In the unlikely event of a data breach involving threat indicator data, we will notify affected data-sharing partners and relevant authorities in accordance with applicable laws and our contractual obligations, without undue delay.

Contact

For privacy-related questions, contact us at contact@nextaspects.net.