SpecterHawk
Home Terms Privacy Export Government Use
Data Protection

Data Protection / Enterprise Data

Last updated: July 4, 2026

This notice describes SpecterHawk's public-facing approach to enterprise, government, partner, and customer data. It is not a data processing addendum, security addendum, authorization package, or classified-system handling procedure. Binding requirements must be documented in the applicable written agreement.

1. Scope

This notice applies to pre-contract, public-facing, and evaluation discussions unless a written agreement states otherwise. Customer environments, controlled deployments, restricted pilots, protected demonstrations, and operational integrations must be governed by written terms that define scope, roles, processing instructions, security controls, retention, and deletion.

2. Website Data vs. Enterprise Data

Website data is handled under the Privacy Policy. Enterprise data includes customer-provided data, partner data, government data, telemetry, evidence artifacts, system logs, mission-context information, procurement materials, deployment configuration, and other information processed under a written agreement. Enterprise data should not be submitted through public website channels unless the channel is expressly approved in writing.

3. Roles and Processing Instructions

Depending on the engagement, SpecterHawk may act as a controller, processor, service provider, contractor, subcontractor, operator, or independent recipient of information. The applicable agreement should define the role, permitted processing, lawful basis where relevant, customer instructions, confidentiality obligations, audit rights, and assistance obligations.

4. Controlled and Restricted Data

Classified information, controlled unclassified information, export-controlled technical data, sensitive operational data, protected health information, payment data, credentials, and other restricted information require a documented handling path before disclosure. SpecterHawk may reject, quarantine, delete, or restrict improperly submitted restricted data.

5. Security Controls

Security controls for enterprise data should be defined by the applicable agreement, data classification, deployment model, and customer requirements. Controls may include least-privilege access, authentication, encryption where appropriate, logging, monitoring, environment separation, incident response, vendor review, secure deletion, and change management.

6. Subprocessors, Vendors, and Infrastructure

Where SpecterHawk uses subprocessors, vendors, or infrastructure providers for enterprise processing, the applicable agreement should define approval, notice, flow-down obligations, confidentiality, security, audit, transfer, and replacement requirements. Subprocessor information may be made available under agreement or procurement process where appropriate.

7. Retention, Return, and Deletion

Retention, return, deletion, archive, legal hold, and evidence-preservation obligations for enterprise data must be documented in the applicable agreement. Where no written enterprise terms apply, SpecterHawk may retain information only as reasonably necessary for security, legal, audit, business, dispute-resolution, or compliance purposes.

8. International Transfers

Where enterprise data is transferred internationally, the applicable agreement should define transfer locations, transfer mechanisms, safeguards, government-access considerations, and customer approval requirements where required by law.

9. Incident Notification

Security incident notification obligations for enterprise data must be defined in the applicable agreement. Public website security events are handled under the Privacy Policy and Terms. SpecterHawk may take immediate protective steps to investigate, contain, remediate, preserve evidence, or comply with law.

10. Audit, Compliance, and Assurance

Any audit, assessment, certification, accreditation, security package, control mapping, or assurance obligation must be expressly agreed in writing. Public website materials do not represent that a system is certified, accredited, authorized to operate, or approved for a particular regulatory environment.

11. Regulatory Alignment

Where applicable to an engagement, enterprise data terms may need to address privacy, cybersecurity, public-sector, defense, export-control, records, localization, accessibility, audit, and incident-notification requirements. Any mapping to GDPR, UK GDPR, U.S. state privacy laws, sector-specific rules, NIST frameworks, ISO standards, SOC reports, FedRAMP-style requirements, or local public-sector controls must be documented in the applicable written agreement and supported by engagement-specific evidence.

12. Contact

For enterprise data, privacy, or security process questions: available soon.

SpecterHawk enterprise data documentation.