Data Protection / Enterprise Data
Last updated: July 4, 2026
This notice describes SpecterHawk's public-facing approach to enterprise, government, partner, and customer data. It is not a data processing addendum, security addendum, authorization package, or classified-system handling procedure. Binding requirements must be documented in the applicable written agreement.
1. Scope
This notice applies to pre-contract, public-facing, and evaluation discussions unless a written agreement states otherwise. Customer environments, controlled deployments, restricted pilots, protected demonstrations, and operational integrations must be governed by written terms that define scope, roles, processing instructions, security controls, retention, and deletion.
2. Website Data vs. Enterprise Data
Website data is handled under the Privacy Policy. Enterprise data includes customer-provided data, partner data, government data, telemetry, evidence artifacts, system logs, mission-context information, procurement materials, deployment configuration, and other information processed under a written agreement. Enterprise data should not be submitted through public website channels unless the channel is expressly approved in writing.
3. Roles and Processing Instructions
Depending on the engagement, SpecterHawk may act as a controller, processor, service provider, contractor, subcontractor, operator, or independent recipient of information. The applicable agreement should define the role, permitted processing, lawful basis where relevant, customer instructions, confidentiality obligations, audit rights, and assistance obligations.
4. Controlled and Restricted Data
Classified information, controlled unclassified information, export-controlled technical data, sensitive operational data, protected health information, payment data, credentials, and other restricted information require a documented handling path before disclosure. SpecterHawk may reject, quarantine, delete, or restrict improperly submitted restricted data.
5. Security Controls
Security controls for enterprise data should be defined by the applicable agreement, data classification, deployment model, and customer requirements. Controls may include least-privilege access, authentication, encryption where appropriate, logging, monitoring, environment separation, incident response, vendor review, secure deletion, and change management.
6. Subprocessors, Vendors, and Infrastructure
Where SpecterHawk uses subprocessors, vendors, or infrastructure providers for enterprise processing, the applicable agreement should define approval, notice, flow-down obligations, confidentiality, security, audit, transfer, and replacement requirements. Subprocessor information may be made available under agreement or procurement process where appropriate.
7. Retention, Return, and Deletion
Retention, return, deletion, archive, legal hold, and evidence-preservation obligations for enterprise data must be documented in the applicable agreement. Where no written enterprise terms apply, SpecterHawk may retain information only as reasonably necessary for security, legal, audit, business, dispute-resolution, or compliance purposes.
8. International Transfers
Where enterprise data is transferred internationally, the applicable agreement should define transfer locations, transfer mechanisms, safeguards, government-access considerations, and customer approval requirements where required by law.
9. Incident Notification
Security incident notification obligations for enterprise data must be defined in the applicable agreement. Public website security events are handled under the Privacy Policy and Terms. SpecterHawk may take immediate protective steps to investigate, contain, remediate, preserve evidence, or comply with law.
10. Audit, Compliance, and Assurance
Any audit, assessment, certification, accreditation, security package, control mapping, or assurance obligation must be expressly agreed in writing. Public website materials do not represent that a system is certified, accredited, authorized to operate, or approved for a particular regulatory environment.
11. Regulatory Alignment
Where applicable to an engagement, enterprise data terms may need to address privacy, cybersecurity, public-sector, defense, export-control, records, localization, accessibility, audit, and incident-notification requirements. Any mapping to GDPR, UK GDPR, U.S. state privacy laws, sector-specific rules, NIST frameworks, ISO standards, SOC reports, FedRAMP-style requirements, or local public-sector controls must be documented in the applicable written agreement and supported by engagement-specific evidence.
12. Contact
For enterprise data, privacy, or security process questions: available soon.