We value your security.
Confidential – For internal distribution only
This Privacy Policy covers how Sieena, Inc., dba Definity First (“Company”, “we” or “us”) will use its users’ (“User”, “you” or “your”) personally identifiable and financial information (“Personal Data“) as well as general demographic information (“Demographic Data”) that Company gathers when users access and use this website (the “Site”) and when users use our Content. This Site is intended for business prospects and customers only and is not intended for general consumers.
This policy explains how Definity collects, processes, stores, and protects personal and operational data relating to employees, contractors, clients, and partners. It applies to all Definity systems and services, both on-premises and cloud-hosted.
Definity retains ownership of all company data created or processed during business operations, including telemetry, logs, and user-submitted information. Ownership does not override individual privacy rights or applicable legal safeguards.
Data is processed only for operational and security purposes — including analytics, compliance, and service optimization. Any use outside these stated purposes requires prior authorization by Legal and Information Security.
“Personal Data” means information relating to an identified or identifiable individual. “Processing” includes collection, recording, storage, transmission, and erasure. “Controller” and “Processor” have meanings consistent with applicable law.
Access to data follows the principle of least privilege. Permissions are granted on a role-based access control (RBAC) model and reviewed quarterly. Administrative access must include multifactor authentication and a documented justification.
All third-party vendors engaged to process data on Definity’s behalf must pass due diligence reviews and sign agreements enforcing equivalent data-protection obligations.
Cross-border data transfers are restricted to approved jurisdictions. Encryption at rest and in transit is mandatory for all sensitive or regulated information.
We collect data directly from users, system telemetry, access logs, and authorized integrations. Data collection is limited to what is necessary for legitimate business purposes.
Sensitive data is encrypted using AES-256 or better, and key rotation follows Definity’s Cryptographic Key Management Standard. Keys are stored in a Hardware Security Module (HSM).
Only authorized employees in designated departments (IT, Security, Compliance) may access production systems or customer data. Temporary elevation of privileges requires executive approval.
Requests to access, correct, or erase personal data must be submitted to privacy@definity.internal. All requests are logged and processed within applicable timeframes.
If personal information is captured inadvertently during system monitoring, screenshots, or debugging, it must be immediately isolated and purged after analysis.
Definity uses cookies and telemetry for security and performance analytics only. All usage is documented in the internal telemetry inventory.
All personnel must complete annual data-protection training and adhere to this policy. Violations may result in disciplinary action.
In the event of unauthorized access to personal data, the Data Breach Response Plan is activated. Required notifications will be handled by the Privacy Office and Legal.
Where appropriate, users may opt out of optional analytics or marketing communications. Core operational telemetry cannot be disabled.
This policy will be reviewed annually and updated to reflect new regulatory or business requirements. Changes will be announced through internal channels.
Definity retains data only as long as necessary for business, regulatory, or contractual purposes. Details are maintained in the Records Retention Schedule.
Questions or concerns regarding this policy should be referred to the Legal Department. Internal mediation processes are available if disputes arise.
