ThreatView Logo

ThreatView Cookie Policy


General Provisions

As a rule, TuracoLabs does not collect or retain personal data except for what data is strictly necessary in order to provide our services in a secure manner. For example, if you are a customer we will request (and store) an email address as your user identifier in our portal and optionally other contact details such as a phone where we can reach you in case of emergency, a billing address for invoices and other similar data. Such data is stored in the most secure way, accessible on a strict need to know basis by authorised personnel for the sole purpose of providing our services. For legal reasons we must retain most such data for relatively long periods, but will never share it with a third party unless required by law, neither use it for any other purpose without your written approval. If you have any questions or concerns about how your information is used please email us at support@turacolabs.com.

Information Commissioner's Office

The Information Commissioner is the UK's independent body set up to uphold information rights and TuracoLabs is a registered Data Controller.

If you would like to know more about your rights under the Data Protection law, and what you should expect from us, visit the Information Commissioner's website. If you have reason to believe that your data is not handled properly, you have the right to lodge a complaint. The contact details of the Information Commissioner's Office are:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 or 01625 545 745
Email: casework@ico.org.uk

Access Logs

This website records and retains access and error logs for security, accountability and identification of potential issues. A log includes always an Internet Protocol address, the URL that was accessed and the HTTP status code returned by us. Depending on the exact use case the log might include other online identifiers such as usernames, web browser versions and geolocation information. We might produce aggregated results from the logs such as total bandwidth consumed over a given period in order to properly size our infrastructure, or web browser versions used by our visitors for compatibility considerations. We use the logs as input to real-time processing systems which will alert us about security breach attempts and/or other issues with our services. For security and accountability reasons, logs are kept in online, searchable form for a minimum period of 3 months and in archived form for a minimum period of 1 year. Regardless of online status, logs are stored in encrypted form and access to them is possible by authorised personnel only, in a heavily audited and hardened environment. We will never attempt to match the logs to a specific individual, unless instructed by the individual in order to debug and resolve an issue they might be facing while using our website (for example inability to log on). We will never share our raw logs with a third party, unless required by law.

Cookies

This website only makes use of functional/session cookies. Session cookies identify visitors within a session, so that users do not have to enter their login details or other similar information (such as having passed the “prove you are not a robot” challenge) with every request. Functional cookies are used as part of the core functioning of the system operation. We use cookies to secure your user experience and to provide you with our services. You can disable cookies but this might have a negative impact on your user experience and some services might not work as expected, or at all. Please see the section “This Website” for a detailed listing of the cookies used by ThreatView including their purpose and expiration.

Data Processor

TuracoLabs does not engage in personal data processing as the term is defined by the GDPR. However, in many cases we provide our clients with various direct and indirect ways of uploading or storing data to our systems as part of our services and have very little control over the content that is uploaded. Therefore, it is possible that personal data might find its way into our systems by accident, by deliberate abuse or attached to a client request the fulfilment of which would constitute personal data processing in terms of the GDPR. Should such an incident come to our attention, we shall take action which, depending on the exact circumstances, might include reporting the incident to the authorities. In any event, we will never process the data.

This Website

ThreatView is primarily hosted on the domain threatview.app, but may be white labled by approved third party organisation and hosted on a vanity domain (eg. threatview.example.com). No data is shared with or available to the third party organisation in this scenario. For the purposes of this document, "this website" refers to the primary domain (threatview.app) and all approved white labled third party domains. ThreatView uses strong security restrictions to ensure that the application can only be hosted on approved domains. By agreeing to the use of cookies outlined in this document, you consent for the use of cookies on all approved domains hosting the ThreatView application. Your visits to this website are tracked for reasons of security and for providing us with analytics that help us conduct our business. This website is hosted in a private cloud managed exclusively by TuracoLabs.

You can request a machine-readable export of your personal data. You can request a correction to your data. Finally, you can request that we delete your personal data. All such requests will be honoured in one working month, subject to you providing us with sufficient proof of evidence. For security reasons this does not include raw access logs. We may be required to retain certain pieces of information for a longer period of time in order to comply with local legal and regulatory requirements.

This website sets one or more of the following cookies:

Functional cookies

_threatview_cookies

This cookie stores your decision to allow the use of cookies, so that you are not asked again.
(Expires: 1 year)

_threatview_user

This cookie is used to store a users email if the "Remember Me" box is selected on the login page. When this cookie is set, the username field of the login page is set automatically. This cookie is not used for any other purpose.
(Expires: 1 year)

_csrf

This cookie is set to contain a unique key for your current browsing session in order to prevent CSRF attacks. This data is only used when validating data submission requests such as a user login. This cookie cannot be used for tracking purposes.
(Expires: 80 days)

_reg_token

This cookie is used to store a token identifying the registration link used to initiate a new user registration, if one is used. This is necessary to ensure the new account is associated with the correct parent.
(Expires: 24 hours)

threatview_vreg

This cookie is used to store contextual information during the registration of user accounts.
(Expires: 24 hours)

threatview

This cookie is set on login and contains your authenticated session ID which is used to validate authorisation on all requests made during the use of the application. The cookie is only used for authorisation/authentication purposes.
(Expires: 1 day)

threatview_imp

This cookie is set when using the user context switching feature provided for administrative accounts which manage subordinate user accounts. The cookie stores the original session ID of the currently logged-in user.
(Expires: 1 day)

threatview_aperia

This cookie is set when using the Aperia SSO feature to access the PCIApply PCI Compliance portal. The cookie contains the SSO session ID associated with the currently logged-in user.
(Expires: 1 day)

darkMode

This cookie is set when the user chooses the dark mode style sheet. This style provides a darker choice of colours that may be easier to look at.
(Expires: 1 year)