GreenFlag Monitor – Privacy Policy

Last Updated: January 2026

1. Data Collection Scope

The GreenFlag Agent collects specific technical telemetry to validate that the device meets the company's security requirements.

Collected Data:

• Identity: Hostname, Username (current session), and Device Hardware ID.
• Security Metrics: BitLocker Drive Encryption status, Antivirus/Threat Protection status, and Screen Lock configuration.
• OS Health: Operating System version and Windows Update status.

NOT Collected:

To ensure your privacy, the Agent is strictly designed NOT to collect:

• Browsing history or website logs.
• Contents of files, emails, or chat messages.
• Keystrokes (Keylogging) or Screen Captures.
• Microphone or Camera feeds.

2. Data Processing & Location

We prioritize the security and sovereignty of your data. All infrastructure is hosted within the European Union via Microsoft Azure, ensuring full GDPR compliance:

• Application Interface (Frontend): Hosted in Azure West Europe (Netherlands).
• API & Data Processing: Hosted in Azure France Central (Paris).
• Database Storage: Data is encrypted at rest and stored in Azure Database for PostgreSQL (France Central).

All data remains within EU jurisdiction and never leaves the European Economic Area.

3. Data Retention

Device health telemetry is retained for audit trails and compliance history.

Retention Period: Data is stored for 24 months.

After this period, data is automatically deleted or anonymized, unless required longer for specific legal or security investigations.

4. Legal Basis (GDPR)

This processing is conducted under the legal basis of Legitimate Interest (GDPR Recital 49) to ensure network and information security.

5. Your Rights

As a user, you have the right to request access to the specific data collected from your device. For any privacy concerns or data access requests, please contact us at support@greenflag.pt.