TEHTRIS MTD – Privacy policy
The privacy protection in the personal data processing is a major concern to which TEHTRIS pays particular attention. That is why we want to be completely transparent about the data we collect to protect your Device.
This Privacy Policy describes the data processing terms by the TEHTRIS Mobile Threat Defense application for its consumer version (hereinafter “TEHTRIS MTD Home”) and its business version (hereinafter “TEHTRIS MTD Enterprise”).
By downloading and activating TEHTRIS MTD, you indicate that you consent to the data collection, use, disclosure and storage practices described in this Policy.
TEHTRIS reserves the right to modify this Privacy Policy at any time as legislation, our data collection and use practices, and the TEHTRIS MTD’ functionalities evolve. Please check this page periodically for the latest changes. Your TEHTRIS MTD application’ continued use following the posting of changes to this Privacy Policy indicates your acceptance of those changes.
For TEHTRIS MTD Enterprise, You may have been directed to download and install the TEHTRIS MTD Enterprise application as a result of Your employment with a business entity. If you have any questions or requests regarding the data collection, use, disclosure and security practices of your employer (“Employer”) please direct them directly to Your entity.
TEHTRIS respects your privacy and your personal data.
1. What is TEHTRIS MTD?
TEHTRIS MTD is a simplified deployment application with mobile threat capabilities. Thanks to its constantly evolving knowledge base, TEHTRIS MTD may identify malicious applications.
The agent deployed in mobile devices can also discover vulnerabilities at the local configuration level. Indeed, certain metrics can expose devices or make them vulnerable to certain attacks, such as developer mode, a jailbreak, or even the use of an obsolete version of the operating system.
TEHTRIS MTD is managed from a centralized console where technical information collected from your device is transmitted.
| Provisions applicable to | Description |
| TEHTRIS MTD Home TEHTRIS MTD Enterprise | TEHTRIS MTD Home scans applications as soon as they are installed and updated. You can check applications directly from your Device yourself. TEHTRIS MTD Home does not change the settings of your Device, and all applications are scanned for cybersecurity when they are first installed. |
| TEHTRIS MTD Enterprise | TEHTRIS MTD Enterprise scans applications as soon as they are installed and during updates, if applicable, in your Device’s work profile only. Application control (monitoring and alerts) is carried out directly from your Employer’s operational teams and from your Device by yourself. TEHTRIS MTD Enterprise may change the settings of your Device according to Your Employer’s instructions (passwords policy…). |
2. What data is collected on my Device?
TEHTRIS MTD only collects metadata related to the applications installed on your Device, or the application itself. We do not collect the user data you enter in these applications. Therefore, we do not collect, read, review or analyze your e-mail, SMS, photos or videos.
TEHTRIS MTD collects certain categories of data on your device according to the applicable version:
| Provisions applicable to | Description |
| TEHTRIS MTD Home TEHTRIS MTD Enterprise | Device Data: Device manufacturer and model, unique device identifier (UID); enrollment date; last login date; user-entered Device name; number of CPUs, amount of RAM, amount of memory available, Device version;Application Data: metadata for all applications installed on your Device (including, but not limited to, application names and versions). The alerts raised by the application and their level of criticality. The number of malware-like applications present on the devices. In some cases, we can also collect a copy of the application without user’s data; |
| TEHTRIS MTD Enterprise | Device configuration data, such as whether the Device allows root access or whether its hardware restrictions have been removed (jailbreak) ;Firmware/operating system data, including the manufacturer’s name and model of the device, certain technical parameters of the Device (including display size and firmware version), type and version of the device’s operating system;Analysis data: used to analyze the product performance on your Device; Identifying Data: such as your business e-mail address for Your registration, if applicable, or in the event of a possible compromise analysis, i.e. if the address is not part of a database of leaked identifiers; Geolocation data: Geolocation when activated by the End User and/or the Employer; last known locations of the Device; Network Data: Metadata about the networks to which the Device connects (including, but not limited to, the network SSID or the unique MAC/BSSID address of the network equipment) and IP address (which may indicate your country and geographic location); Name of the Wi-Fi network to which the Device is connected to identify whether the Wi-Fi network is at risk;Web content data: URLs and domain names associated with malicious content or requiring additional analysis Please note that we require certain types of information to provide TEHTRIS MTD Enterprise according to Your Employer’s instructions. If you do not provide us with this information or if we need to delete it following a request to do so, you may not be able to access the services. TEHTRIS MTD Enterprise may requires all employee mobile devices to be associated with a given email address. As a result, your Employer may need to provide your email address to TEHTRIS in order to activate the services. |
3. How is my data used?
As soon as you download, install and/or activate the TEHTRIS MTD application, it begins collecting data from your Device. The data we collect on your Device allows us to detect threats on Your Device improve TEHTRIS MTD and our other offerings. We use the data we collect for a variety of business purposes depending on the applicable version as described below:
| Provisions applicable to | Description |
| TEHTRIS MTD Home TEHTRIS MTD Enterprise | Device Data: The UID is an application-generated identifier. It allows TEHTRIS to identify the Device to ensure the management and administration of the licenses and not to cross-reference the information with other databases;Application Data: we use this data to enable You to use our services by performing analyses of application files to determine whether certain applications exhibit malicious behavior. When we scan applications on your Device, if we detect an application that we have not yet scanned, we may download a copy of all or part of it to determine whether it presents a security risk. We do not collect the user data you enter applications when we download a copy, we only take the package that installs the application, not the application itself, nor the associated data. |
| TEHTRIS MTD Home | Registration Data: for the management of the consents given at the installation;Network Data: Attackers can use Internet connections, including Wi-Fi networks, to steal data. We can use your network SSID to identify known networks. The IP address is not permanently stored and will only be used for load balancing. We anonymize this data and aggregate it for regional application popularity and mobile threat analysis. This information remains anonymous to ensure data privacy: We make this data anonymous and aggregate it for the purpose of tracking application popularity by region and for our mobile threat analysis. This information remains anonymous to ensure data confidentiality. If we disclose the results of our analysis to the public, we do so in aggregate and anonymized form to protect your privacy. The legal basis for the use of your information is your consent given at the TEHTRIS MTD’s Terms of Use and Privacy Policy’s acceptance prior to its use. You may withdraw your consent at any time by uninstalling the application. |
| TEHTRIS MTD Enterprise | Configuration Data: We analyze Your Device’s configuration data to determine if it has been modified, compromised or insecurely configured, for example to detect if it has been infected, rooted or jailed, or if no password has been configured;Firmware/Operating System Data: we use this information to identify compromised firmware and operating systems and to notify you when a security update is available for your device;Network Data: Attackers may use Internet connections, including Wi-Fi networks, to steal data. We may use your network SSID to identify know networks. TEHTRIS may also identify your country and region from your IP address;Web content data: We analyze traffic on your Device to detect threats and block access to phishing or malicious websites. Your Employer will be notified if you encounter a threat. When we analyze an application for the first time on your Device, we may download a copy of all or part of it to determine if it represents a security risk. If so, we give you two options: uninstall the application or ignore the risk. We also collect the chosen correction option (uninstall or ignore) for malicious applications and files. We also use the collected data to determine the risk level of your Device (low, moderate or high). If we disclose the results of our analysis to the public, we do so in aggregate and anonymized form to protect your privacy and that of your Employer. The legal basis for the use of your information, as set out in this Privacy Policy, depends on your relationship with your Employer and the use case in which your Employer is involved. It may include the following purposes : a) the use of your personal information is necessary to fulfill our obligations under any contract we enter into with you (for example, for your Employer to perform the employment contract or for TEHTRIS to comply with the Terms of Use that you have agreed to by downloading and/or using our applications); or b) if the use of your information is not necessary for the performance of a contract, it is nevertheless necessary for our legitimate interests or those of the Employer or third parties (for example, to ensure the security of the services, to operate the services, to ensure secure environments for our staff, your Employer’s staff, to make and receive payments, to prevent fraud), as well as to comply with legal requirements, such as data security. |
4. Is my data shared with third parties?
| Provisions applicable to | Description |
| TEHTRIS MTD Home TEHTRIS MTD Enterprise | For security and technical organizational reasons, TEHTRIS stores your personal data at its OVH Cloud data hosting provider located in France. By default, when we process your personal data, everything is protected and encrypted, which means that OVH Cloud cannot read your data, thanks to a robust internal security model (security and privacy by design). This data retention is only used for secure storage purposes. We may be required by law, court decisions and/or requests from public and governmental authorities to disclose your personal data. We may also disclose your personal data if we believe in good faith that such action is necessary to comply with legal requirements or legal process; prevent crime or protect national security; protect users or the public. We may also disclose personal information if we determine in good faith that disclosure is reasonably necessary to protect our rights and exercise available remedies, enforce this Privacy Policy, the End User Terms of Use. We do not use the data collected on your Device to sell You products. Nor do we share it with third parties for marketing purposes. |
| TEHTRIS MTD Enterprise | The central management console in TEHTRIS MTD Enterprise allows Your Employer or persons authorized by Your Employer to access certain information related to the security of your Device. TEHTRIS MTD Enterprise shares with Your Employer only the information necessary to enable Your Employer to ensure that Your Device does not pose a threat and complies with Your entity’s security policies. TEHTRIS MTD may inform your Employer about applications on your device. Your Employer can view your Device attributes such as model and operator. Your Employer can view applications that have been identified as malicious, as well as those that are contrary to Your Entity’s policy. To learn the possible consequences of violating Your Entity’s policies, please contact Your Employer. TEHTRIS MTD Enterprise does not allow Your Employer to view the content of Your personal email and SMS messages, detailed browsing history, contacts or calendar. Your Employer may have the right to access this information on its own, for example when it is transmitted using a Device or network provided by your Employer. |
5. How is my Data protected?
| Provisions applicable to | Description |
| TEHTRIS MTD Home TEHTRIS MTD Enterprise | To protect your personal data, TEHTRIS uses all technical and organizational security measures within its power to minimize the risk of accidental or intentional manipulation, loss, destruction and access by unauthorized persons. TEHTRIS’ security measures and procedures are continually improved as new technologies become available. All TEHTRIS employees as well as potential subcontractors are subject to an obligation of confidentiality. We retain personal data only for as long as reasonably necessary to provide our products and services to comply with legal requirements. In general, the data collected by TEHTRIS MTD is kept on a best-efforts basis up to the storage capacity of our disks and for a period not exceeding six (6) months. We may delete your data after 90 days if your account is inactive, as well as in the cases mentioned in our Terms of Use. |
| TEHTRIS MTD Enterprise | if your Employer has authorized the capture of geolocation data, this data will only be kept for a limited period of two (2) months. |
6. Where is my data storaged?
For reasons of security and technical organization, TEHTRIS stores your personal data at its OVH Cloud data host, located in European Economic Area. By default, when we process your personal data, everything is protected and encrypted, which means that OVH Cloud cannot read your data, thanks to a robust internal security model (security and privacy by design). This data retention is only used for secure storage purposes.
7. What are my rights and choices regarding my data?
| Provisions applicable to | Description |
| TEHTRIS MTD Home | Where data processing is subject to your consent, you may withdraw your consent at any time, without affecting the lawfulness of the processing carried out prior to such withdrawal. You have the right to (1) request access to, and correction or deletion of, the information collected about them; (2) request to limit the processing of their information; (3) object to the processing of their information; or (4) in certain very limited cases, request the portability of certain information. You also have the right to file a complaint regarding the manner in which your personal data is processed with the supervisory authority: Commission Nationale de l’Informatique et des Libertés. |
| TEHTRIS MTD Enterprise | Where the processing of Data is subject to your consent, you may withdraw such consent at any time, without affecting the lawfulness of the processing carried out prior to such withdrawal. To withdraw your consent, please contact your Employer. You have the right to (1) request access to, and correction or deletion of, the information collected about them; (2) request to limit the processing of their information; (3) object to the processing of their information; or (4) in certain very limited cases, request the portability of certain information. To exercise these or other rights, please contact your Employer. You also have the right to file a complaint regarding the manner in which your personal data is processed on behalf of Your Employer with the supervisory authority: Commission Nationale de l’Informatique et des Libertés (French Data Protection Authority). |
8. Data Protection Officer’s contact details
| Provisions applicable to | Description |
| TEHTRIS MTD Home | For all your requests concerning the processing of your personal data, we invite you to contact the TEHTRIS DPO privacy@tehtris.com. |
| TEHTRIS MTD Enterprise | For all your requests concerning your personal data processing, we invite you to contact your Employer |
Last policy updated: February 2022