PRIVACY POLICY
Security Central Privacy Policy
Effective: October 1, 2025 • Last Updated: October 1, 2025
Entity: Security Central, Inc., 316 Security Drive, Statesville, NC 28677 USA
Who this policy is for: Visitors to our websites, end-user customers, authorized dealers/partners, and other business contacts. Employees & job applicants have a separate notice (see the standalone Employee & Applicant Privacy Notice) to keep this document concise and audience-appropriate.
This policy is informational only and does not create contractual rights. Dispute resolution, governing law (North Carolina), and arbitration terms are set in our Terms of Use; regulator/small-claims carve-outs apply.
1) Executive Summary (Quick Reference)
| Audience | What we collect (examples) | Why we use it | Key sharing |
|---|---|---|---|
| Website Visitors | IP, device IDs, cookies/analytics; contact form/ inquiry/newsletter inputs | Run the site, security/fraud prevention, analytics, respond to inquiries | Analytics/website vendors; no sale or sharing for cross-context behavioral ads |
| End-User Customers (Monitoring Subscribers) | Contact & account data; alarm events; recorded calls; device/usage; audio/video if monitored; biometric auth if enabled; payment details | Provide & support 24/7 monitoring; verify alarms & dispatch; training/QA; billing; legal/compliance | Emergency responders; your dealer (if applicable); service providers under DPA/contract |
| Mobile App Users (via partner platforms) | Account IDs, device/usage data within the partner app | Enable system control & alerts; integrate with partner platform | Exchange necessary data with platform provider (they have their own privacy notice) |
| Dealers & Business Contacts | Business contact details; portal credentials; transaction records | Operate dealer relationship, portals, support, training, payments | Service providers (IT/hosting/CRM); customers as needed for service |
| Everyone | Security logs; troubleshooting data | Security, incident response, fraud prevention | As necessary to protect users and comply with law |
2) Scope & Layering
This Policy covers personal information we process in the U.S. and Canada across our websites, monitoring services, partner apps, dealer portals, and business operations. Regional addenda provide jurisdiction-specific rights and disclosures (see Appendices A–D).
3) Information We Collect (by category)
- Identifiers & Contact Details: Name, addresses, email, phone; account numbers; authorized contact lists.
- Account & Device/Usage Data: Portal logins, device info, IP, app/portal interactions, alarm arming/disarming and sensor activity.
- Audio/Video: Recorded support/monitoring calls; video verification/surveillance content where applicable; facility surveillance (not used for marketing).
- Biometric Identifiers (limited use): If enabled (e.g., voice passphrase; employee timekeeping/access), collected with required consent and subject to a biometric retention schedule; never sold.
- Emergency/Health Notes (if provided): For emergency response (e.g., medical notes to assist first responders) or HR accommodations; stored/used only for that purpose.
- Payment/Financial: Processed via PCI-compliant processors; we retain only what’s needed for billing/records.
- Business Intelligence/Enrichment: Professional/company details from reputable third-party providers using publicly available/licensed data to maintain accurate records and support legitimate business purposes.
4) How We Use Information (purposes)
Deliver, maintain, and improve monitoring and related services; verify alarms and contact emergency responders; train operators using recorded calls; provide customer support; billing and account administration; detect/prevent fraud and abuse; comply with law; and protect our users and systems.
5) Cookies, Tracking & Global Opt-Out Signals
We use necessary (security/login), functional/performance, and analytics cookies/SDKs. We do not sell your data or engage in cross-context behavioral advertising.
Opt-out preference signals (e.g., GPC): We honor recognized signals as required (e.g., California GPC; Colorado UOOMs) and apply them to your browser/device and, when known, to your account.
6) Marketing, SMS/Calls & Consent
- Email: Operational emails as needed. Marketing emails include an unsubscribe; Canadian CASL consent rules honored.
- Texts/Calls: No marketing texts/calls to wireless numbers without prior express written consent that specifically names Security Central; consent is one-to-one (no “consent for many”). You can revoke at any time.
7) When We Share Information
We share only what’s necessary to deliver services, support account holders, or comply with legal obligations, including with:
- Emergency responders (police, fire, EMS)
- Account holders and authorized dealers
- Guard service providers (for alarm verification)
- Service providers (monitoring platforms, telecom/SMS, cloud hosting/IT, business intelligence vendors)
When we provide monitoring on behalf of dealer partners, we act strictly as a service provider/processor under their instructions (see Dealer Data Processing Addendum).
8) International Transfers
We are U.S.-based. If you are outside the U.S. (e.g., Canada), your data may be processed in the U.S. We use contractual/organizational safeguards for cross-border transfers and support Québec assessments as needed (see regional addenda).
9) Retention (Category-by-Category)
We retain personal information only as long as necessary for disclosed purposes or as required by law. We disclose the period or criteria for each category at/before collection (see Appendix D). We maintain secure deletion/anonymization processes and timed backup purges; some records (e.g., alarm logs) are retained for evidentiary/legal limitation periods.
10) Your Rights & How to Exercise Them
- Access, correction, deletion, portability (jurisdiction-dependent)
- Opt-out of targeted advertising/sale (where applicable)
- Appeal (e.g., VA/CO) if we decline a request
- Authorized agents (CA) with proper verification
Submit requests via privacy@security-central.com, 1-800-438-4171, or the account portal. We verify identity/authority before responding. Timing/appeals follow applicable law; see regional addenda.
Nondiscrimination: We will not discriminate against you for exercising your rights.
11) Security
We implement administrative, technical, and physical controls appropriate to the data (e.g., encryption in transit/at rest, least-privilege access, logging/monitoring, incident response, employee training, vendor risk management). We notify affected parties and, where applicable, regulators as required by law.
12) Children
Our services are not directed to children under 13. If we learn we collected information from a child under 13 without parental consent, we will delete it.
13) Changes to This Policy
We update this Policy as our practices and laws evolve, posting the updated date and providing prominent notice or consent where required.
14) Contact Us
Email: privacy@security-central.com • Phone: 1-800-438-4171 • Mail: Privacy Officer, Security Central, Inc., 316 Security Drive, Statesville, NC 28677, USA. We respond as soon as reasonably possible (typically within 30 days). Accessibility accommodations available on request.
Appendix A — U.S. State Privacy Matrix (material differences only)
| Topic | California (CPRA) | Colorado (CPA) | Virginia (VCDPA) | Notes |
|---|---|---|---|---|
| Opt-out signals | Must process opt-out preference signals (e.g., GPC) for sale/sharing; can be frictionless. | Must honor recognized UOOMs; AG recognizes GPC. | No recognized signal list; honor valid consumer requests. | We honor GPC broadly. |
| Targeted ads | Opt-out of “sharing.” | Opt-out of targeted advertising. | Opt-out of targeted advertising. | We don’t engage in cross-context ads. |
| Sensitive data | Limit use/disclosure; right to limit. | Opt-in required for some sensitive data. | Opt-in for processing sensitive data. | We minimize sensitive data collection. |
| Appeals | Not specified as a formal appeal right. | 45-day appeal window. | 60-day appeal window. | We provide an appeal path. |
| Agents | Authorized agents permitted. | Authorized agents permitted. | Authorized agents permitted. | We verify identity/authority. |
Biometrics (company-wide baseline): Written consent; published retention schedule; destroy when purpose satisfied or within 3 years of last interaction (meets IL BIPA). Texas requires notice and consent.
Appendix B — Canada & Québec (Law 25) Addendum
- PIPEDA & similar provincial laws: Access, correction, explanation of uses/disclosures, and complaint mechanisms. CEMs require consent + identification + unsubscribe; we maintain consent records.
-
Québec Law 25 highlights:
- Data portability (in force Sept. 22, 2024): structured, commonly used format; transmit to another organization when technically feasible.
- Deindexation/cessation of dissemination in certain cases (rare for our model; evaluated when applicable).
- No solely automated decisions with legal/significant effects; if that changes, we will provide required notices and human review.
- Cross-border transfers: we support Québec transfer assessments and safeguards.
- Complaints: OPC (Canada) or CAI (Québec); we will cooperate.
Appendix C — Cayman Islands Addendum (DPA 2017)
If we process personal data of Cayman data subjects (e.g., dealers/partners), we comply with the eight data protection principles (fair/lawful processing; purpose limitation; data minimization; accuracy; storage limitation; respect for rights; security; international transfers) and ensure a lawful basis (e.g., contract, consent, legal obligation, vital interests, legitimate interests). We implement appropriate transfer safeguards and provide information on request. Regulator: Cayman Islands Ombudsman.
Appendix D — Retention Schedule (Notice at Collection Cross-Reference)
| Category | Examples | Typical Retention / Criteria |
|---|---|---|
| Contact & Account Identifiers | Name, address, phone, email; account ID; authorized contacts | Account term + up to 7 years (legal/contract, tax, audit); delete/anonymize earlier when no longer needed |
| Alarm Event Logs & System Data | Arming/disarming, sensor triggers, dispatch records | 3–7 years (evidentiary value; statutes of limitation; dealer/agency obligations) |
| Call Recordings (Support/Monitoring) | Inbound/outbound QA/evidence recordings | 18–36 months unless escalated (legal/incident hold) |
| Audio/Video Verification Content | Clips/images from monitored systems; facility video surveillance | 30–180 days unless needed for investigation/legal claims |
| Payments/Billing | Tokenized card info, billing history | Account term + 7 years (finance/tax rules) |
| Biometric Identifiers (if used) | Voice phrase; fingerprint; face geometry (employees) | Destroy when purpose satisfied or ≤3 years after last interaction (IL BIPA baseline) + public retention policy; no sale |
| Website/Portal Logs | IP, device IDs, auth logs | 12–24 months, shorter where feasible |
| HR/Applicant Data | See standalone HR Notice | See Employee & Applicant Privacy Notice |
We disclose period or criteria for each category at/before collection (CPRA/CPPA regs). Secure deletion/anonymization methods apply; backups purge on schedule.
Dealer Data Processing Addendum
When we act as a service provider/processor for dealers, our DPA governs instructions, confidentiality, security, subprocessors, assistance with data subject rights, breach notice, audits, and cross-border safeguards (e.g., SCCs). Contact us for the current DPA.
Employee & Applicant Privacy Notice
Who this covers: Employees, contractors, and job applicants. Separate from the consumer policy for clarity and compliance.
- Categories & purposes: Identifiers & HR records (e.g., SSN/SIN, payroll/benefits, work authorization, performance); biometrics (timekeeping/access control, where used); audio/video (facility surveillance; recorded calls for training); health/leave (only as provided/required).
- Retention: HR files retained for statutory periods; applicant files ~1 year (unless law/consent requires otherwise). Secure deletion/anonymization and backup purges apply.
- Rights & requests: Access/correction and jurisdiction-specific rights (e.g., CA employees under CPRA); submit requests to privacy@security-central.com.
- Dispute & non-contractual notice: Informational; employment/ADR terms governed by applicable agreements and policies.
Biometric Compliance Statement
Security Central obtains required written consent before collecting biometric identifiers; maintains a public retention/destruction policy; and permanently destroys identifiers when the purpose is satisfied or within 3 years of the last interaction (Illinois BIPA). In Texas, we provide notice and obtain consent before capture. We never sell biometric data.
Legal & Regulatory Notes (for counsel)
- CPRA/CPPA regs – Retention & Notice at Collection: Appendix D + cross-reference satisfies disclosure.
- Opt-out preference signals: California (GPC) and Colorado (recognized UOOM list; GPC recognized) reflected in §5.
- TCPA (one-to-one consent; robocalls/texts) reflected in §6.
- CASL: consent + identification + unsubscribe for CEMs; reflected in §6.
- Québec Law 25: portability (Sept. 22, 2024) and deindexation rights; reflected in Appendix B.
- Cayman DPA 2017: principles and cross-border safeguards; reflected in Appendix C.
Cookie preferences
Choose which categories to allow. Strictly necessary is always on.
California residents can manage sharing here: Do Not Sell or Share My Personal Information.
