AnansiTraps AnansiTraps
Join Waitlist

Privacy Policy

Effective Date: March 26, 2026

Last Revised: March 26, 2026

1. Who We Are

AnansiTraps Ltd. ("AnansiTraps," "we," "us," or "our") is a cybersecurity company headquartered in Nairobi, Kenya, specializing in active cyber deception technology. Our platform deploys intelligent decoys, honeypots, and deception assets across enterprise, government, and financial institution infrastructure to detect, engage, and neutralize adversaries before they cause damage.

This Privacy Policy ("Policy") governs how we collect, use, store, and disclose information when you visit our website at www.anansitraps.com (the "Site"), interact with our sales or support teams, or use any AnansiTraps product or service (collectively, the "Platform"). If your organization has a separate data processing agreement or subscription contract with AnansiTraps, the terms of that agreement take precedence where they conflict with this Policy.

Because our Platform serves clients globally — including across Africa, Europe, the Middle East, and North America — this Policy is designed to meet the requirements of multiple applicable data protection frameworks, including the Kenya Data Protection Act, 2019 (KDPA), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the South Africa Protection of Personal Information Act (POPIA).

2. The Nature of What We Do — A Note on Deception Technology

AnansiTraps operates in the cyber deception space. Our core product does not collect, process, or store personal data belonging to legitimate end users — it is designed to interact with, track, and profile unauthorized actors who engage with deception assets deployed within our clients' infrastructure.

To be explicit:

  • Legitimate users of your infrastructure should never interact with AnansiTraps deception assets. If they do, that interaction is logged as a potential security event.
  • Data collected by deception assets (attacker behavior, tooling, lateral movement patterns) is threat intelligence data, not personal data in the conventional sense. It is processed under our clients' data processing agreements.
  • This Policy governs data we collect from website visitors, prospective clients, existing clients, and employees — not attacker telemetry data.

3. Information We Collect

3.1 Information You Provide Directly

When you interact with AnansiTraps through our Site, sales process, or support channels, we may collect:

  • Identity data: Full name, job title, organization name
  • Contact data: Email address, phone number, physical address
  • Professional data: Industry, company size, security stack details (relevant to platform compatibility assessments)
  • Account data: Login credentials, platform configuration preferences
  • Communication data: Content of emails, support tickets, demo requests, and form submissions
  • Event data: Registration information for webinars, conferences, and AnansiTraps-hosted events

3.2 Information We Collect Automatically

When you visit our Site, we automatically collect:

  • Device and browser data: IP address, browser type and version, operating system, device identifiers
  • Usage data: Pages visited, time on page, click paths, referral URLs, search terms used on Site
  • Session data: Login timestamps, session duration, feature usage within the Platform
  • Cookie data: As described in Section 8 below

3.3 Information From Third Parties

We may receive information about you from:

  • Partner organizations: Authorized resellers, system integrators, and technology partners who refer clients to AnansiTraps
  • Threat intelligence feeds: Publicly available cybersecurity data sources used to enrich platform intelligence (this does not include personal data)
  • Background verification providers: For enterprise procurement processes where identity verification is required
  • Cloud platform providers: AWS, Microsoft Azure, and Google Cloud Platform, in connection with Platform deployments, subject to their respective privacy terms

4. How We Use Your Information

We process your information for the following purposes, each grounded in a lawful basis under applicable law:

Purpose Lawful Basis
Responding to inquiries, demo requests, and sales conversationsLegitimate interest / Consent
Provisioning and managing your AnansiTraps Platform accountPerformance of contract
Sending security alerts, product updates, and critical noticesPerformance of contract / Legal obligation
Sending marketing communications (newsletters, threat reports, product updates)Consent (opt-in)
Improving Platform performance, reliability, and featuresLegitimate interest
Conducting security research and threat intelligence analysisLegitimate interest
Complying with legal obligations and regulatory requirementsLegal obligation
Fraud prevention, abuse detection, and platform integrityLegitimate interest / Legal obligation
Processing payments and issuing invoicesPerformance of contract
Hosting webinars, events, and training sessionsConsent

We will never use your personal data for purposes incompatible with those listed above without first obtaining your explicit consent.

5. How We Share Your Information

AnansiTraps does not sell, rent, or trade your personal data. Period.

We may share your information only in the following limited circumstances:

5.1 Service Providers

We engage trusted third-party vendors who process data on our behalf under strict data processing agreements. These include cloud infrastructure providers (AWS, Azure, GCP), CRM platforms, email delivery services, payment processors, analytics providers, and security monitoring tools including Splunk and Sentry. All vendors are bound by confidentiality obligations and may only process your data as we instruct.

5.2 Authorized Partners

With your knowledge and where relevant to your engagement, we may share information with authorized AnansiTraps resellers or integration partners (such as CrowdStrike) to facilitate platform deployment, joint support, or co-managed security operations.

5.3 Legal Requirements

We may disclose your information when required to do so by law, court order, regulatory authority, or to protect the rights, property, or safety of AnansiTraps, our clients, or the public. Where legally permitted, we will notify you of such disclosure.

5.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of AnansiTraps assets, your data may be transferred to a successor entity. We will notify affected users in advance and ensure the receiving party is bound by privacy obligations no less protective than this Policy.

5.5 Aggregated or De-identified Data

We may share aggregated, anonymized threat intelligence insights (e.g., "X% of deception engagements in Q1 involved credential harvesting") publicly or with partners for research purposes. This data cannot be used to identify any individual or organization.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

  • Prospect and lead data: 24 months from last meaningful interaction, unless you opt out earlier
  • Active client data: Duration of the subscription agreement plus 5 years thereafter
  • Support and incident records: 3 years from ticket closure
  • Security and audit logs: 7 years (regulatory and forensic requirements)
  • Marketing consent records: Until consent is withdrawn plus 12 months
  • Deception telemetry data (Platform): As defined in the applicable client data processing agreement

Upon expiry of retention periods, data is securely deleted or anonymized in accordance with industry-standard data destruction practices.

7. International Data Transfers

AnansiTraps is headquartered in Kenya and operates globally. Your data may be stored and processed in Kenya, the United States, the European Economic Area, or other jurisdictions where our cloud infrastructure providers operate.

Where we transfer personal data outside of the EEA, the UK, or South Africa, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Binding Corporate Rules where relevant
  • Data Processing Agreements with all sub-processors

If you are located in the EU or UK and have questions about the transfer mechanisms applicable to your data, contact us at privacy@anansitraps.com.

8. Cookies and Tracking Technologies

We use cookies and similar technologies on our Site to:

  • Maintain your session and preferences
  • Analyze Site traffic and user behavior (via tools such as Google Analytics)
  • Measure the effectiveness of marketing campaigns
  • Deliver relevant content and security research to returning visitors

Types of cookies we use:

TypePurpose
Strictly necessarySite functionality, authentication, security
Analytical/performanceUnderstanding how visitors use the Site
FunctionalRemembering your preferences and settings
MarketingDelivering relevant communications (with consent)

You may manage or withdraw cookie consent at any time via our Cookie Preference Centre on the Site, or by configuring your browser settings. Disabling non-essential cookies will not affect your ability to access core Site content.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

All Users (Kenya Data Protection Act)

  • Right to be informed about data processing
  • Right to access your personal data
  • Right to correction of inaccurate data
  • Right to deletion ("right to be forgotten")
  • Right to object to processing
  • Right to data portability

EU/UK Users (GDPR/UK GDPR)

  • All rights above, plus:
  • Right to restrict processing
  • Right not to be subject to solely automated decision-making
  • Right to lodge a complaint with your national supervisory authority

California Users (CCPA)

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information
  • Right to opt out of the sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising your privacy rights

South African Users (POPIA)

  • Right to access and correction of personal information
  • Right to object to processing
  • Right to lodge a complaint with the Information Regulator of South Africa

To exercise any of these rights, submit a request to privacy@anansitraps.com. We will respond within 30 days (or sooner where required by law). We may request verification of your identity before processing your request.

10. Data Security

AnansiTraps is a cybersecurity company — data security is not a checkbox for us, it is foundational to everything we build.

We protect your personal data using:

  • Encryption in transit and at rest across all Platform environments
  • Role-based access controls (RBAC) limiting data access to personnel with a demonstrated need
  • Multi-factor authentication (MFA) enforced across all internal systems
  • Continuous security monitoring via our own deception platform and integrated SIEM capabilities
  • Regular penetration testing and third-party security audits
  • Incident response procedures with defined breach notification timelines

In the event of a data breach that affects your personal data, we will notify affected individuals and relevant supervisory authorities within the timeframes required by applicable law (72 hours under GDPR, as soon as reasonably practicable under the KDPA).

11. Children's Privacy

The AnansiTraps Platform and Site are intended solely for use by professionals within enterprise, government, and institutional organizations. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. Contact us at privacy@anansitraps.com if you believe we hold such data.

12. Third-Party Links

Our Site and Platform documentation may contain links to third-party websites, partner portals, or integration documentation (e.g., CrowdStrike, Slack, AWS). AnansiTraps is not responsible for the privacy practices of any third-party site. We encourage you to review the privacy policies of any external site you visit.

13. Changes to This Policy

We may update this Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will:

  • Update the "Last Revised" date at the top of this Policy
  • Post a prominent notice on our Site
  • Notify active clients by email at least 14 days before changes take effect

Your continued use of the Site or Platform after the effective date of changes constitutes acceptance of the revised Policy.

14. Contact Us

For any privacy-related questions, requests, or concerns, please contact our Privacy team:

AnansiTraps Ltd.
Attn: Privacy & Data Protection
Nairobi, Kenya

Email: privacy@anansitraps.com
Response time: Within 30 days of receipt

If you are located in the EU and are unsatisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority. If you are in Kenya, you may contact the Office of the Data Protection Commissioner (ODPC).