Privacy Policy

Security Central Privacy Policy

Effective: October 1, 2025 • Last Updated: October 1, 2025

Entity: Security Central, Inc., 316 Security Drive, Statesville, NC 28677 USA

Who this policy is for: Visitors to our websites, end-user customers, authorized dealers/partners, and other business contacts. Employees & job applicants have a separate notice (see the standalone Employee & Applicant Privacy Notice) to keep this document concise and audience-appropriate.

This policy is informational only and does not create contractual rights. Dispute resolution, governing law (North Carolina), and arbitration terms are set in our Terms of Use; regulator/small-claims carve-outs apply.

‍

1) Executive Summary (Quick Reference)

Audience

What we collect (examples)

Why we use it

Key sharing

Website Visitors

IP, device IDs, cookies/analytics; contact form/ inquiry/newsletter inputs

Run the site, security/fraud prevention, analytics, respond to inquiries

Analytics/website vendors; no sale or sharing for cross-context behavioral ads

End-User Customers (Monitoring Subscribers)

Contact & account data; alarm events; recorded calls; device/usage; audio/video if monitored; biometric auth if enabled; payment details

Provide & support 24/7 monitoring; verify alarms & dispatch; training/QA; billing; legal/compliance

Emergency responders; your dealer (if applicable); service providers under DPA/contract

Mobile App Users (via partner platforms)

Account IDs, device/usage data within the partner app

Enable system control & alerts; integrate with partner platform

Exchange necessary data with platform provider (they have their own privacy notice)

Dealers & Business Contacts

Business contact details; portal credentials; transaction records

Operate dealer relationship, portals, support, training, payments

Service providers (IT/hosting/CRM); customers as needed for service

Everyone

Security logs; troubleshooting data

Security, incident response, fraud prevention

As necessary to protect users and comply with law

2) Scope & Layering

This Policy covers personal information we process in the U.S. and Canada across our websites, monitoring services, partner apps, dealer portals, and business operations. Regional addenda provide jurisdiction-specific rights and disclosures (see Appendices A–D).

3) Information We Collect (by category)

Identifiers & Contact Details: Name, addresses, email, phone; account numbers; authorized contact lists.
Account & Device/Usage Data: Portal logins, device info, IP, app/portal interactions, alarm arming/disarming and sensor activity.
Audio/Video: Recorded support/monitoring calls; video verification/surveillance content where applicable; facility surveillance (not used for marketing).
Biometric Identifiers (limited use): If enabled (e.g., voice passphrase; employee timekeeping/access), collected with required consent and subject to a biometric retention schedule; never sold.
Emergency/Health Notes (if provided): For emergency response (e.g., medical notes to assist first responders) or HR accommodations; stored/used only for that purpose.
Payment/Financial: Processed via PCI-compliant processors; we retain only what’s needed for billing/records.
Business Intelligence/Enrichment: Professional/company details from reputable third-party providers using publicly available/licensed data to maintain accurate records and support legitimate business purposes.

4) How We Use Information (purposes)

Deliver, maintain, and improve monitoring and related services; verify alarms and contact emergency responders; train operators using recorded calls; provide customer support; billing and account administration; detect/prevent fraud and abuse; comply with law; and protect our users and systems.

5) Cookies, Tracking & Global Opt-Out Signals

We use necessary (security/login), functional/performance, and analytics cookies/SDKs. We do not sell your data or engage in cross-context behavioral advertising.

Opt-out preference signals (e.g., GPC): We honor recognized signals as required (e.g., California GPC; Colorado UOOMs) and apply them to your browser/device and, when known, to your account.

6) Marketing, SMS/Calls & Consent

Email: Operational emails as needed. Marketing emails include an unsubscribe; Canadian CASL consent rules honored.
Texts/Calls: No marketing texts/calls to wireless numbers without prior express written consent that specifically names Security Central; consent is one-to-one (no “consent for many”). You can revoke at any time.

7) When We Share Information

We share only what’s necessary to deliver services, support account holders, or comply with legal obligations, including with:

Emergency responders (police, fire, EMS)
Account holders and authorized dealers
Guard service providers (for alarm verification)
Service providers (monitoring platforms, telecom/SMS, cloud hosting/IT, business intelligence vendors)

When we provide monitoring on behalf of dealer partners, we act strictly as a service provider/processor under their instructions (see Dealer Data Processing Addendum).

8) International Transfers

We are U.S.-based. If you are outside the U.S. (e.g., Canada), your data may be processed in the U.S. We use contractual/organizational safeguards for cross-border transfers and support Québec assessments as needed (see regional addenda).

9) Retention (Category-by-Category)

We retain personal information only as long as necessary for disclosed purposes or as required by law. We disclose the period or criteria for each category at/before collection (see Appendix D). We maintain secure deletion/anonymization processes and timed backup purges; some records (e.g., alarm logs) are retained for evidentiary/legal limitation periods.

10) Your Rights & How to Exercise Them

Access, correction, deletion, portability (jurisdiction-dependent)
Opt-out of targeted advertising/sale (where applicable)
Appeal (e.g., VA/CO) if we decline a request
Authorized agents (CA) with proper verification

Submit requests via privacy@security-central.com, 1-800-438-4171, or the account portal. We verify identity/authority before responding. Timing/appeals follow applicable law; see regional addenda.

Nondiscrimination: We will not discriminate against you for exercising your rights.

11) Security

We implement administrative, technical, and physical controls appropriate to the data (e.g., encryption in transit/at rest, least-privilege access, logging/monitoring, incident response, employee training, vendor risk management). We notify affected parties and, where applicable, regulators as required by law.

12) Children

Our services are not directed to children under 13. If we learn we collected information from a child under 13 without parental consent, we will delete it.

13) Changes to This Policy

We update this Policy as our practices and laws evolve, posting the updated date and providing prominent notice or consent where required.

14) Contact Us

Email: privacy@security-central.com • Phone: 1-800-438-4171 • Mail: Privacy Officer, Security Central, Inc., 316 Security Drive, Statesville, NC 28677, USA. We respond as soon as reasonably possible (typically within 30 days). Accessibility accommodations available on request.

Appendix A — U.S. State Privacy Matrix (material differences only)

‍

Topic

California (CPRA)

Colorado (CPA)

Virginia (VCDPA)

Notes

Opt-out signals

Must process opt-out preference signals (e.g., GPC) for sale/sharing; can be frictionless.

Must honor recognized UOOMs; AG recognizes GPC.

No recognized signal list; honor valid consumer requests.

We honor GPC broadly.

Targeted ads

Opt-out of “sharing.”

Opt-out of targeted advertising.

We don’t engage in cross-context ads.

Sensitive data

Limit use/disclosure; right to limit.

Opt-in required for some sensitive data.

Opt-in for processing sensitive data.

We minimize sensitive data collection.

Appeals

Not specified as a formal appeal right.

45-day appeal window.

60-day appeal window.

We provide an appeal path.

Agents

Authorized agents permitted.

We verify identity/authority.

Biometrics (company-wide baseline): Written consent; published retention schedule; destroy when purpose satisfied or within 3 years of last interaction (meets IL BIPA). Texas requires notice and consent.

Appendix B — Canada & Québec (Law 25) Addendum

PIPEDA & similar provincial laws: Access, correction, explanation of uses/disclosures, and complaint mechanisms. CEMs require consent + identification + unsubscribe; we maintain consent records.
Québec Law 25 highlights:
- Data portability (in force Sept. 22, 2024): structured, commonly used format; transmit to another organization when technically feasible.
- Deindexation/cessation of dissemination in certain cases (rare for our model; evaluated when applicable).
- No solely automated decisions with legal/significant effects; if that changes, we will provide required notices and human review.
- Cross-border transfers: we support Québec transfer assessments and safeguards.
Complaints: OPC (Canada) or CAI (Québec); we will cooperate.

Appendix C — Cayman Islands Addendum (DPA 2017)

If we process personal data of Cayman data subjects (e.g., dealers/partners), we comply with the eight data protection principles (fair/lawful processing; purpose limitation; data minimization; accuracy; storage limitation; respect for rights; security; international transfers) and ensure a lawful basis (e.g., contract, consent, legal obligation, vital interests, legitimate interests). We implement appropriate transfer safeguards and provide information on request. Regulator: Cayman Islands Ombudsman.

Appendix D — Retention Schedule (Notice at Collection Cross-Reference)

‍

Examples

Typical Retention / Criteria

Contact & Account Identifiers

Name, address, phone, email; account ID; authorized contacts

Account term + up to 7 years (legal/contract, tax, audit); delete/anonymize earlier when no longer needed

Alarm Event Logs & System Data

Arming/disarming, sensor triggers, dispatch records

3–7 years (evidentiary value; statutes of limitation; dealer/agency obligations)

Call Recordings (Support/Monitoring)

Inbound/outbound QA/evidence recordings

18–36 months unless escalated (legal/incident hold)

Audio/Video Verification Content

Clips/images from monitored systems; facility video surveillance

30–180 days unless needed for investigation/legal claims

Payments/Billing

Tokenized card info, billing history

Account term + 7 years (finance/tax rules)

Biometric Identifiers (if used)

Voice phrase; fingerprint; face geometry (employees)

Destroy when purpose satisfied or ≤3 years after last interaction (IL BIPA baseline) + public retention policy; no sale

Website/Portal Logs

We provide an appeal path. IP, device IDs, auth logs

12–24 months, shorter where feasible

HR/Applicant Data

See standalone HR Notice

See Employee & Applicant Privacy Notice

We disclose period or criteria for each category at/before collection (CPRA/CPPA regs). Secure deletion/anonymization methods apply; backups purge on schedule.

Dealer Data Processing Addendum

When we act as a service provider/processor for dealers, our DPA governs instructions, confidentiality, security, subprocessors, assistance with data subject rights, breach notice, audits, and cross-border safeguards (e.g., SCCs). Contact us for the current DPA.

Employee & Applicant Privacy Notice

Who this covers: Employees, contractors, and job applicants. Separate from the consumer policy for clarity and compliance.

Categories & purposes: Identifiers & HR records (e.g., SSN/SIN, payroll/benefits, work authorization, performance); biometrics (timekeeping/access control, where used); audio/video (facility surveillance; recorded calls for training); health/leave (only as provided/required).
Retention: HR files retained for statutory periods; applicant files ~1 year (unless law/consent requires otherwise). Secure deletion/anonymization and backup purges apply.
Rights & requests: Access/correction and jurisdiction-specific rights (e.g., CA employees under CPRA); submit requests to privacy@security-central.com.
Dispute & non-contractual notice: Informational; employment/ADR terms governed by applicable agreements and policies.

Biometric Compliance Statement

Security Central obtains required written consent before collecting biometric identifiers; maintains a public retention/destruction policy; and permanently destroys identifiers when the purpose is satisfied or within 3 years of the last interaction (Illinois BIPA). In Texas, we provide notice and obtain consent before capture. We never sell biometric data.

Legal & Regulatory Notes (for counsel)

CPRA/CPPA regs – Retention & Notice at Collection: Appendix D + cross-reference satisfies disclosure.
Opt-out preference signals: California (GPC) and Colorado (recognized UOOM list; GPC recognized) reflected in §5.
TCPA (one-to-one consent; robocalls/texts) reflected in §6.
CASL: consent + identification + unsubscribe for CEMs; reflected in §6.
Québec Law 25: portability (Sept. 22, 2024) and deindexation rights; reflected in Appendix B.
Cayman DPA 2017: principles and cross-border safeguards; reflected in Appendix C.

‍