Secto is an enterprise security extension. When deployed by an organisation, the extension may collect and send security telemetry to Secto and the organisation's Secto administrator so the service can detect, investigate, and prevent phishing and browser-based attacks.

Data processed may include the user's browser profile or policy email if available, deployment and enrolment identifiers, browser and extension version, installed-extension inventory and permissions, visited URLs and domains relevant to security checks or policy enforcement, page and form signals needed to detect cloned login pages and phishing tools, clipboard text involved in malicious copy-paste protection, password reuse detection signals, AI prompt or content snippets that match configured data-protection rules, timestamps, and detection outcomes.

Secto uses this data to enrol the browser, fetch and enforce organisation policy, detect threats, generate security events, troubleshoot the service, and notify the organisation about risks. Data is not sold. Access is limited to authorised personnel and customer administrators. Sensitive configuration is stored encrypted where the extension persists it locally. Data retention and deletion are governed by the customer's agreement with Secto and applicable law. For privacy questions, contact Secto through https://secto.io or your organisation's Secto administrator.