ThreatGEN Policies

At ThreatGEN, we are committed to transparency, security, and accessibility in all aspects of our operations. This page provides an overview of our key policies and commitments, ensuring that our customers, partners, and users have access to the information they need to understand how we operate and protect their data.

Below you will find links to our key policy documents, along with details on how privacy and accessibility are addressed within our framework.


End User License Agreement (EULA)

Our End User License Agreement governs the use of ThreatGEN’s AutoTableTopâ„¢ SaaS product (our ThreatGEN Red vs. Blue® EULA will be updated and available in late January 2025). It includes:

  • Licensing terms for both partners and end users
  • Acceptable use policies
  • Intellectual property rights
  • Termination conditions
  • Limitations of liability

Privacy Integration: The EULA incorporates privacy-related terms by outlining how personal information (e.g., first name, last name, email) is collected, stored, and used. It also references user responsibilities for securing locally stored exercise data and ensures compliance with applicable privacy laws.

Download the End User License Agreement (PDF) from November 4, 2024.


Data Security and Processing Addendum

This addendum is an extension of the EULA and outlines ThreatGEN’s commitment to data security and compliance with applicable regulations. It includes:

  • Details on SOC 2 management assertions
  • Data flow processes during tabletop exercises
  • Security measures (e.g., SSL encryption, local data storage)
  • Data breach notification procedures
  • Customer responsibilities for protecting locally stored data

Privacy Integration: The Data Security and Processing Addendum further details how personal information is handled securely. It emphasizes that exercise data remains under customer control (stored locally) and that no exercise-related data is retained by ThreatGEN servers or used for AI training purposes.

Download the EULA, Data Security and Processing Addendum (PDF) from November 6, 2024.


Accessibility Policy

ThreatGEN is committed to ensuring that our products and services are accessible to all users, including those with disabilities. Our Accessibility Policy aligns with the principles outlined in the Web Content Accessibility Guidelines (WCAG) 2.1.

We have conducted an internal accessibility assessment based on the Voluntary Product Accessibility Template (VPAT) framework to evaluate compliance with accessibility standards.

Download the Accessibility Report (PDF) based upon VPAT 2.3 from November 12, 2024.


Privacy Policy Integration

ThreatGEN does not maintain a separate privacy policy document. Instead:

  • Privacy-related terms are integrated into both the EULA and the Data Security and Processing Addendum, ensuring that customers understand how their personal information is collected, stored, processed, and protected.
  • These documents outline our minimal data collection practices (first name, last name, email), clarify how exercise data is handled (stored locally on customer systems), and affirm compliance with applicable privacy laws such as GDPR.

By embedding privacy terms into these foundational documents, we provide a streamlined approach to addressing customer concerns about data protection while maintaining legal clarity.


Accessibility Commitment

ThreatGEN strives to make its products accessible to all users. Our internal accessibility evaluation based on the VPAT template ensures that AutoTableTopâ„¢ meets key accessibility standards. We continuously work toward improving usability for individuals with disabilities.

If you have questions about our accessibility efforts or wish to request our VPAT-based accessibility report, please contact us at support@threatgen.com.


Contact Us

If you have any questions about these policies or need additional information, please reach out to us at support@threatgen.com. We are here to help!