As part of our Endpoint Protection solution, ThreatDown Nebula and OneView collect and process limited device location information to support security functions, such as detecting anomalous access patterns, identifying potential account compromise, and enforcing geographic access controls.
To protect user privacy and align with global data protection standards, we intentionally do not collect or store precise, pinpoint geographic coordinates (latitude and longitude) for endpoints. Instead, our system derives approximate location data (including country, region, or city-level information) using network-based signals (i.e., external IP address).
This design is our commitment to data minimization and privacy by design, consistent with principles outlined in regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which emphasize limiting the collection of sensitive personal information to what is necessary for a defined purpose.
Because our approach prioritizes privacy over precision:
- Reported locations are approximate and may not reflect the exact physical location of a device.
- Accuracy can vary based on factors such as network configuration, Virtual Private Network usage, mobile carrier routing, or cloud infrastructure.
- Location data should be interpreted as a general geographic indicator, not as definitive proof of a device’s exact position
This level of granularity is sufficient for our security use cases while reducing the risk of unnecessary tracking or exposure of sensitive location information.
For additional information about how we handle data, refer to our Privacy Policy.