Privacy policy

Effective date: May 14, 2026
Last updated: May 14, 2026

Parsec Cyber (“Parsec,” “we,” “us,” or “our”) operates Parsec Collector, a forensic evidence collection platform used by law firms, corporate legal departments, and forensic examiners to preserve electronically stored information for litigation, regulatory compliance, and internal investigations. Parsec Cyber is a DBA of MGJH Advisors Inc., a [STATE] corporation.

This privacy policy explains what information we collect, how we use it, who we share it with, how long we keep it, and the rights you have over it. It applies to Parsec Collector in all its forms: the web dashboard at app.parseccyber.com, the desktop agent software, and the backend services that process collected evidence.

If you have questions about this policy, contact us at privacy@parseccyber.com.

1. Who uses Parsec Collector

Parsec Collector is used by three distinct groups. This policy describes how we handle data for each:

Attorneys and forensic examiners (our paying customers) use Parsec to manage evidence collection projects. They hold user accounts on our platform.

Custodians are individuals whose data is being preserved as part of a legal matter. A custodian does not sign up for Parsec; they are invited to participate in a specific collection by an attorney or forensic examiner. Custodians interact with Parsec only for the duration of a collection.

Organization administrators manage the account for a law firm or corporate legal department that licenses Parsec.

2. What data we collect and why

2.1 From attorneys, examiners, and administrators

When you sign up for or use Parsec Collector, we collect:

Account information: name, email address, phone number (optional), organization name, role
Authentication data: password (stored as a bcrypt hash), multi-factor authentication tokens, session cookies
Usage data: pages visited in the dashboard, actions taken, timestamps, IP addresses, browser user agent
Billing information: handled by our payment processor (Stripe); we do not store full credit card numbers

We use this data to provide the service, authenticate you, bill you, and maintain security.

2.2 From custodians

When you are invited as a custodian to a collection project, we collect:

Identity information provided by the examiner: your name, email address, and optionally phone number, department, and job title
Authorization records: when you downloaded the agent, when you consented to the collection, which authentication method you used (biometric verification via WebAuthn, or other)
Technical data from the agent: your machine hostname, operating system, hardware identifiers, agent version, IP address at the time of collection

We use this data to track chain of custody for the evidence collection and to verify that proper authorization occurred before any data was collected.

2.3 Evidence collected from your accounts and devices

When you authorize Parsec to collect evidence, we collect only the specific data you consented to. This may include:

From your computer’s local files: files and folders you or the examiner selected, including their contents, filesystem metadata (creation date, modification date, permissions), and cryptographic hashes computed from them.

From your Google account (when you authorize Gmail collection): email messages matching the filters you approved (date range, sender/recipient, keywords), including message bodies, headers, and attachments. If the collection includes attachment links, we also retrieve files from Google Drive that are directly attached to those emails.

From your Microsoft account (when you authorize Microsoft 365 or outlook.com collection): email messages matching the filters you approved, including message bodies, headers, and attachments. If the collection includes attachment links, we also retrieve files from OneDrive or SharePoint that are directly attached to those emails.

From your Apple device (when you authorize iOS collection): data categories you explicitly selected — which may include messages, contacts, photos, call logs, and app data — extracted via standard iOS backup protocols.

From your iCloud account (when you authorize iCloud collection): data categories you explicitly selected, retrieved via Apple’s iCloud interfaces.

We collect evidence because that is the service you have authorized us to perform. We never collect more than what you consented to, and we never collect from any account or device without explicit authorization.

3. How we use Google user data specifically

This section addresses Google’s API Services User Data Policy and describes our specific use of Google Workspace APIs.

3.1 Scopes we request and why

Parsec Collector requests the following Google OAuth scopes:

https://www.googleapis.com/auth/gmail.readonly — read-only access to Gmail messages. We request this because our core service is forensic preservation of email evidence. This scope lets us retrieve messages in their original RFC 5322 format so that cryptographic signatures (DKIM, ARC) and routing headers are preserved intact for authentication and court admissibility. We never modify, send, or delete messages.

https://www.googleapis.com/auth/drive.readonly — read-only access to Google Drive files. We request this to retrieve files that are attached to collected emails as Drive links. Without this access, such attachments would appear as hyperlinks with no preserved content, which is inadequate for forensic evidence. We only retrieve Drive files that are referenced as attachments in messages already selected for collection; we do not browse, index, or retrieve files unrelated to collected emails.

https://www.googleapis.com/auth/userinfo.email and openid — we use these to verify which account was authenticated, so we can accurately record in the chain of custody which mailbox was collected.

We do not request any other Google scopes. We do not request write access to any Google service.

3.2 How we use Google user data

Data retrieved through Google APIs is used exclusively to:

Preserve the data in a forensically sound evidence package (EML, MBOX, and AFF4-L container formats)
Compute SHA-256 cryptographic hashes to prove integrity
Store the evidence in our secure cloud storage for the attorney’s subsequent review and production

We do not use Google user data for any other purpose. Specifically:

We do not use Google user data for advertising.
We do not sell Google user data.
We do not use Google user data to train machine learning or artificial intelligence models.
We do not share Google user data with third parties other than those strictly necessary to provide the service (listed in section 5).
We do not use Google user data to build advertising profiles.
We do not analyze message content for purposes beyond the authorized forensic collection.
Humans do not read your Google user data except in the narrow circumstances described in section 3.4.

3.3 How long we retain Google user data

Refresh tokens and access tokens obtained through OAuth are stored only for the duration of an active collection project. Once the collection is complete, we automatically call Google’s OAuth token revocation endpoint to invalidate the tokens, and we delete the tokens from our systems within 24 hours.

Email messages and Drive files collected as evidence are retained for the duration of the customer’s subscription or according to the customer’s data retention settings, whichever is shorter. Customers can request deletion of any collection at any time via the dashboard; deletion is processed within 30 days and all evidence is permanently removed from our systems including backups.

3.4 Human review of Google user data

Parsec employees do not routinely access collected Google user data. The only circumstances in which a Parsec employee may view your Google user data are:

With your explicit written consent, for support purposes (e.g., you report that a collection failed and authorize our engineers to investigate)
When required by law, in response to a valid legal process such as a subpoena or court order
To investigate security incidents where we have reason to believe a breach has occurred and access is necessary to assess the scope and remediate

All employee access to Google user data is logged in an immutable audit log. Employees with production access are subject to background checks and sign confidentiality agreements.

3.5 Data deletion and access rights

You have the right to request deletion of your Google user data at any time. You can:

Revoke our access at myaccount.google.com/permissions, which immediately invalidates our ability to collect further data.
Email privacy@parseccyber.com to request deletion of data already collected.

We will respond to deletion requests within 30 days.

3.6 Limited Use disclosure

Parsec Collector’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. How we use Microsoft user data

Parsec Collector requests the following Microsoft Graph permissions:

Mail.Read — read-only access to email messages. Used to retrieve messages for forensic preservation in the same manner as Gmail.

Files.Read.All — read-only access to OneDrive and SharePoint files. Used to retrieve files attached to collected emails.

User.Read — basic profile information to verify which account was authenticated.

offline_access — to allow token refresh so collections can continue running on our servers without requiring the custodian to remain present.

We use Microsoft user data identically to Google user data as described in section 3.2, and we follow the same retention, deletion, and access controls. We adhere to the Microsoft Services Agreement and applicable data protection commitments.

5. Who we share data with

We share data only in the following circumstances:

5.1 Service providers

We use third-party vendors to operate Parsec. These vendors are contractually bound to use your data only to provide services to us and to maintain security and confidentiality. Our vendors include:

Amazon Web Services (AWS) — cloud infrastructure hosting in the US (us-west-1 region). All collected evidence is stored in AWS S3 with encryption at rest using AWS KMS.
Stripe — payment processing for customers. Custodians do not interact with Stripe.
AWS Simple Email Service (SES) — transactional email delivery for custodian invitations and system notifications.
Anthropic — (only for features that use it) AI-assisted document review for attorneys. Custodian data is not sent to Anthropic unless it has been selected by an attorney for review.

5.2 Your organization

If you are a custodian, the examiner and attorneys working on the matter have access to the evidence you authorized. This is the expected behavior of the service and what you consented to when you authorized the collection.

5.3 Legal process

We may disclose information if required by law, subpoena, court order, or valid legal process. When we do, we will notify the affected customer unless prohibited by law.

5.4 Security incidents

If we detect a security incident affecting your data, we will notify you as required by applicable law (typically within 72 hours of discovery for EU residents under GDPR, and according to state breach notification laws in the US).

5.5 Corporate transactions

If Parsec or its parent company (MGJH Advisors Inc.) is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

We do not sell, rent, or trade your personal information or evidence data to any third party for marketing purposes.

6. How we protect your data

We implement the following security measures:

Encryption in transit: all data flows between custodian devices, our servers, and cloud storage are encrypted using TLS 1.2 or higher.
Encryption at rest: all evidence stored in S3 is encrypted using AWS KMS keys controlled by Parsec. OAuth refresh tokens are encrypted with a separate KMS key and stored in AWS Secrets Manager.
Access controls: production systems are accessible only to authorized Parsec engineers via multi-factor authentication. All production access is logged.
Immutable audit logs: every action taken on evidence is recorded in a cryptographically chained audit log that cannot be retroactively altered.
Network isolation: our backend runs in private subnets with no direct internet exposure. Evidence storage buckets are not publicly accessible.
Vendor security: we require our vendors (AWS, Stripe, SES) to meet industry-standard security certifications (SOC 2, ISO 27001).
Annual security assessments: for Google restricted scope usage, we undergo annual Cloud Application Security Assessment (CASA) audits by independent third-party assessors authorized by Google.

No system is perfectly secure. If you discover a security vulnerability in Parsec, please report it to security@parseccyber.com.

7. How long we keep your data

Account data for attorneys, examiners, and administrators: retained for the duration of your account plus 90 days after account closure, after which it is permanently deleted.
Evidence data: retained for the duration of the customer’s subscription, or per the customer’s configured retention policy, whichever is shorter. Deleted within 30 days of a deletion request.
Custodian identity records and authorization records: retained for 7 years after collection completion for chain-of-custody purposes, consistent with legal evidentiary standards. This retention is required for evidence admissibility and cannot be waived by custodian request while the underlying evidence is still in use.
OAuth tokens (Google, Microsoft): deleted within 24 hours of collection completion.
Logs and audit data: retained for 2 years.

8. Your rights

Depending on where you live, you may have rights over your personal information, including:

Right to access: request a copy of the personal information we hold about you.
Right to correct: request correction of inaccurate personal information.
Right to delete: request deletion of your personal information. This right is subject to exceptions where we must retain data for legal, evidentiary, or security reasons.
Right to object or restrict: object to certain uses of your information or request that we restrict processing.
Right to portability: request your information in a portable format.
Right to revoke consent: withdraw consent at any time (including revoking Parsec’s access to your Google or Microsoft account).

To exercise these rights, email privacy@parseccyber.com. We will respond within 30 days.

If you are in the European Economic Area, United Kingdom, or Switzerland, you also have the right to lodge a complaint with your local data protection authority.

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We do not sell your personal information as defined by these laws.

9. International data transfers

Parsec operates its infrastructure in the United States (AWS us-west-1). If you are located outside the United States, your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses approved by the European Commission as the legal basis for transferring personal data from the European Economic Area, United Kingdom, and Switzerland to the United States.

10. Children’s privacy

Parsec Collector is intended for use by attorneys, forensic examiners, and adult custodians in the context of legal proceedings. We do not knowingly collect information from children under 16. If we learn that we have inadvertently collected information from a child, we will delete it promptly. If you believe we have collected information from a child, email privacy@parseccyber.com.

11. Changes to this policy

We may update this policy from time to time. When we make material changes, we will notify customers by email at least 30 days before changes take effect. The “Last updated” date at the top of this policy reflects the most recent change.

12. Contact us

For privacy questions, data requests, or concerns:

Email: privacy@parseccyber.com

Mail: Parsec Cyber, c/o MGJH Advisors Inc., [ADDRESS]

Data Protection Officer: [TO BE DESIGNATED]

Security vulnerability reports: security@parseccyber.com