Data security & privacy FAQs

Does THRON collect personal data? If so, which? 

THRON manages two different kinds of users: contacts (who access content) and platform users (who access the THRON control panel).

The term “personally identifiable information” (PII) generally refers to the identifiability of information relating to a user, such as name, address, phone number and email address.

THRON does not collect contacts’ PII unless users intentionally choose to divulge such information, providing it through customer interfaces or applications, for example, filling in forms or text boxes.

THRON’s customers must comply with regulations, informing users and obtaining their consent to collect PII.

THRON collects information which is not personally identifiable (“Non-PII”), to identify computers with which it has already had prior interaction. For example, by using Non-PII, THRON can identify a computer that has previously viewed content.

Through the collection and use of Non-PII, we offer a range of services that allow our customers to show their users the most useful and relevant content on their websites, and to avoid showing the same content on too many occasions to the same people.

THRON collects the first names, surnames and email addresses of platform users in order to provide them with access and permission to manage passwords.

Who can access my data?

We may disclose a user’s Non-PII to a third party where we are legally obliged to do so and in order to investigate, prevent or take action against suspicious or prohibited activities (including, for illustrative purposes but not limited to, fraud and situations involving potential threats to any individual’s physical safety).

Furthermore, if permitted by applicable law, we may also divulge and provide access to a user’s PII and Non-PII to our service providers and partners who work with us. However, such providers and partners are not authorized to use the information for purposes beyond the provision of services to THRON.  

  • THRON’s customers: THRON’s customers (who are the “owners of the data”) have access to data relating to contacts for the purposes indicated in the Privacy Policy. The “parties responsible for their processing” are authorized to access such data in order to carry out their duties.

  • THRON authorized staff: THRON’s technical and qualified staff have access to Content Intelligence data, but only for software and platform maintenance.

  • Public authorities: all data may be handed over to public authorities should it be required by law.

  • Circulation: users’ personal information is not circulated. However, some details such as nicknames and/or profile images, and any other information published by users on their profiles, or through other service communication channels, will be accessible to other users. This occurs as soon as the user concerned decides to take part in the blog or access the community. Some personal information provided by the user may also be circulated during certain events, for example, online competitions or promotions.

Who owns my users’ data? Can I request the cancellation of my data?

THRON’s terms and conditions stipulate (paragraph no. 20) that THRON is responsible for the processing of customer data. Only the customer has control over such data (being the owner of the data).

You can check the extended privacy policy and its opt out athttps://[yourdomain]-cdn.thron.com/shared/assets/privacy/extendedprivacy.html

Where is data stored?

Ireland, Europe.

Is THRON prepared for the GDPR?

The European General Data Protection Regulation (GDPR) will come into force from May 2018. THRON already respects the Italian privacy law on which the GDPR has been largely based. Therefore, from a security point of view, it already adheres to the regulation. THRON is currently undergoing the further steps required to be completely in line with the GDPR by the date on which it will officially be made effective (May 2018).

Does THRON keep and process my data securely?

As far as development standards are concerned, we follow the most up-to-date best practices to protect consumer data.

Some key aspects:

  • Data in transit: the transmission of data is encrypted (HTTPS protocol).
  • Archived data: archives and databases use encrypted archiving thanks to the Key Management System.
  • THRON is a multi-tenant system, which means that all customer information is logically divided within the same physical infrastructure.
  • Access to data is protected by “access control” and features full inspection capabilities.
  • Our processes and technologies comply with Italian regulations regarding privacy and security.

Discover more

Is THRON autentication secure?

THRON never stores its customer’s password (indeed, you will never be able to retrieve your password, but can only replace it). The password database contains one-way dashes, so that THRON can be aware of whether or not you have performed a correct authentication. However, a potential hacker would never be able to retrieve your password, should data be stolen from our database.

We would like to remind you that databases are based on an encrypted archive. All authentication requests use only HTTPS protocol.

Can I perform a vulnerability assessment or a penetration test? 


We do not allow vulnerability assessments or penetration tests to be performed in our production environment so as to protect our customers.

However, you can contact [email protected] to arrange for a penetration test in a dedicated environment that is identical to the official one. The dedicated environment has the same architecture, the same software versions and the same configuration as that of the product, and will be created specifically to carry out the assessment.

THRON is a SaaS cloud native. Therefore, all environments are managed through automation, and can be dynamically supplied and removed.

In accordance with the law, THRON must report any attack or threat detected to the local authorities. For this reason, it is mandatory to request authorization before performing any kind of test (vulnerability scanning or attempts to exploit the system) in order to differentiate tests from genuine attacks. The results of the assessments must be shared with THRON.

Does THRON observe development standards?

THRON has been developed on the basis of OWASP best practices

Discover more

Does THRON have full intellectual property rights over the services it provides? 

Yes. THRON has full industrial and intellectual property rights over the entire platform. Where services are performed by third parties / technological partners, THRON has acquired the relevant rights for commercial use.

Is THRON the guarantor of all Marketplace applications? 

THRON Marketplace contains applications designed by THRON as well as others designed by partners. Each supplier is responsible for guaranteeing the SLA and security relating to its own applications. Make sure that you always check the supplier and the terms and conditions stipulated for each application. .

Discover more

Can I ask THRON to remove my data? 

Yes. All you have to do is send an email to [email protected], specifying your identity (for example, email) and the THRON team will remove any trace of your data from its systems.

You can also stop monitoring of your information at any moment. Please read the privacy statement and, subsequently, the extended policy, inserting the data requested in this example link: https://[yourdomain]-cdn.thron.com/shared/assets/privacy/extendedprivacy.html

How does THRON manage the high availability of services?

THRON has been designed for cloud architecture. It uses self-provisioning components that are able to dynamically adapt and scale in order to combat certain service interruptions and unexpected loads.

Each infrastructure component is in excess or makes up part of a cluster with automatic "master promotion". This means that service continuity is always followed automatically.

THRON’s Terms and Conditions define the SLA that we guarantee to our customers, proof of our commitment to operational continuity.

Discover more

Would you like to know more
about security, performance
and platform integrability?

Schedule a Call

Share via