radarlabs · ryanfullerton13 · Oct 6, 2025 · Oct 6, 2025 · Copilot · Oct 6, 2025
diff --git a/faqs.mdx b/faqs.mdx
@@ -74,13 +74,14 @@ Usage statistics are recalculated nightly and reflect the total Monthly Tracked
 
 The Radar SDK collects location data (latitude, longitude), device IDs, IP addresses, and device info by default. We also collect any other user IDs (e.g., user IDs) or metadata that you choose to send us. Radar does not collect personally identifiable information like name or email by default.
 
-For more information, see our [privacy policy](https://radar.com/privacy), our [commitment to privacy](https://radar.com/blog/our-commitment-to-privacy), and our [location data privacy checklist](https://radar.com/blog/location-data-privacy-checklist).
+For more information, see our [privacy notice](https://radar.com/privacy), our [commitment to privacy](https://radar.com/blog/our-commitment-to-privacy), and our [location data privacy checklist](https://radar.com/blog/location-data-privacy-checklist).
 
 ### What are privacy best practices for Radar?
 
-- Do not send any PII, like names, email addresses, or publicly available IDs, to the Radar SDK or API.
+- Do not send any PII, such as customer names, customer email addresses, or publicly available IDs, to the Radar SDK or API.
 - Minimize the data you collect with Radar, turning on only the context types relevant to your use case (store visits for shopping apps, airport visits for travel apps, and so on).
 - Clearly explain to end users what data will be collected and how it will be used in your apps, in permissions prompts, and in your privacy policy.
+- Obtain explicit consent from customers.
 
 For more information, see our [location data privacy checklist](https://radar.com/blog/location-data-privacy-checklist).
 
@@ -102,6 +103,10 @@ By default, users and events are retained for 1 year, trips are retained for 90
 
 Radar supports custom data retention settings. Admins can adjust these settings in the Radar dashboard under the Privacy section. Data retention settings are customizable per project.
 
+### Does Radar have zero day retention settings?
+
+For certain datatypes (user locations, geofencing events, and maps API calls), Radar supports zero day retention. Radar will use the information solely to process the request, and that data will not appear in the Radar dashboard.
+
 ### Is Radar CCPA-compliant and GDPR-compliant?
 
 Yes, Radar is CCPA-compliant and GDPR-compliant. For more information, see our [commitment to privacy](https://radar.com/blog/our-commitment-to-privacy).
@@ -112,9 +117,21 @@ For data access requests, you can export a user and all of their events and loca
 
 If you need assistance, you can also forward requests to your customer success manager.
 
+### Does Radar comply with the Data Privacy Framework (DPF)?
+
+Radar complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Radar has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Radar has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
+
+### Does Radar use data for advertising or analytics beyond its services?
+
+No. Radar only uses data to provide and improve our location infrastructure products. We do not sell, share, or use data for unrelated purposes.
+
+### Who can I contact for privacy questions?
+
+Please contact us at [email protected]. Also, see our [privacy notice](https://radar.com/privacy) for more details.
+
 ## Security
 
-### How do Radar account roles work?
+### What access is granted per Radar account role?
 
 - **Read** accounts can:
   - Read user, geofence, event, and location data
@@ -132,7 +149,7 @@ If you need assistance, you can also forward requests to your customer success m
 - **Owner** accounts can also:
   - Edit account roles and project access
 
-Use the appropriate role (owner, admin, write, or read) for each co-worker's account. See [Radar security best practices](#what-are-security-best-practices-for-radar). By default, an organization can have a maximum of 100 accounts. Contact your customer success manager if you need more.
+Use the appropriate role (owner, admin, write, or read) for each co-worker's account. By default, an organization can have a maximum of 100 accounts. Contact your customer success manager if you need more.
 
 ### How do data access controls work?
 
@@ -150,17 +167,13 @@ In addition to the account roles above, owners can also control:
   - _Geofence tags_: Access to geofences with specific tags. An empty list gives access to all geofences. To access a Geofence, both the _tag_ and _externalId_ access controls must be satisfied.
   - _Geofence externalIds_: Access to geofences with specific externalIds. An empty list gives access to all geofences. To access a Geofence, both the _tag_ and _externalId_ access controls must be satisfied.
 
-### Does Radar have a bug bounty or responsible disclosure program?
-
-Yes. For more information, see the [Vulnerability Disclosure Policy](/vulnerability-disclosure-policy).
-
 ### What are security best practices for Radar?
 
 #### Account management
 
-- Use a strong password (at least 10 characters, at least 1 lowercase letter, at least 1 uppercase letter, at least 1 number, and at least 1 symbol).
-- Use a password manager like 1Password or LastPass to generate and store passwords, and use a different password for each website.
-- Use app- or SMS-based multi-factor authentication (MFA). Enable MFA on the Account page.
+- Use a strong password (at least 15 characters, at least 1 lowercase letter, at least 1 uppercase letter, at least 1 number, and at least 1 symbol).
+- Use a reputable password manager (such as 1Password or LastPass) to generate and store passwords, and use a different password for each website.
+- Use app- or hardware-based multi-factor authentication (MFA). Enable MFA on the Account page.
 - Do not share your account with co-workers.
 - Use the appropriate role (owner, admin, write, or read) for each co-worker's account.
 - When a co-worker is terminated, delete their account.
@@ -191,11 +204,11 @@ Multiple bundle IDs and package names are supported. Wildcards (\*) are not supp
 
 ### Does Radar support audit logs?
 
-Yes, Radar supports audit logs for enterprise customers. Audit logs include all requests made from the dashboard with the account, project, environment, IP address, and timestamp of each request. The 100 most recent audit logs can be viewed from the dashboard, and the most recent 100,000 audit logs can be exported to CSV. Contact your customer success manager if you need older audit logs.
+Yes, Radar supports audit logs for enterprise customers. Audit logs include all requests made from the dashboard with the account, project, environment, IP address, and timestamp of each request.
 
 ### How do I set up single sign-on (SSO) in Radar?
 
-Radar supports single sign-on (SSO) via SAML, LDAP, Open ID, and other identity providers.
+Radar supports single sign-on (SSO) via SAML.
 
 SSO is an enterprise-only feature. Contact your customer success manager to enable this feature.
 
@@ -209,13 +222,21 @@ To set up your SAML identity provider, reach out to your customer success manage
 - X509 Signing Certificate (.pem file)
 - User ID attribute (defaults to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier then http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn then http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name)
 
-### Is Radar SOC 2 type II-certified?
+### Does Radar maintain a SOC 2 type II attestation?
 
-Yes, Radar is SOC 2 type II-certified. For more information, please ask your account executive for a copy of our attestation report.
+Yes, Radar maintains a SOC 2 type II attestation for Security and Availability. For more information, please ask your account executive for a copy of our attestation report.
 
 ### Is the Radar SDK secure?
 
-Yes. The Radar SDK calls the Radar API over HTTPS using TLS version 1.2 or higher, so all data is encrypted in transit. API calls are authenticated using your [Publishable keys](/sdk#authentication), which are restricted in scope.
+Yes. The Radar SDK is secure, featuring data encryption in transit (TLS 1.2+) and at rest (AES-256), robust authentication (SSL pinning, JWT), regular vulnerability scans, and strong access controls. Additionally, API calls are authenticated using your [Publishable keys](/sdk#authentication), which are restricted in scope.
+
+### How can I report a security issue?
+
+If you believe you’ve found a security vulnerability, please email [email protected]. Radar operates a responsible disclosure program and reviews all submissions promptly.
+
+### How does Radar notify customers of incidents?
+
+In the event of a confirmed security incident affecting customer data, Radar will promptly notify affected customers in accordance with our contractual and regulatory obligations, but no later than 72 hours.
 
 ## Location permissions