BehaventBehavent
...

Community & Behavent Risk Exchange (BRX)

A transparent guide to how we use anonymised data to improve security for everyone

What This Means

When you opt in to "Anonymised data for Community & BRX", you allow Behavent to use your data in a way that cannot identify you. We convert your assessment and learning outcomes into statistical abstractions—like "35% of users in this region improved in Account Safety this month"—and combine them with thousands of others. No one can trace these numbers back to you.

What We Never Use

We are strict about what enters our Community and BRX systems:

  • Your raw answers — Individual assessment responses, test answers, or free-text input never leave your account in any form.
  • Your personal scores — Your risk score, domain scores, or confidence levels are never shared. Only population-level aggregates are used.
  • Identifiers — No email, name, IP, or any data that could link outputs to you.
  • Exposure or OSINT details — Breach lookups, tool outputs, or similar are not included.

Our rule is simple: if an output could be used to infer anything about you as an individual, it does not belong in BRX.

What We Do Use (Anonymised Only)

After your data is fully processed and scores are computed, we may derive only abstract, aggregated indicators. Examples:

  • Risk band distributions — e.g. "14% of consented users are in the elevated risk band this month" (no individual scores).
  • Domain pressure signals — Which capability areas are under pressure across the population (e.g. "Account & Access Safety shows elevated pressure").
  • Trend signals — Whether capability is improving or degrading over time, at a population level.
  • Learning impact — How effective training is in aggregate (e.g. "post-training impact deltas"), never per user.

All of this is irreversible and non-attributable. We enforce minimum cohort sizes so that small groups cannot be singled out.

Why This Helps You and Others

Your contribution—when anonymised—helps us and the wider security community:

  • Better recommendations — We can refine which learning modules and actions are most effective, so your experience and others' improve.
  • Industry-wide understanding — Organisations and researchers (under strict agreements) see only aggregated signals. This helps improve security practices and threat models at scale.
  • No surveillance — BRX is explicitly not used for individual performance evaluation, HR decisions, or disciplinary action. Prohibited uses invalidate our contracts with consumers.

Your Control

Opting in is entirely voluntary. You can:

  • Opt in or out at any time in your account settings
  • Revoke consent at any time—we stop including your data in new outputs immediately
  • Use Behavent fully without ever opting in

Revocation is immediate. We do not retroactively expose prior data—we simply stop generating new outputs that incorporate your contributions.

Questions?

For more detail on data handling, see our Privacy Policy. If you have questions about Community and BRX specifically, contact us at privacy@behavent.com.