The only connection a Data Platform instance makes to Flexera Server ("TUS", Technopedia Update Server) is during the Technopedia Catalog Synchronization task to download the latest catalog and, optionally, upload unmatched files for gap-fill process:
TUS request data is encrypted by Binary + Compression + Base64 on Data Platform:
Protocol: TLS 1.2
Encryption: 256 AES
When a request is received, TUS calls the License Management Service (LMS) API to verify the customer key sent by Data Platform
LMS system decrypts the key for validation and entitlement check
When validation passes, TUS provides customer catalog file and stores the uploaded unmatched files
Unmatched files are used for gap-fill process by Flexera:
No identifiable information is included in the unmatched data
Data transmission is encrypted via HTTPS in transit and stored on encrypted storage system
Only authorized Flexera employees have access to such data and they have no visibility to the identity of the uploader
Once the gap-fill process is completed, the data is destroyed per- Flexera's data destruction policy; the data does not persist in Flexera cloud
I believe a caveat to the 'No identifiable information is included in the unmatched data' would be if a folder path of a piece of file evidence was identifiable. i.e. a user name or company name in the filepath or executable name.
