Privacy Policy

1. Information We Collect

1.1. Client Business Information

To facilitate our services, we collect administrative data such as:

• Contact details (Name, Corporate Email, Phone)
• Billing and invoicing information
• Signed Non-Disclosure Agreements (NDAs) and Rules of Engagement (RoE)

1.2. Engagement Data (Strictly Confidential)

During the course of a security assessment, we may process:

• Target IP addresses, URLs, and API endpoints
• Test credentials and access tokens
• Network infrastructure diagrams and documentation
• Vulnerability findings and proof-of-concept exploits generated during testing

2. How We Use Your Data

We collect this data solely for the following purposes:

• Service Execution: To conduct authorized penetration tests and security assessments.
• Reporting: To generate detailed remediation reports for your team.
• Communication: To alert you of critical vulnerabilities or project updates.
• Compliance: To maintain legal records of authorized testing activities.

We do NOT sell, trade, or rent your data to third parties. Ever.

3. Data Retention & Destruction

Given the sensitive nature of our findings, we adhere to a strict data lifecycle policy:

4. Security Measures

We protect your data with the same rigor we apply to testing yours:

• Encryption at Rest: All sensitive client data is stored on encrypted volumes (AES-256).
• Access Control: Data is accessible only to the specific security engineers assigned to your engagement.
• Zero-Trust Architecture: Our internal systems utilize strict identity verification and least-privilege principles.

5. Cookies & Analytics

Our public-facing website uses minimal cookies solely for performance monitoring and site reliability. We do not use tracking pixels for retargeting or advertising networks.