Privacy Policy

1. Information We Collect

We collect minimal information necessary to deliver our exposure mapping services. This includes:

• Account Credentials: Name, company name, email address, and hashed password.
• Asset Meta-information: Domain names, subdomains, and public email headers scanned.
• Payment Records: Billing addresses and transaction tokens. Card numbers are securely transmitted directly to Stripe and never stored in our servers.

2. How We Use Your Data

Your diagnostic logs and exposure data are used strictly to populate your user dashboard, issue PDF reports, and send alert webhooks (Slack/Discord). We do not sell, trade, or distribute your network vulnerability data to any third parties under any circumstances.

3. Data Security & Encryption

All traffic inside PenTeCon is encrypted in transit using TLS 1.3 and at rest using AES-256. Access to raw scan metrics is isolated per organization space and protected by strict JWT (JSON Web Token) authentication layers.

4. GDPR & Data Subject Rights

GDPR Compliance:In accordance with the General Data Protection Regulation (Regulation (EU) 2016/679), EU residents possess specific rights regarding their personal data, including the right to access, rectify, or request erasure ("Right to be forgotten") of all diagnostic files. To trigger erasure, contact us at support@pentecon.com.

5. Cookies & Tracking

We use secure cookies exclusively to maintain user sign-in sessions and protect against Cross-Site Request Forgery (CSRF). We do not use advertising tracking cookies or compile behavioral advertising profiles.

6. Service Processors (Sub-processors)

We utilize sub-processors for infrastructure:

• Stripe: Payment and billing subscription services (US/EU).
• Vercel / AWS: Global cloud hosting and CDN nodes (EU regions default).