Legal

Privacy Policy

Last updated: April 1, 2026

1. Information We Collect

Pentevo collects information you provide directly when you create an account, initiate a scan, or contact our support team. This includes:

Account information: name, email address, company name, and billing details.
Scan targets: URLs, IP ranges, and scope definitions you submit for testing.
Scan results: vulnerability findings, reports, and raw scan artifacts generated during testing.
Usage data: pages visited, features used, scan frequency, and session duration collected via server logs and analytics.
Communications: messages you send to our support team, feedback submissions, and survey responses.

We do not collect data from the systems you scan beyond what is necessary to produce security findings. Scan traffic is generated by our engine and directed at targets you have authorized.

2. How We Use Your Information

We use collected information solely to provide, improve, and support the Pentevo platform:

Provisioning and operating your account and scan sessions.
Generating, storing, and delivering penetration testing reports.
Billing and subscription management via our payment processor (Stripe).
Sending transactional emails (scan completion, report delivery, account alerts).
Improving scan accuracy and AI model performance using anonymized, aggregated findings data.
Detecting and preventing abuse, fraud, or unauthorized use of the platform.
Responding to support requests and legal obligations.

We do not sell your personal data or scan results to third parties. We do not use your scan findings to train commercial AI models without explicit written consent.

3. Data Security

Security is core to what we do. We apply the same standards to protecting your data that we teach our platform to test for:

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256.
Scan results are stored in isolated, tenant-separated storage environments.
Access to production systems is restricted to authorized personnel via MFA-enforced accounts.
We conduct regular internal security reviews and third-party penetration testing.
Incident response procedures are documented and tested quarterly.

4. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specific retention periods:

Scan results and reports: retained for 12 months by default; configurable in account settings.
Account data: retained for the lifetime of your account plus 30 days after deletion.
Billing records: retained for 7 years as required by financial regulations.
Server logs: retained for 90 days for security and debugging purposes.

Upon account deletion, all personal data and scan artifacts are permanently purged within 30 days, except where retention is required by law.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: request a copy of the personal data we hold about you.
Correction: request correction of inaccurate or incomplete data.
Deletion: request erasure of your data, subject to legal retention obligations.
Portability: receive your data in a structured, machine-readable format.
Objection: object to certain processing activities, including marketing communications.
Restriction: request that we limit how we process your data in certain circumstances.

To exercise any of these rights, email us at privacy@pentevo.com. We will respond within 30 days.

6. Contact

If you have questions about this Privacy Policy or how we handle your data, contact our Data Protection Officer:

Pentevo Security, Inc.

Attn: Data Protection Officer

Email: privacy@pentevo.com

1. Information We Collect

Pentevo collects information you provide directly when you create an account, initiate a scan, or contact our support team. This includes:

Account information: name, email address, company name, and billing details.

Scan targets: URLs, IP ranges, and scope definitions you submit for testing.

Scan results: vulnerability findings, reports, and raw scan artifacts generated during testing.

Usage data: pages visited, features used, scan frequency, and session duration collected via server logs and analytics.

Communications: messages you send to our support team, feedback submissions, and survey responses.

We do not collect data from the systems you scan beyond what is necessary to produce security findings. Scan traffic is generated by our engine and directed at targets you have authorized.

2. How We Use Your Information

We use collected information solely to provide, improve, and support the Pentevo platform:

Provisioning and operating your account and scan sessions.

Generating, storing, and delivering penetration testing reports.

Billing and subscription management via our payment processor (Stripe).

Sending transactional emails (scan completion, report delivery, account alerts).

Improving scan accuracy and AI model performance using anonymized, aggregated findings data.

Detecting and preventing abuse, fraud, or unauthorized use of the platform.

Responding to support requests and legal obligations.

We do not sell your personal data or scan results to third parties. We do not use your scan findings to train commercial AI models without explicit written consent.

3. Data Security

Security is core to what we do. We apply the same standards to protecting your data that we teach our platform to test for:

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256.

Scan results are stored in isolated, tenant-separated storage environments.

Access to production systems is restricted to authorized personnel via MFA-enforced accounts.

We conduct regular internal security reviews and third-party penetration testing.

Incident response procedures are documented and tested quarterly.

4. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specific retention periods:

Scan results and reports: retained for 12 months by default; configurable in account settings.

Account data: retained for the lifetime of your account plus 30 days after deletion.

Billing records: retained for 7 years as required by financial regulations.

Server logs: retained for 90 days for security and debugging purposes.

Upon account deletion, all personal data and scan artifacts are permanently purged within 30 days, except where retention is required by law.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: request a copy of the personal data we hold about you.

Correction: request correction of inaccurate or incomplete data.

Deletion: request erasure of your data, subject to legal retention obligations.

Portability: receive your data in a structured, machine-readable format.

Objection: object to certain processing activities, including marketing communications.

Restriction: request that we limit how we process your data in certain circumstances.

To exercise any of these rights, email us at privacy@pentevo.com. We will respond within 30 days.