Legal

Privacy Policy

Effective as of

1. Introduction

PentestCheck is a continuous automated security validation platform operated by PentestCheck (“we”, “our”, “us”). This Privacy Policy describes how we collect, use, store, and protect the information of users who access https://pentestcheck.com and the application at https://pentestcheck.com.

By creating an account or using the platform, you agree to the terms of this policy. If you do not agree, please do not use the service. This policy may be updated; we will publish the new version with an updated effective date.

2. Data we collect

We collect two main categories of data:

2.1 Account data

  • Name and email address (required for registration)
  • Organization name (optional)
  • Billing data processed by a third-party payment gateway (we do not store card data)
  • Authentication logs (IP address, timestamp, user-agent)

2.2 Scan operation data

When you run a scan, we collect and store the following operational data:

  • Target domains submitted for scanning
  • Subdomains discovered during execution
  • IP addresses and ports identified
  • Technologies and HTTP headers detected (fingerprinting)
  • Vulnerabilities found, including CVEs and misconfigurations
  • Threat Score calculated (0–10) per execution
  • Execution metadata: duration, engines used, timestamps

3. How scan data is handled

All scan data is strictly isolated per organization. A user from one organization never has access to scan data from another organization.

We do not sell, license, or share scan data with third parties, including advertisers, data brokers, or competitors.

We use scan data exclusively to: (a) display results in the interface, (b) generate PDF reports, (c) compute diffs between scan runs, and (d) send alerts via the webhook configured by the user.

4. PDF Reports

PDF reports are generated on demand and available for download while the account is active.

After deletion, the associated data is removed from our systems within 90 days.

5. Webhooks and integrations

The platform allows configuring webhook URLs to receive alert notifications in external services (Slack, Discord, Telegram, proprietary systems).

Review the privacy policies of destination platforms before configuring webhooks to third-party services.

6. Retention and deletion

After subscription cancellation, data is available for a grace period of 30 days.

To request immediate deletion of data, please contact our team.

7. Cookies and analytics

We use strictly necessary cookies for authentication and session security.

We do not use cross-site tracking cookies, advertiser pixels, or device fingerprinting.

8. Privacy contact

For any question about this policy, visit our contact page or email contact@pentestcheck.com.