Privacy Policy

Last updated: January 2025

1. Introduction

Pentest Draft ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this Privacy Policy carefully.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, company name, and password when you create an account
  • Profile Information: Job title, team information, and preferences
  • Content Data: Pentest reports, findings, evidence, project data, and other content you upload or create
  • Payment Information: Billing details processed through secure payment processors (we do not store full credit card information)
  • Communication Data: Messages you send to us via email, chat, or support tickets

2.2 Automatically Collected Information

When you use our Service, we automatically collect certain information, including:

  • Usage Data: Features used, pages visited, time spent, and interaction patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, dates, error logs, and performance data
  • Cookies and Tracking Technologies: We use cookies and similar technologies to enhance your experience (see Section 7)

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, maintain, and improve our Service
  • Account Management: To manage your account, process payments, and communicate about your subscription
  • Authentication and Security: To verify your identity, prevent fraud, and protect against unauthorized access
  • Customer Support: To respond to your inquiries, provide technical support, and resolve issues
  • Communication: To send service updates, administrative messages, and marketing communications (with your consent)
  • Analytics and Improvement: To analyze usage patterns, understand user behavior, and improve our Service
  • Legal Compliance: To comply with legal obligations, enforce our Terms, and protect our rights

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist in operating our Service (e.g., cloud hosting, payment processing, analytics). These providers are contractually bound to protect your data.
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)
  • Protection of Rights: To protect our rights, property, safety, or that of our users
  • With Your Consent: When you explicitly authorize us to share your information

5. Data Storage and Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/SSL) and at rest
  • Regular security assessments and monitoring
  • Access controls and authentication measures
  • Secure data centers with physical and logical safeguards

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Your data is stored on servers located in secure data centers. We may transfer and store your data in countries other than your own, but we ensure appropriate safeguards are in place.

6. Data Retention

We retain your personal information for as long as necessary to provide the Service, fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.

When you cancel your account, we will retain your data for a period of 30 days to allow for account recovery. After this period, your data will be deleted unless we are required to retain it for legal purposes. You may request earlier deletion of your data by contacting us.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information. Cookies are small text files placed on your device that help us:

  • Remember your preferences and settings
  • Authenticate your sessions
  • Analyze how you use our Service
  • Provide personalized experiences

You can control cookies through your browser settings, but disabling cookies may limit your ability to use certain features of the Service.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal information
  • Portability: Request export of your data in a portable format
  • Objection: Object to certain processing of your data
  • Restriction: Request restriction of processing
  • Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at hello@pentestdraft.com. We will respond to your request within 30 days.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure that appropriate safeguards are in place, such as standard contractual clauses, to protect your data during such transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We may also notify you via email or through the Service.

Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

12. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: hello@pentestdraft.com