Back to Home

Privacy Policy

Last Updated: November 6, 2025

Your Privacy & Data Protection

Pentlix is committed to protecting your privacy while maintaining comprehensive security logs for authorized testing activities. This policy explains what data we collect, how we use it, and your rights regarding your personal information.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Name: Used for account personalization
  • Email Address: Used for account identification and communication
  • Password: Securely hashed using industry-standard encryption (bcrypt)
  • Registration Date: Timestamp of account creation

Activity & Usage Data

We automatically collect:

  • Audit Logs: Service usage, target systems, scan parameters, and timestamps
  • IP Addresses: For security monitoring and geographic compliance
  • Browser Information: User agent, device type, and operating system
  • Session Data: Login times, duration, and authentication events
  • API Calls: Requests made to our security testing services

Scan Results & Findings

  • Target Information: URLs, domains, files analyzed during security testing
  • Vulnerability Data: Security findings, risk levels, and remediation details
  • AI Conversations: Chat history with Nova AI

2. How We Use Your Information

We use collected data for the following purposes:

Service Delivery

Providing security testing tools, generating scan reports, and delivering AI-powered analysis

Authentication & Security

Verifying identity, preventing unauthorized access, and detecting malicious activities

Compliance & Auditing

Maintaining audit trails for regulatory compliance and authorized use verification

Platform Improvement

Analyzing usage patterns to enhance features and optimize performance

3. Data Security Measures

We implement industry-standard security practices to protect your data:

  • Encryption: All passwords are hashed using bcrypt; data in transit uses HTTPS/TLS
  • Database Security: PostgreSQL with secure connections and access controls
  • Access Control: Role-based permissions and authentication requirements
  • Rate Limiting: Protection against brute force and automated unauthorized access attempts
  • Session Management: Secure session tokens and automatic expiration
  • Input Validation: CSRF protection and sanitization of user inputs

4. Data Sharing & Disclosure

We do not sell or share your personal information with third parties, except in the following circumstances:

  • Legal Obligations: When required by law, court order, or regulatory authority
  • Security Violations: Reporting unauthorized access attempts or illegal activities to law enforcement
  • Target System Owners: Providing audit logs when users test systems without proper authorization (fraud investigation)
  • Service Providers: Third-party APIs for security scanning and AI analysis under strict data processing agreements

5. Data Retention

We retain different types of data for varying periods:

  • Account Data: Retained as long as your account is active, plus 90 days after deletion
  • Audit Logs: Retained for 7 years for compliance and legal purposes
  • Scan Results: Retained for 12 months, unless you request earlier deletion
  • AI Chat History: Retained for 6 months for service improvement
  • Session Data: Automatically deleted after session expiration (24 hours)

6. Your Rights & Choices

You have the following rights regarding your personal data:

Access: Request a copy of your personal data and activity logs
Correction: Update or correct inaccurate information in your profile
Deletion: Request account deletion (subject to legal retention requirements for audit logs)
Export: Download your scan results and activity history

7. Cookies & Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication and session management
  • Security Cookies: CSRF tokens and security headers
  • Functional Cookies: Storing user preferences and UI settings

We do not use third-party advertising or analytics cookies.

8. Children's Privacy

This platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email to registered users. Continued use of the Service after changes indicates acceptance of the updated policy.

10. Contact Us

For privacy-related questions, data access requests, or concerns about your personal information, please contact our Data Protection team through official support channels.

Important: For security vulnerability reports, please use our responsible disclosure process outlined in the Documentation section, not privacy contact channels.