LEGAL
Privacy Policy
Last updated: April 17, 2026
1. Introduction
Pentesty operates an AI-powered penetration testing platform. This Privacy Policy explains how we collect, use, and protect information when you use our Service. By using Pentesty, you agree to the practices described in this policy.
2. Information We Collect
We collect the following types of information: Account data: your work email address and company name provided during registration. Scan data: the target URLs, domains, or IP addresses you submit for scanning, along with the results produced by security tools and AI analysis. Usage data: pages visited, features used, session duration, and browser or device metadata, collected via PostHog analytics. Communication data: emails you send to our support address.
3. How We Use Your Information
We use your information to: (a) provide and operate the Service, including running scans and generating reports; (b) authenticate your identity and manage your account; (c) improve the Service through aggregated, anonymized usage analysis; (d) respond to support requests; (e) send transactional emails such as OTP codes and scan completion notifications; (f) comply with legal obligations.
4. Third-Party Services
Pentesty relies on the following third party services: Supabase (supabase.com): provides our database, authentication system, and file storage for PDF reports. Your account data and scan results are stored in Supabase infrastructure. Anthropic (anthropic.com): our AI analysis is powered by Claude. Scan outputs are sent to the Anthropic API for vulnerability analysis and report generation. PostHog (posthog.com): provides product analytics. Usage events are sent to PostHog. No scan content or personally identifiable data is included in analytics events.
5. Data Retention
Scan results and associated reports are retained for as long as your account is active. You may delete individual scans from your dashboard at any time. When you delete your account, all associated data is removed within 30 days, except where retention is required by applicable law.
6. Security
We implement industry-standard security measures including encryption in transit (TLS), encrypted storage, access controls, and Row Level Security on our database so that only you can access your scan data. No system is completely secure, and we cannot guarantee absolute security.
7. Your Rights
Depending on your jurisdiction, you may have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data; object to or restrict certain processing; and data portability. To exercise these rights, contact us at support@pentesty.co.
8. Cookies
We use session cookies for authentication purposes. Analytics events are tracked by PostHog using a first-party cookie. We do not use advertising or tracking cookies. You can disable cookies in your browser settings, though this may affect authentication functionality.
9. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal information, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact
If you have questions or concerns about this Privacy Policy, please contact us at support@pentesty.co.