Privacy Policy

1. Information We Collect

1.1 Personal Information

We may collect the following personal information:

• Contact Information: Name, email address, phone number, job title, company name
• Account Information: Username, password (encrypted), profile preferences
• Billing Information: Payment details, billing address, tax information
• Communication Data: Messages, support tickets, feedback, survey responses

1.2 Technical Information

We automatically collect technical information including:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, features used, time spent, click patterns
• Performance Data: Error logs, response times, system performance metrics
• Security Data: Authentication logs, access attempts, security events

1.3 Vulnerability Data

Through our cybersecurity platform, we process:

• Scan Results: Vulnerability findings, risk assessments, remediation status
• Asset Information: Network topology, system configurations, software inventory
• Threat Intelligence: Security indicators, attack patterns, threat feeds

2. How We Use Your Information

2.1 Service Provision

• Provide and maintain our cybersecurity platform
• Process vulnerability scans and generate reports
• Deliver AI-powered security insights and recommendations
• Manage user accounts and authentication

2.2 Communication

• Send service notifications and security alerts
• Provide customer support and technical assistance
• Deliver product updates and feature announcements
• Send marketing communications (with your consent)

2.3 Improvement and Analytics

• Analyze usage patterns to improve our services
• Develop new features and enhance existing functionality
• Conduct security research and threat intelligence
• Generate aggregated, anonymized insights

3. Information Sharing and Disclosure

We do not sell your personal information. We may share information in these limited circumstances:

3.1 Service Providers

We work with trusted third-party service providers who assist us in:

• Cloud infrastructure and hosting (AWS, Microsoft Azure)
• Payment processing (Stripe, PayPal)
• Customer support tools (Intercom, Zendesk)
• Analytics and monitoring (Google Analytics, DataDog)

3.2 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Protect the rights, property, or safety of Scan Ninja AI, our users, or others
• Investigate security incidents or prevent fraud
• Enforce our Terms of Service or other agreements

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction, subject to equivalent privacy protections.

4. Data Security and Protection

4.1 Security Measures

We implement industry-leading security controls:

• Encryption: AES-256 for data at rest, TLS 1.3 for data in transit
• Access Controls: Multi-factor authentication, role-based permissions
• Network Security: Firewalls, intrusion detection, DDoS protection
• Monitoring: 24/7 security monitoring and incident response

4.2 Compliance

Our security practices align with:

• SOC 2 Type II certification
• GDPR and CCPA compliance
• NIST Cybersecurity Framework
• ISO 27001 standards

5. Data Retention

We retain different types of data for varying periods:

• Account Data: Retained while your account is active, plus 30 days after deletion
• Vulnerability Data: Retained for historical analysis, typically 3-5 years
• Communication Records: Retained for 3 years for support and legal purposes
• Analytics Data: Aggregated data may be retained indefinitely

6. Your Privacy Rights

Depending on your location, you may have the following rights:

6.1 Access and Portability

• Request access to your personal information
• Receive a copy of your data in a portable format
• Obtain information about how your data is processed

6.2 Correction and Deletion

• Correct inaccurate or incomplete information
• Request deletion of your personal data (right to be forgotten)
• Restrict or object to certain processing activities

6.3 Exercising Your Rights

To exercise these rights, contact us at [email protected]. We will respond within 30 days of receiving your request.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for basic site functionality and security
• Performance Cookies: Help us understand how users interact with our site
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used for targeted advertising (with your consent)

You can manage cookie preferences through your browser settings or our Cookie Policy.

8. International Data Transfers

We may transfer your information to countries outside your residence. We ensure appropriate safeguards through:

• Adequacy decisions by relevant authorities
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules
• Other approved transfer mechanisms

9. Children's Privacy

Our service is not directed to children under 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will:

• Notify you of material changes via email or platform notification
• Post the updated policy on our website with a new effective date
• Provide 30 days notice for significant changes

11. Contact Us

If you have questions about this Privacy Policy or our data practices: