Privacy Policy

Penetrify is operated by Algofy, s.r.o., a company incorporated under Czech law (ID No. 19499773), with its registered office at Nové sady 988/2, 602 00 Brno, Czech Republic. Algofy, s.r.o. is the data controller responsible for your personal data.

For any questions about this Privacy Policy or your personal data, please contact us at privacy@penetrify.cloud.

We collect personal data you provide directly when you create an account, including your name, email address, company name, and billing information. We also collect technical data automatically as you use our service, including IP addresses, browser type, pages visited, and usage logs.

When you connect third-party integrations such as GitHub or GitLab, we access repository metadata and authentication tokens necessary to provide the service. We do not access, store, or transmit the content of your source code beyond what is required to execute security scans.

We may also collect data you submit as scan configuration, such as target URLs, authentication credentials for testing, and custom instructions. This data is used solely to execute your requested scans.

We use your personal data to provide and maintain our service, process payments, send transactional communications (such as scan results and account notifications), respond to your enquiries, and comply with legal obligations.

We use aggregated, anonymised usage statistics to improve our AI models and service quality. This aggregated data cannot be used to identify individual users.

We do not use your data for advertising purposes and we do not sell your personal data to any third party.

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

Contract performance (Article 6(1)(b) GDPR): processing necessary to provide our services to you under our Terms of Service. Legitimate interests (Article 6(1)(f) GDPR): improving our service, preventing fraud, and ensuring the security of our platform. Legal obligation (Article 6(1)(c) GDPR): compliance with applicable laws, including tax and accounting requirements. Consent (Article 6(1)(a) GDPR): where you have explicitly consented to specific processing, such as marketing communications.

We do not sell your personal data. We share data only with trusted service providers acting as data processors on our behalf. These include: Amazon Web Services (cloud infrastructure and data storage, hosted in the EU); Stripe (payment processing); Google (AI model services used for security analysis); Sentry (error monitoring and performance tracking); and Cognito (authentication services).

All third-party processors are bound by data processing agreements and are required to maintain appropriate technical and organisational security measures. We ensure that any transfers outside the European Economic Area are protected by appropriate safeguards.

We retain your account data for as long as your account is active, plus 30 days following account deletion to allow for account recovery. Scan results and vulnerability reports are retained for 24 months from the date of the scan.

Billing records are retained for 7 years as required by Czech accounting and tax law. Audit logs are retained for 90 days. After the applicable retention period, data is securely deleted or anonymised.

Under GDPR, you have the following rights regarding your personal data: the right to access a copy of the data we hold about you; the right to correct inaccurate or incomplete data; the right to request deletion of your data ('right to be forgotten'); the right to restrict or object to certain processing; the right to data portability (receiving your data in a structured, machine-readable format); and the right to withdraw consent at any time where processing is based on consent.

You also have the right to lodge a complaint with a data protection supervisory authority. In the Czech Republic, this is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů) at uoou.gov.cz. If you reside in another EU member state, you may contact your local supervisory authority.

To exercise any of your rights, please contact us at privacy@penetrify.cloud. We will respond within 30 days.

We use essential cookies that are strictly necessary for the service to function, such as session authentication and CSRF protection tokens. We also use analytical cookies to understand how users interact with our platform so we can improve it.

We do not use advertising or tracking cookies. You can control cookie settings through your browser preferences. Disabling essential cookies may prevent certain features from functioning correctly.

We implement industry-standard security measures including TLS encryption for all data in transit, AES-256 encryption for data at rest, strict access controls and audit logging, regular internal security reviews, and secure software development practices.

Despite these measures, no online service can guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with applicable law.

Our primary infrastructure is hosted on AWS in the EU (Ireland and Frankfurt regions). All personal data is processed and stored within the European Economic Area.

Where we use sub-processors located outside the EEA, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs), to protect your data in accordance with GDPR requirements.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by email or by a prominent notice within our platform at least 14 days before the changes take effect.

The date at the top of this policy indicates when it was last updated. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.

For privacy-related enquiries, please contact us at: privacy@penetrify.cloud

Or by post: Algofy, s.r.o., Nové sady 988/2, 602 00 Brno, Czech Republic.