Legal
Privacy Policy
Effective date: January 1, 2025. We take your privacy seriously. This policy explains what data we collect and how we use it.
On this page
1. Information We Collect
a) Information you provide directly
- Account data: name, email address, and password when you register
- Payment data: billing details processed by our payment provider (we do not store full card numbers)
- Hunt data: target URLs, scope definitions, and configuration you enter into the Service
- Communications: messages you send us via support or contact forms
b) Information collected automatically
- Usage data: pages visited, features used, session duration, and click events
- Log data: IP address, browser type, operating system, and referrer URL
- Device data: device identifiers and screen resolution
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Service
- Process payments and manage your subscription
- Send transactional emails (account creation, password reset, billing receipts)
- Respond to your support requests
- Monitor for security threats and prevent abuse
- Analyze aggregate usage patterns to improve the platform
- Comply with legal obligations
We do not sell your personal data to third parties. We do not use your hunt data (target URLs, findings) for training AI models without your explicit consent.
4. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., billing records for tax purposes, which we retain for up to 7 years).
Hunt logs and findings are retained for 90 days after they are generated and then automatically purged unless you have an active subscription with extended retention.
5. Security
We implement industry-standard security measures to protect your data, including:
- Encryption in transit (TLS 1.2+) and at rest
- Password hashing using bcrypt with a high cost factor
- Access controls limiting data access to authorized personnel only
- Regular security reviews and dependency audits
No system is completely secure. If you discover a security vulnerability in our platform, please report it responsibly at security@rasec.app.
7. Third-Party Services
The Service integrates with the following third-party services, each governed by their own privacy policies:
- Neon (database hosting): stores your account and hunt data in PostgreSQL
- Cloudflare: CDN, DDoS protection, and media storage
- Payment processor: handles subscription billing (we receive only masked payment data)
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: request a copy of the data we hold about you
- Correction: request correction of inaccurate data
- Deletion: request deletion of your data (“right to be forgotten”)
- Portability: receive your data in a machine-readable format
- Objection: object to certain processing of your data
- Restriction: request restriction of processing under certain circumstances
To exercise any of these rights, contact us at privacy@rasec.app. We will respond within 30 days.
9. Children’s Privacy
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us at privacy@rasec.app so we can delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting a notice on the Service. The “Effective date” at the top of this policy indicates when it was last revised. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
- Email: privacy@rasec.app
- Website: Contact form