Last updated: December 25, 2025

Privacy Policy

Your privacy matters. Here's how we collect, use, and protect your data.

🔒 TL;DR

• We collect only what's necessary to provide our security testing services
• We never sell your personal data to third parties
• All data is encrypted in transit and at rest
• You can delete your data at any time
• GDPR and CCPA compliant

Information We Collect

Account Information

When you create an account, we collect your email address, name, and password. We use this to authenticate you and provide our services.

Usage Data

We collect information about how you use RaSEC, including scan targets (URLs, code snippets), scan results, and feature usage. This helps us improve our service.

Technical Data

We automatically collect IP addresses, browser type, device information, and access times for security and analytics purposes.

How We Use Your Data

Service Delivery

We use your data to provide security scanning services, generate vulnerability reports, and power AI-assisted analysis.

Product Improvement

Anonymized and aggregated data helps us improve detection accuracy, reduce false positives, and develop new features.

Communication

We may send you service updates, security alerts, and marketing communications (with your consent).

Data Security

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We use industry-standard security practices.

Access Control

Employee access to user data is strictly limited and logged. We follow the principle of least privilege.

Infrastructure

Our infrastructure is hosted on SOC 2 Type II certified cloud providers with continuous monitoring.

Data Sharing

No Selling

We never sell your personal information to third parties. Your data is not a product.

Service Providers

We share data with trusted providers (hosting, analytics) under strict data processing agreements.

Legal Requirements

We may disclose data if required by law, court order, or to protect our rights and safety.

Data Retention & Deletion

Scan Results

Scan results are retained for 90 days by default. Pro and Team users can configure custom retention periods.

Account Data

Account data is retained while your account is active. Upon deletion, data is removed within 30 days.

Backup Data

Backup copies may be retained for up to 90 days after deletion for disaster recovery purposes.

Your Rights

Access

You can access and download your personal data at any time from your account settings.

Correction

You can update or correct your personal information through your account dashboard.

Deletion

You can request complete deletion of your account and associated data at any time.

Portability

You can export your scan history and reports in standard formats (JSON, PDF).

Questions About Privacy?

Contact our Data Protection Officer for any privacy-related inquiries.

privacy@rasec.app