Skip to main content

Privacy Policy

Last updated: October 25, 2025

Introduction

At Pentora, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our security scanning tool and related services.

Pentora is committed to being transparent about data collection. Our open source version does not collect any telemetry or usage data.

Information We Collect

Open Source Version

The open source version of Pentora runs entirely on your infrastructure and does not collect or transmit any data to Pentora servers. We do not have access to:

  • Your scan results
  • Target hosts or IP addresses
  • Discovered vulnerabilities
  • Usage patterns or telemetry
  • Any personally identifiable information

Enterprise Version

For Enterprise customers using our managed service, we may collect:

  • Account Information: Name, email address, company name, and billing details
  • Usage Data: Feature usage, scan frequency, and performance metrics (with your consent)
  • Support Data: Support tickets, chat logs, and feedback
  • Technical Data: IP address, browser type, and device information

Website Analytics

Our website (pentora.ai) uses minimal analytics to understand visitor behavior:

  • Page views and navigation patterns
  • Geographic location (country/region level only)
  • Referral sources
  • Device and browser information

We use privacy-focused analytics tools and do not use third-party tracking cookies.

How We Use Your Information

We use collected information only for the following purposes:

  • Service Delivery: To provide, maintain, and improve our services
  • Customer Support: To respond to inquiries and provide technical support
  • Billing: To process payments and manage subscriptions (Enterprise only)
  • Communication: To send service updates, security alerts, and newsletters (opt-in only)
  • Security: To detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: To comply with applicable laws and regulations

Data Retention

We retain your information only for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

  • Account Data: Retained while your account is active, plus 90 days after deletion
  • Scan Results: Enterprise customers control retention period (default: 90 days)
  • Support Tickets: Retained for 2 years for quality assurance
  • Billing Records: Retained for 7 years as required by law

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and authentication (including MFA)
  • Secure coding practices and dependency scanning
  • Incident response and breach notification procedures

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Data Sharing and Disclosure

We do not sell your personal information. We may share data only in these limited circumstances:

  • Service Providers: Third-party vendors who help us operate our services (hosting, payment processing)
  • Legal Requirements: When required by law, subpoena, or court order
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Consent: With your explicit consent for specific purposes

All service providers are contractually obligated to protect your data and use it only for specified purposes.

Your Rights

Depending on your location, you may have the following rights:

  • Access: Request access to your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (right to be forgotten)
  • Portability: Request a copy of your data in a structured format
  • Objection: Object to processing of your data
  • Restriction: Request restriction of processing
  • Withdraw Consent: Withdraw consent for data processing

To exercise these rights, contact us at privacy@pentora.ai. We will respond within 30 days.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure adequate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all third parties
  • Compliance with applicable data protection laws (GDPR, CCPA, etc.)

Children's Privacy

Pentora is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Cookies and Tracking

Our website uses minimal cookies for essential functionality only:

  • Essential Cookies: Required for website operation (authentication, preferences)
  • Analytics Cookies: Privacy-focused analytics (opt-out available)

We do not use advertising cookies or third-party tracking. You can control cookies through your browser settings.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date
  • Sending email notifications to Enterprise customers

Your continued use of Pentora after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Compliance

Pentora is committed to compliance with:

  • GDPR: General Data Protection Regulation (EU)
  • CCPA: California Consumer Privacy Act
  • SOC 2: Type II certification (Enterprise)
  • ISO 27001: Information security management (Enterprise)