Privacy Policy

1. Introduction

DashSec ("we", "us", "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data when you use our website and AI-powered penetration testing service ("the Service").

2. Information We Collect

Account Information

When you sign up, we collect your name, email address, and organization name via Google OAuth. We do not store your Google password.

Test Configuration Data

Target URLs, IP addresses, and testing parameters you provide when configuring a pen test.

Test Results

Vulnerability findings, evidence, and generated reports from your pen tests. This data may include information about your application's security posture, endpoints, and technical stack.

Usage Data

We collect standard analytics data including pages visited, features used, and general usage patterns to improve the Service. We use Google Analytics for website analytics.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card number or full payment details on our servers. Stripe's privacy policy governs the handling of your payment information.

3. How We Use Your Information

We use your information to:

• Provide and operate the penetration testing Service.
• Generate security reports based on your test results.
• Communicate with you about your account, tests, and the Service.
• Improve the Service, including training and improving our AI testing capabilities.
• Process payments and manage your subscription.
• Comply with legal obligations.

4. AI and Your Data

DashSec uses AI models to perform security testing and generate reports. Your test configuration and results are processed by our AI systems. We may use aggregated, anonymized patterns from tests to improve our AI's testing capabilities. We will never use your specific test results, vulnerability data, or reports to train AI models without your explicit consent.

5. Data Sharing

We do not sell your personal information. We share data only in these circumstances:

• Service providers: Cloud infrastructure (AWS), payment processing (Stripe), and analytics (Google Analytics) providers who process data on our behalf.
• Legal requirements: When required by law, regulation, or legal process.
• Safety: To protect the rights, safety, or property of DashSec, our users, or the public.

Your test results and vulnerability reports are confidential and are never shared with third parties.

6. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and secure infrastructure on AWS. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your account information and test results for the duration of your active account. Test reports are available for download for 12 months after generation. Upon account termination, we delete your data within 30 days, except where retention is required by law.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access and receive a copy of your personal data.
• Correct inaccurate personal data.
• Request deletion of your personal data.
• Object to or restrict processing of your personal data.
• Data portability — receive your data in a structured, machine-readable format.

To exercise any of these rights, contact us at hello@dashsec.io.

9. Cookies

Our website uses essential cookies for authentication and session management. We also use Google Analytics, which sets cookies for usage analytics. You can control cookies through your browser settings.

10. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "last updated" date at the top reflects the most recent revision.

12. Contact

Questions about this Privacy Policy? Contact us at hello@dashsec.io.