Privacy Policy
Effective: January 1, 2026
This Privacy Policy explains how iPentest LLC ("iPentest", "we", "us") collects, uses, and protects information when you use our website and security testing services.
1. Information we collect
We collect information that you provide directly and information that is collected automatically when you use our services.
- You provide: name, email address, company name, message content, and target details (such as domains, IP addresses, or applications) when you contact us or place an order.
- Payment information: processed by our payment provider. We do not store full payment card details.
- Technical information: IP address, browser type, device information, and pages visited, collected through standard server logs.
- Cookies and similar technologies: a small set of strictly necessary cookies that allow the site to function, plus optional analytics cookies set by Google Analytics that are only loaded if you have provided consent. You can change your choice at any time using the "Cookie preferences" link in our footer.
2. Security testing data
When you engage iPentest for an assessment, we also collect and process:
- Target scope you submit, including domain names, IP addresses, applications, accounts, and similar assets.
- Findings produced by our scans and manual testing, including hosts, ports, services, vulnerabilities, and supporting evidence.
- Reports we deliver to you, including any sharing links you generate.
- Limited packet and HTTPS proxy captures recorded during a live engagement to verify findings.
- Messages you send to our in-app AI assistant.
To support AI-assisted review of findings and the in-app chat assistant, target details, findings, and your assistant messages are processed by Anthropic. Generated reports are encrypted at rest in Cloudflare R2 to enable secure sharing with you.
3. How we use information
- To provide, operate, and improve our security testing services.
- To communicate with you about your inquiry, account, or order.
- To verify authorization to test the targets you submit.
- To comply with legal obligations and to detect or prevent fraud or abuse.
4. How we share information
We do not sell personal information. We share information only with:
- Service providers who help us run the business: Stripe (payment processing), Formspark (contact form delivery), Freshdesk (customer support ticketing), Google Analytics (website analytics, only loaded after you provide cookie consent), Google (sign-in via OAuth for customer accounts), Anthropic (AI-assisted review of testing data and the in-app chat assistant), Cloudflare (encrypted report storage), and DigitalOcean (server hosting and ephemeral consultant workstations). These providers are contractually limited to using your information solely to provide their services to us.
- Authorities when required by law, legal process, or to protect rights, property, or safety.
5. Data retention
We retain personal information only as long as necessary to provide our services, fulfill the purposes described in this Policy, and meet legal, tax, or accounting requirements. Security testing reports and findings may be retained as needed to support re-testing and customer requests.
6. Security
We use administrative, technical, and physical safeguards designed to protect your information. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
7. Your rights
Depending on where you live, you may have the right to access, correct, delete, or receive a copy of personal information we hold about you, or to object to or restrict its processing. To exercise these rights, contact us at support@ipentest.com. We may need to verify your identity before fulfilling a request.
8. International data transfers
iPentest LLC is based in the United States. By using our services, you understand that your information may be transferred to and processed in the United States and other countries where we or our service providers operate.
9. Children
Our services are not directed to individuals under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.
10. Changes to this Policy
We may update this Policy from time to time. The "Effective" date at the top will reflect any changes. Material changes will be communicated through the website or by email where appropriate.
11. Contact
Questions or requests regarding this Policy should be sent to support@ipentest.com.