1. Introduction
Welcome to Petawall Security Platform ("we," "our," or "us"). We are committed to protecting your privacy and handling your data with transparency and care. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cybersecurity assessment platform and related services (collectively, the "Platform").
2. Information We Collect
2.1 Information You Provide
- Account Information: Email address, company name, job title, and password when you register.
- Assessment Data: System architecture descriptions, code samples, network traffic captures (PCAP files), mobile application files (APK/IPA), and questionnaire responses submitted for analysis.
- Communication Data: Information you provide when contacting support, participating in surveys, or requesting demonstrations.
2.2 Information Automatically Collected
- Usage Data: IP address, browser type, operating system, pages viewed, features used, and time spent on the Platform.
- Device Information: Device type, unique device identifiers, and mobile network information.
- Log Data: Server logs, error reports, and performance data.
2.3 Information from Third Parties
- Authentication providers if you use single sign-on (SSO).
- Payment processors for billing information (we do not store full payment details).
3. How We Use Your Information
3.1 Service Delivery
- Process and analyze your security assessment requests.
- Generate reports and recommendations based on your submissions.
- Maintain and improve the Platform's functionality.
- Authenticate your access and manage your account.
3.2 Security and Compliance
- Detect security vulnerabilities and present the report to you for further action.
- Comply with legal obligations and enforce our Terms of Service.
- Conduct audits and maintain platform integrity.
3.3 Communication
- Send service updates, security alerts, and administrative messages.
- Respond to your inquiries and support requests.
- Provide information about features, updates, and educational content (with opt-out options).
3.4 Improvement and Analytics
- Analyze usage patterns to enhance user experience.
- Develop new features and capabilities.
- Conduct research to improve cybersecurity methodologies.
4. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area (EEA), we process your personal information based on the following legal grounds:
- Performance of a Contract: To provide our services to you.
- Legitimate Interests: To improve our services, ensure security, and prevent fraud.
- Compliance with Legal Obligations: To comply with applicable laws.
- Consent: Where you have provided consent for specific processing activities.
5. Data Sharing and Disclosure
5.1 Service Providers
We share information with trusted third-party vendors who assist in operating our Platform, including:
- Cloud infrastructure providers (AWS, Azure, GCP)
- Analytics services
- Customer support tools
- Email communication services
5.2 Legal Requirements
We may disclose information if required to do so by law or in response to valid requests by public authorities (e.g., subpoenas or court orders).
5.3 Business Transfers
In the event of a merger, acquisition, or asset sale, your information may be transferred to the acquiring entity.
5.4 With Your Consent
We may share information for other purposes with your explicit consent.
5.5 We Do NOT:
- Sell your personal information to third parties.
- Use your submitted code, network captures, or proprietary data to train public AI models without explicit permission.
- Save your submitted code, network captures, or proprietary data. They get deleted immediately after analysis.
- Share your assessment data with competitors.
6. Data Retention
We retain your information for as long as necessary to:
- Provide you with our services.
- Comply with legal obligations (e.g., tax and audit requirements).
- Resolve disputes and enforce agreements.
Specific Retention Periods:
- Account Information: Duration of account + 30 days after closure
- Assessment Reports: 12 months
- Payment Records: 7 years (legal requirement)
7. Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Regular security assessments and penetration testing
- Access controls and multi-factor authentication
- Employee training on data protection
- SOC 2 Type II compliance (or similar certification)
However, no method of transmission over the Internet or electronic storage is 100% secure.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place through:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Compliance with the EU-U.S. Data Privacy Framework (if applicable).
- Data Processing Agreements with all sub-processors.
9. Your Rights and Choices
Depending on your location, you may have the following rights:
- Access: Request copies of your personal information.
- Rectification: Correct inaccurate or incomplete information.
- Erasure: Request deletion of your information (subject to legal exceptions).
- Restriction: Limit how we process your information.
- Data Portability: Receive your information in a structured, commonly used format.
- Objection: Object to processing based on legitimate interests.
- Withdraw Consent: Withdraw consent where processing is based on consent.
To exercise these rights, contact us at support@petawall.com.
10. Children's Privacy
Our Platform is not intended for individuals under the age of 18. We do not knowingly collect information from children.
11. Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Authenticate users and maintain sessions.
- Remember preferences and settings.
- Analyze platform usage and performance.
- Deliver relevant content and communications.
You can control cookies through your browser settings. However, disabling certain cookies may affect Platform functionality.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on this page with a revised "Last Updated" date.
- Sending an email notification for significant changes.
- Displaying a notice within the Platform.
Your continued use of the Platform after changes constitutes acceptance of the revised policy.