Privacy Policy

A legal disclaimer

Penlytic (“we”, “our”, or “us”) is a cybersecurity and penetration testing company committed to protecting the privacy, confidentiality, and security of personal and technical data. This Privacy Policy explains how we collect, use, process, and protect information when you interact with our website, services, or communications.

1. Scope of This Policy

This Privacy Policy applies to visitors of the Penlytic website, clients and prospective clients, and any individuals whose data may be processed in the course of penetration testing, security assessments, or related cybersecurity services performed by Penlytic.

2. Information We Collect

We may collect personal information that you voluntarily provide to us, such as your name, email address, phone number, company affiliation, job title, billing information, and any information you share through communications or contact forms.

When you access our website or systems, we may automatically collect technical information, including IP addresses, browser type, operating system, access times, and usage logs. Cookies and similar technologies may be used to improve website functionality and user experience.

During authorized penetration testing or security engagements, we may process client system data, including network information, application data, configurations, logs, and user-related metadata. Such data is accessed strictly within the scope defined in contractual agreements and written authorization.

3. Purpose of Processing

Penlytic processes information to deliver cybersecurity and penetration testing services, manage client relationships, communicate regarding engagements, improve our services and website, ensure operational security, and comply with legal and regulatory obligations.

4. Legal Basis for Processing

We process personal data based on contractual necessity, legitimate business interests related to security and service delivery, legal obligations, or consent where required by applicable data protection laws.

5. Data Sharing and Disclosure

Penlytic does not sell or rent personal data. Information may be shared internally with authorized personnel who are bound by confidentiality obligations. In limited cases, data may be shared with trusted third-party service providers who support our operations, or with legal and regulatory authorities when disclosure is required by law.

6. Data Retention

We retain personal and technical data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, meet contractual requirements, and comply with applicable laws. Engagement-related data is securely deleted or anonymized after the retention period defined in client agreements.

7. Data Security

Penlytic implements appropriate technical and organizational security measures to protect data against unauthorized access, disclosure, alteration, or destruction. These measures include access controls, encryption, secure storage, and regular security assessments.

8. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict the processing of your personal data, as well as the right to object to certain processing activities. Requests can be submitted by contacting Penlytic using the details provided below.

9. International Data Transfers

Where personal data is transferred across borders, Penlytic ensures that appropriate safeguards are in place in accordance with applicable data protection laws.

10. Changes to This Policy

Penlytic may update this Privacy Policy from time to time. Any changes will be published on our website with an updated revision date.