🛡Free public scan: paste any URL — get every risk in 2 minutes. · No credit card. No setup.Run Free Scan →
𓆗PYTHORIX
LoginRun Free Scan
LEGAL · PRIVACY POLICY

Privacy Policy

Effective date: 2026-01-01 · Last updated: 2026-05-09

1. Who we are

"Pythorix", "we", "us" refers to Pythorix Security Cloud, the operator of the Pythorix Autonomous Offensive Security Platform.

2. What we collect

  • Account data: email, name, password hash (bcrypt), provider (email/google), avatar URL when supplied via Google.
  • Workspace data: organisation name, member roles, plan tier, billing identifiers.
  • Asset data: hostnames, URLs, asset kind/environment/criticality, ownership-verification token.
  • Scan results: findings, severity, evidence snippets (≤5KB each), attack-graph metadata, exposure flags.
  • Telemetry: IP at login, user-agent, audit-log events for every privileged action.
  • Communications: messages you send via Contact / Support.

3. What we do not collect

  • Full HTTP response bodies from your assets (we keep bounded evidence snippets).
  • Detected secrets in plaintext (we flag + redact).
  • Tracking data via third-party advertising networks.

4. Why we collect it

  • Authenticate you and authorise scans.
  • Deliver scan results, reports, and continuous monitoring.
  • Bill you (Pro / Growth / Enterprise plans).
  • Detect platform abuse and protect customer data.
  • Comply with legal obligations.

5. Subprocessors

See our Trust Center for the current list. We update it whenever it changes.

6. Data retention

  • Account data: kept while your account is active. Deleted within 30 days of account deletion.
  • Scan results: 90 days by default; configurable per workspace.
  • Audit log: 12 months minimum.
  • Billing records: 7 years (legal requirement).

7. Your rights (GDPR / CCPA)

  • Access — request a copy of your data.
  • Rectification — correct inaccuracies.
  • Erasure — delete your account and associated data.
  • Portability — export your scan results in JSON / CSV / HTML.
  • Object — to processing for marketing or analytics.

Exercise any right via Contact. We respond within 30 days.

8. Cookies

See our Cookie Policy.

9. Security

See our Trust Center. TL;DR: TLS in transit, encrypted at rest, RBAC, audit-logged, hash-chained.

10. Changes

We'll post material changes here and notify active customers by email at least 30 days before they take effect.

11. Contact

Privacy questions: contact us.

🛡Run Free Scan