← DeepSight

Privacy Policy

Effective date: April 21, 2026

1. Who We Are

DeepSight Security ("DeepSight", "we", "us", or "our") provides Open Source Intelligence (OSINT) analysis and AI-powered penetration testing services. This Privacy Policy describes how we collect, use, store, and protect personal data you provide when registering for or using our platform.

2. Data We Collect

We collect the following categories of data:

  • Account data: Full name, work email address, password (stored as a cryptographic hash), company name, company domain, phone number, and billing address.
  • Domain verification data: DNS TXT records you add to your domain for authorization purposes.
  • Usage data: Log files, IP addresses, browser type, pages visited, and timestamps when you interact with the platform.
  • Scan results: OSINT intelligence and security findings generated against your registered domain, stored in your account.

3. How We Use Your Data

We use your data to:

  • Provision and operate your DeepSight account and services.
  • Perform authorized OSINT analysis and penetration testing against domains you have verified ownership of.
  • Communicate with you about your account, reports, and service updates.
  • Improve our platform and security capabilities.
  • Comply with applicable legal obligations.

We do not sell your personal data to third parties.

4. Legal Basis for Processing (GDPR)

Where the General Data Protection Regulation (GDPR) applies, we process your personal data on the following legal bases:

  • Contract performance: Processing necessary to deliver the services you have requested.
  • Legitimate interests: Security monitoring, fraud prevention, and service improvement.
  • Legal obligation: Compliance with applicable law.
  • Consent: Where we explicitly request consent, such as for marketing communications.

5. Data Retention

We retain your account data for as long as your account is active, or as required to fulfil legal and contractual obligations. Scan data and reports are retained for a minimum of 12 months and may be retained longer at your request. You may request deletion of your account and associated data at any time by contacting us.

6. Data Security

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

7. Third-Party Services

We use the following third-party providers to operate our service:

  • Google Firebase: Authentication and database storage.
  • Google reCAPTCHA: Spam and abuse prevention on registration forms.
  • Vercel: Cloud hosting and deployment infrastructure.

Each provider operates under their own privacy policy and data processing terms. We ensure appropriate data processing agreements are in place where required.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right to access and receive a copy of your data.
  • Right to rectification of inaccurate data.
  • Right to erasure ("right to be forgotten").
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to processing based on legitimate interests.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

9. Cookies

We use session cookies for authentication and functional purposes. We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but this may affect platform functionality.

10. International Transfers

Your data may be processed on servers located outside your country of residence, including within the European Economic Area and the United States. Where transfers occur, we ensure appropriate safeguards are in place in accordance with applicable data protection law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

For questions, data requests, or complaints related to this Privacy Policy, contact:

DeepSight Security

Data Controller

← Back to DeepSight