Summary: We collect information to provide our security testing services. We protect your data with industry-standard security measures, never sell your personal information, and give you control over your data. For EU users, see our GDPR Compliance page.
At Redcliff Technologies LLC ("NegevSecure," "we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our penetration testing platform, website at negevsecure.com, APIs, and related services (collectively, the "Services").
This Privacy Policy applies to all users of our Services, including:
By using our Services, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with our practices, please do not use our Services.
We collect information that you voluntarily provide when you:
When you use our Services, we automatically collect:
When you use our security scanning services, we process:
Scan data may contain sensitive information about vulnerabilities in your systems. We treat all scan data as confidential and apply strict access controls. You are responsible for ensuring you have authorization to scan any targets.
We may receive information about you from:
For users in the European Economic Area (EEA), UK, and Switzerland, we process personal data under the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing our Services | Contract performance |
| Processing payments | Contract performance |
| Security and fraud prevention | Legitimate interests |
| Service improvements | Legitimate interests |
| Marketing communications | Consent |
| Legal compliance | Legal obligation |
For more details on your rights under GDPR, please see our GDPR Compliance page.
We implement comprehensive technical and organizational measures to protect your information:
Security Incident Notification: In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.
We retain your information only as long as necessary for the purposes described in this Privacy Policy:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 7 years (legal requirements) |
| Scan data & findings | According to your subscription plan (30-365 days) |
| Billing records | 7 years (tax and accounting requirements) |
| Support tickets | 3 years after resolution |
| Marketing data | Until consent is withdrawn |
| Server logs | 90 days |
| Analytics data | 26 months (anonymized after) |
Upon account deletion or request, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes.
You can access, download, or export your personal data at any time through your account settings or by contacting us.
You can update or correct your personal information through your account settings or by contacting support.
You can request deletion of your personal data. Some data may be retained for legal or legitimate business purposes.
You can opt out of marketing communications at any time by:
You can manage your cookie preferences through our cookie consent banner or your browser settings. See our Cookie Policy for more details.
We currently do not respond to "Do Not Track" browser signals, but you can opt out of tracking through our cookie settings.
If you are in the EEA or UK, you have additional rights under GDPR. Please see our GDPR Compliance page for details.
California residents have specific rights under the CCPA, including the right to know what personal information we collect and the right to request deletion. Contact us at [email protected] to exercise these rights.
Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our primary servers are located.
When we transfer data internationally, we ensure appropriate safeguards are in place:
For transfers from the EU to the US, we rely on Standard Contractual Clauses and implement supplementary measures as required.
Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.
If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected].
Our Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before providing any personal information.
When you connect third-party services to your account (e.g., Jira, Slack, GitHub), those services may access certain data. You can manage and revoke these connections in your account settings.
We may update this Privacy Policy from time to time. When we make material changes, we will:
Your continued use of our Services after changes take effect constitutes acceptance of the updated Privacy Policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We aim to respond to all privacy-related inquiries within 30 days.
