Privacy Policy

Last updated: December 26, 2025

1. Introduction

PentaReport AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our penetration testing reporting platform.

2. Information We Collect

2.1 Account Information

When you create an account using Google OAuth, we collect:

  • Your name and email address from your Google account
  • Profile picture (if available)
  • Google account ID (for authentication purposes)

2.2 Usage Data

We automatically collect certain information when you use our service:

  • Browser type and version
  • Pages visited and features used
  • Time and date of visits
  • Device information

2.3 Vulnerability Data

When you upload scanner results (Nessus, Burp Suite, etc.), we process this data to provide our services. This data is stored securely and is never shared with third parties.

3. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve our services
  • Process and complete transactions
  • Send you technical notices and support messages
  • Respond to your comments and questions
  • Analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues

4. Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit using TLS 1.3
  • Data at rest is encrypted using AES-256
  • Access to production systems is restricted and audited
  • Regular security assessments and penetration testing

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You may request deletion of your account and associated data at any time by contacting us at support@mvpsec.ai.

6. Third-Party Services

We use the following third-party services:

  • Google Cloud Platform: Infrastructure hosting
  • Google Analytics: Usage analytics (anonymized)
  • Google OAuth: Authentication
  • Stripe: Payment processing (for paid plans)

7. Your Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Request transfer of your data
  • Objection: Object to processing of your data

To exercise these rights, contact us at privacy@mvpsec.ai.

8. Cookies

We use essential cookies required for authentication and session management. We also use analytics cookies (Google Analytics) to understand how users interact with our service. You can disable cookies in your browser settings, but this may affect functionality.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us: