Legal
Privacy Policy
Effective date: July 7, 2026
1. Introduction
This Privacy Policy explains how ThreatWinds LLC(“ThreatWinds”, “we”, “us”, “our”) collects, uses, and protects personal information in connection with the ThreatExploit.ai platform, websites, applications, and services (the “Service”). It applies to visitors, account holders, and users of the Service. It should be read together with our Terms of Service and our Data Policy, which describes how we handle penetration-testing and customer data specifically.
2. Information We Collect
- Account and registration information — name, email address, organization name, role, and login credentials.
- Identity and authorization verification information— information used to verify your identity and your organization’s standing, and to confirm your authorization to test a given target, such as business details, domain or asset ownership evidence, and authorization or rules-of-engagement documentation. This may be collected directly or through verification providers.
- Billing information — where applicable, billing contact and transaction details. Payment card data is handled by our payment processors and is not stored by us.
- Usage and technical data — log data, IP address, device and browser information, pages viewed, feature usage, and diagnostic data.
- Communications — messages you send us, such as support requests, demo requests, and newsletter sign-ups.
- Cookies and similar technologies — as described in Section 8.
We do not use the personal information described here to train, fine-tune, or develop AI models.
3. How We Use Information
- To provide, operate, maintain, and secure the Service.
- To verify the identity of users and organizations, confirm authorization to test targets, and prevent fraud, abuse, and unauthorized or unlawful use.
- To process billing and manage accounts.
- To respond to inquiries and provide support.
- To send service communications and, where permitted, marketing communications (you can opt out of marketing at any time).
- To comply with legal obligations and enforce our Terms.
4. Legal Bases for Processing
Where data-protection laws such as the EU/UK GDPR apply, we process personal information on the bases of performance of a contract, our legitimate interests (including securing the Service and preventing misuse), compliance with legal obligations, and consent where required.
5. How We Share Information
We do not sell personal information. We share it only:
- with service providers and subprocessors who process it on our behalf — for example, cloud and infrastructure hosting, identity verification, payment processing, and the AI/LLM infrastructure used to run the Service — under contracts that limit their use to providing services to us;
- for legal reasons, where required by law or to protect rights, safety, or the security of the Service and its users;
- in a business transfer such as a merger or acquisition, subject to this Policy.
Our providers are not permitted to use customer data or personal information to train their own models or for their own purposes.
6. International Transfers
We may process information in the United States and other countries. Where required, we use appropriate safeguards for cross-border transfers of personal information.
7. Data Retention
We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. The handling and retention of penetration-testing and customer data is described in our Data Policy.
8. Cookies and Analytics
We use cookies and similar technologies to operate the site, remember preferences, and understand usage. You can control cookies through your browser settings; disabling some cookies may affect functionality.
9. Security
We implement technical and organizational measures to protect personal information, including encryption in transit and at rest, access controls, and least-privilege practices. See our Data Policy for details. No method of transmission or storage is completely secure.
10. Your Rights
Depending on your location, you may have rights to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent. Residents of certain U.S. states (for example, under the California CCPA/CPRA) have rights to know, delete, and correct personal information, and to opt out of its “sale” or “sharing” — we do not sell personal information. To exercise any right, contact info@threatexploit.ai. We will respond as required by law and may need to verify your identity first.
11. Children’s Privacy
The Service is not directed to individuals under 18, and we do not knowingly collect personal information from them.
12. Changes to This Policy
We may update this Policy from time to time. When we do, we will revise the “Effective date” above and, for material changes, provide reasonable notice.
13. Contact
Privacy questions or requests: info@threatexploit.ai — ThreatWinds LLC.
