PentestReportAI

Privacy Policy

Last updated: March 10, 2026

1. Information We Collect

Account information: When you register, we collect your name, email address, and a hashed version of your password. We never store passwords in plain text.

Finding data: When you use the web application, we temporarily process the raw text and images you submit to generate reports. This data is sent to third-party AI providers (Groq, Google Gemini) for processing.

Payment information: Payments are processed by PayPal. We do not store your credit card or PayPal account details. We store only the PayPal order ID and capture ID for transaction records.

Usage data: We collect basic analytics data such as page views and feature usage to improve the Service.

2. How We Use Your Information

We use your information to: (a) provide and maintain the Service; (b) process your payments and manage subscriptions; (c) send transactional emails (verification codes, payment confirmations); (d) improve the Service based on usage patterns; (e) respond to support requests.

3. Desktop Application Privacy

The PentestReportAI desktop application is designed with privacy as a priority. All report data is stored locally on your device using browser storage. Your findings and generated reports are never sent to our servers. AI processing calls go directly from your device to the AI provider (Groq/Gemini) — our servers are not involved in the data processing pipeline for desktop users.

4. Third-Party Services

We use the following third-party services that may process your data:

  • Groq / Google Gemini: AI processing of your findings text and images
  • PayPal: Payment processing
  • Resend: Transactional email delivery
  • Vercel: Application hosting and analytics
  • Neon: PostgreSQL database hosting

5. Data Retention

Saved reports in the web application are retained as long as your account is active. You can delete individual reports at any time. If you delete your account, all associated data will be permanently removed within 30 days. AI processing data is not stored after report generation is complete.

6. Data Security

We implement industry-standard security measures including: encrypted data transmission (HTTPS/TLS), hashed passwords (bcrypt), rate limiting on sensitive endpoints, Content Security Policy headers, and strict access controls. However, no method of transmission over the internet is 100% secure.

7. Your Rights

You have the right to: (a) access the personal data we hold about you; (b) request correction of inaccurate data; (c) request deletion of your data; (d) export your reports; (e) withdraw consent for data processing. To exercise these rights, contact us at the email below.

8. Cookies

We use essential cookies for authentication and session management. We use Vercel Analytics for basic usage metrics, which does not use cookies for tracking. We do not use advertising cookies or sell your data to third parties.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email. Continued use of the Service after changes constitutes acceptance.

10. Contact

For privacy-related questions or data requests, contact us.