Privacy Policy

This Privacy Policy was last updated on March 19, 2020.

pentestIQ (“pentestIQ,” “we”, “us” or “our”) developed our services to help you gain valuable security intelligence. We understand that privacy is important to both our online visitors and registered users. We respect your privacy and will take reasonable steps to protect your information as described in this Privacy Policy. We kindly ask that you read this privacy policy in full before using our website. Additionally, if you have any questions or concerns regarding this statement, please contact us about our privacy practices at any time via

This Privacy Policy will help you understand the following:

When pentestIQ receives Personal Data from enterprise customers in the EU or Switzerland and processes that Personal Data on the customer’s behalf, pentestIQ acts as a processor (“Processor”). When pentestIQ collects and uses Personal Data on its own behalf or otherwise makes independent decisions about how the Personal Data will be used, pentestIQ acts as a controller (“Controller”). This Policy explains how pentestIQ complies with the Privacy Shield Principles as a processor and as a controller.

1. What does this Privacy Policy apply to?

pentestIQ is located at 350 Rhode Island St Suite 240, San Francisco, CA 94103. This Privacy Policy applies to the website, including all subpages and successor pages (collectively referred to as the “Site”), and also applies to all software and services that we offer, including services that we offer through our Site when you register for a pentestIQ account (collectively referred to as the “Services”).

This Privacy Policy does not apply to any website, product or service of any third-party company even if the third-party website links to (or is linked from) our Site. pentestIQ does not operate or control those websites, products or services. Please always review the privacy practices of a company before deciding whether to provide any information.

By using our Site or Services, you are accepting the practices described in this Policy.

2. Information collection and use

Broadly speaking, we collect information in three ways: (1) when you provide it directly to us, (2) when we obtain information about you from third parties or our systems, and (3) passively through technology such as “cookies.” The types of information that we collect, and our use of that information are described below.

Personal Data

The term “Personal data”, as used in this Privacy Policy, refers to any information that can be used to identify or relates to an identifiable person. Personal data does not include information that has been aggregated or made anonymous such that it can no longer be reasonably associated with a specific person. Personal data we collect may include:

Cookies, Web Server Logs and Other Technologies

Similar to many commercial websites, we utilize “cookies” and other technologies to collect information in connection with our Site. “Cookies” are a feature of web browser software that allows web servers to recognize the computer used to access a website. Cookies store information accessed through your browser to streamline activities and make the online experience easier and more personalized. Information gathered through cookies and web-server log files may include information such as the date and time of visits, the pages viewed, IP addresses, links to/from any page, and time spent at a site. We use cookie data to measure web traffic and usage activity on our Site for purposes of improving and enhancing the functionality of our Site, to look for possible fraudulent activity, and to better understand the sources of traffic and transactions on our Site. Cookies also allow our servers to remember your account information for future visits and to provide personalized and streamlined information across related pages on our Site. In order to understand and improve the effectiveness of our advertising, we may also use web beacons, cookies, and other technology to identify the fact that you have visited our Site or seen one of our advertisements. If you do not want information collected through the use of cookies, most browsers allow you to automatically decline cookies, or be given the choice of declining or accepting a particular cookie (or cookies) from a particular site. You may also consider visiting, which provides helpful information about cookies. You can choose to disable cookies for our Site but this may limit your ability to use our Site and Services.

We may use third party advertising networks to serve advertisements that may be of interest to you when you access and use the Site and other websites, based on information relating to your access to and use of the Site and other websites, on any of your devices. To do so, these networks may place or recognize a unique cookie on your browser (including through use of web beacons or pixel tags). They may use these technologies, along with information they collect about your online use, to recognize you across the devices you use, such as a mobile phone and a laptop, and to make decisions about the advertisements you see based on it. If you would like more information about this practice and to learn how to opt out of it in desktop and mobile browsers on the particular device on which you are accessing this Privacy Policy, please visit and

Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, language, and browser type and version. We use this information to ensure that the Site functions properly.

Your IP address is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Site, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Services. We may also derive your approximate location from your IP address.

We use third-party analytics services, such as Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help us analyze how users use the Site and enhance your experience when you use the Service. For more information on how Google uses this data, go to You may also download the Google Analytics opt-out browser add on, available here.

Site Visitors

To simply browse our Site, you are not required to provide any Personal data. However, we may gather information from cookies and similar technologies, as described directly above, for the purposes of monitoring and improving our Site and understanding and improving the effectiveness of our advertising.

Site Users

To gain full access to our Site and Services, you must register for a pentestIQ account. When you register for an account, we collect Personal data such as the following:


Our Site and Services are directed to the general public. We do not knowingly collect Personal data from children under 13 years of age.


We may use Personal data in a manner that is consistent with this Privacy Policy for our legitimate business interests, including to respond to your inquiries and fulfill your requests, complete your transactions, provide you with customer service, send administrative information to you, and to personalize your experience on the Site and Services. We may also use Personal data and other information collected through the Site or Services to help us improve the content and functionality of the Site and Services, to better understand our users and to improve the Site and Services. We may use this information to contact you in the future to tell you about services we believe will be of interest to you. This use will always be conducted in adherence of the Privacy Shield Principles. Information regarding how to opt-out of marketing communications is provided in Section 4 (“Choice and opt-out”) below.

We may use and disclose information that is not Personal data for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine non-Personal data with Personal data. If we do, we will treat the combined information as Personal data as long as it is combined.

We will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete and current for as long as long as we retain it. We will not use the Personal Data for a purpose that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We will also retain Personal Data about you in a form identifying or making you identifiable only for as long as it serves a purpose of the data processing.

3. Sharing and disclosure of information

We may disclose your Personal data for the purposes described in this Privacy Policy, including to third party service providers who provide services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services. We maintain contracts with these service providers and other third parties described above, which restrict their use and disclosure of Personal Data. pentestIQ is accountable for the Personal Data we receive under the Privacy Shield that we may transfer to third parties, unless we prove that we are not responsible for an event giving rise to the harm.

We may disclose your Personal data to law enforcement, government officials, or other third parties if we believe necessary or appropriate: (i) to respond to a subpoena, court order or other legal process, (ii) to comply with laws, statutes, rules or regulations, (iii) to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our Terms of Service.

In addition, in the event of a merger, acquisition, reorganization, bankruptcy, or other similar events, any information in our possession may be transferred to our successor or assign.

4. Choice and opt-out

We may occasionally email you with information about offers or new services. You can opt-out of these marketing email communications by replying with unsubscribe in the subject line, or via an unsubscribe link included in such communications. However, you will continue to receive certain email communications related to your account including information regarding transactions and your relationship with pentestIQ.

In accordance to the Privacy Shield Frameworks, you have the right to access, correct or delete your personal data. In case you would like to do so, please contact us via Additionally, you may contact us to discuss specific options to limit the use and disclosure of your personal data. Please bear in mind however, that some data might be required to make use our services.

5. Protection of information

Although no data transmission can be guaranteed to be 100% secure, we take reasonable steps to protect Personal data. pentestIQ maintains reasonable administrative, technical, and physical procedures to protect information stored in our servers, which are located primarily in the United States.

6. Changes and notifications

This Privacy Policy was last updated on the date indicated above. We reserve the right, in our sole and absolute discretion, to make changes to this Privacy Policy from time to time consistent with the Privacy Shield’s requirements. Please review this Privacy Policy periodically to check for updates. Any changes will become effective when we post the revised Privacy Policy on the Site. Your use of the Site or Services following these changes means that you accept the revised Privacy Policy.

7. Jurisdictional disclosures

The Site and Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. As mentioned above, in some cases, we might be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Your Personal data may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Site and Services you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal data.

8. Access to information; Contact us

If you have a pentestIQ account, you can update your account information by signing into your account. You also can update your Personal data by contacting us as specified below. We will take reasonable steps to update or correct Personal data in our possession that you have previously submitted via the Site or Services. Please also feel free to contact us at if you have any questions about our Privacy Policy or information practices as well as for other inquiries or complaints.

You may revoke your consent to the processing of your data at any time by sending an email to You may ask us at any time for information about any personal data we hold about you, or ask us to correct or delete that information.

We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to Personal Data received or transferred pursuant to the Frameworks.