Data Privacy
Detectify handles customer data responsibly and in compliance with GDPR and other applicable data protection regulations. This page describes how we collect, process, store, and protect your data.
GDPR Compliance
Detectify acts as a data processor when processing data on behalf of customers. We are fully compliant with the General Data Protection Regulation (GDPR), including:
- Lawful basis for processing — We process data based on contractual necessity and legitimate interest
- Data minimization — We collect and process only the data necessary to deliver our services
- Data subject rights — We support customers in fulfilling data subject access, deletion, and portability requests
- Data Processing Agreement (DPA) — Available for all customers through the Detectify Trust Center
Data We Collect
Scan Data
When Detectify scans your assets, it collects:
- HTTP requests and responses exchanged during scanning
- Discovered URLs, parameters, and form fields
- Vulnerability evidence (the specific request/response that confirmed a finding)
- Technology fingerprints detected on your assets
Account Data
- User names and email addresses
- Authentication data (password hashes, SSO tokens)
- Activity logs and audit trails
Attack Surface Data
- Domains, subdomains, and IP addresses
- DNS records
- SSL/TLS certificate information
- Open ports and running services
Data Storage
Data Centers
All customer data is stored in Amazon Web Services (AWS) data centers in the European Union (EU). AWS provides:
- Physical security and access controls
- Environmental controls (power, cooling, fire suppression)
- Compliance certifications (SOC 2, ISO 27001, and others)
Encryption
| State | Method |
|---|---|
| In transit | TLS 1.2 or higher for all connections |
| At rest | AES-256 encryption for all stored data |
Data Retention
- Scan data is retained according to your account’s retention period, which is configurable
- Vulnerability findings are retained for the duration of your subscription plus a grace period
- Account data is retained for the duration of your subscription
- Data after subscription end — Upon request, all customer data can be deleted after subscription termination
Data Sharing
Detectify does not sell customer data. Data is shared only with:
- Sub-processors that are necessary to deliver our services (listed on the Trust Center)
- Law enforcement only when required by law
A current list of sub-processors is maintained on the Detectify Trust Center .
Your Rights
Under GDPR, you have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request deletion of your data
- Request data portability
- Object to processing
- Withdraw consent
To exercise any of these rights, contact Detectify at privacy@detectify.com or through the dashboard support channel.
Data Processing Agreement
A Data Processing Agreement (DPA) is available to all customers and can be obtained through the Detectify Trust Center or by contacting your account representative.