Privacy Policy for CyberSanctus
Effective Date: 2nd December 2024
CyberSanctus, under the legal name CST NETWORK SECURITY SERVICES LTD., is committed to protecting the privacy and security of our users. This Privacy Policy outlines how we collect, use, and handle your personal data when you interact with our services, including our SaaS solution, CodeHound.
1. Information We Collect
a. Account Registration Data
When you register an account on cybersanctus.com, we collect the following data:
- Required Information: Email address
- Optional Information: Name, Occupation, Title, and Workplace (if provided)
b. Vulnerability Scans
When using CodeHound to scan your submitted code:
- Submitted Code: The code is temporarily processed and never stored permanently on our servers.
- Scan Reports: Reports are uploaded to Firebase with a unique link for user access. If you prefer not to have reports uploaded, you can contact us at info@cybersanctus.com for accommodations.
2. How We Use Your Data
a. To Provide Services
We use your data to:
- Facilitate account registration and sign-ins.
- Perform code vulnerability scans and generate reports.
b. Communication
We may use your email to:
- Send essential service updates.
- Respond to inquiries or support requests.
3. Cookies and Session Handling
We use cookies to enhance your experience and maintain the functionality of our platform.
a. Essential Cookies
- JWT Cookie: Used for authentication and stored on your browser. It expires after 30 days.
b. Third-Party Cookies
The following third-party services may impose cookies:
- Intercom: Used as a help desk tool (stores your email only).
- Stripe: For secure payment processing. Stripe is PCI DSS compliant.
4. Data Confidentiality
a. Submitted Code
- Code submitted for scans is processed within an isolated Docker instance.
- The instance is destroyed immediately after the scan (typically within 60-120 seconds).
- Snippets of code may be shared with OpenAI via API for generating audit findings and remediation details. OpenAI is subject to strict confidentiality obligations.
b. Scan Reports
- Reports may include snippets of vulnerable code but never the entire code.
- Reports are stored on Firebase for user access. Contact info@cybersanctus.com if you prefer alternative storage arrangements.
c. Data Sharing
- We do not sell your data to data brokers or share it with partners.
5. Data Retention and Deletion
a. Data Retention
We retain your personal data for as long as you have an account with us.
b. Data Deletion
You may permanently delete your account and associated data by:
- Navigating to the Profile Page on the dashboard.
- Clicking the "Delete Account" button. Once deleted, all associated data is permanently removed from our systems.
6. Legal Disclosures
CyberSanctus may disclose user data in the following circumstances:
- Law Enforcement: In response to valid legal requests, such as a court order or warrant.
- Business Transfers: If CyberSanctus is acquired or merges with another company, user data may be transferred as part of the transaction.
7. Security Measures
We implement strict security measures to protect user data, including:
- Secure processing of code in isolated environments.
- Data encryption in transit and at rest.
- Compliance with industry best practices for handling sensitive information.
8. Your Rights
As a user, you have the following rights:
- Access: Request details of the data we hold about you.
- Correction: Update or correct any inaccurate information.
- Deletion: Delete your account and associated data.
- Opt-Out: Opt-out of certain features (e.g., Firebase report storage).
To exercise these rights, contact us at info@cybersanctus.com.
9. Third-Party Services
CyberSanctus utilizes third-party services to enhance our platform:
- Intercom: Customer support.
- Stripe: Payment processing.
- OpenAI: Audit findings and remediation generation. OpenAI adheres to confidentiality obligations to protect user data.
- WeLoveAPI: Temporarily integrated on the CodeHound platform to facilitate for DOCX to PDF conversions.
Each third-party provider has its own privacy practices. We encourage you to review their privacy policies.
10. Changes to This Policy
CyberSanctus reserves the right to update this Privacy Policy. Changes will be communicated through our website. Continued use of our services constitutes acceptance of the updated policy.
11. Contact Us
If you have questions or concerns about this Privacy Policy, please contact us:
- Email: info@cybersanctus.com
- Legal Name: CST NETWORK SECURITY SERVICES LTD.
CyberSanctus is dedicated to safeguarding your privacy while providing world-class cybersecurity solutions.