Privacy Policy for CyberSanctus

Effective Date: 2nd December 2024

CyberSanctus, under the legal name CST NETWORK SECURITY SERVICES LTD., is committed to protecting the privacy and security of our users. This Privacy Policy outlines how we collect, use, and handle your personal data when you interact with our services, including our SaaS solution, CodeHound.

1. Information We Collect

a. Account Registration Data

When you register an account on cybersanctus.com, we collect the following data:

Required Information: Email address
Optional Information: Name, Occupation, Title, and Workplace (if provided)

b. Vulnerability Scans

When using CodeHound to scan your submitted code:

Submitted Code: The code is temporarily processed and never stored permanently on our servers.
Scan Reports: Reports are uploaded to Firebase with a unique link for user access. If you prefer not to have reports uploaded, you can contact us at info@cybersanctus.com for accommodations.

2. How We Use Your Data

a. To Provide Services

We use your data to:

Facilitate account registration and sign-ins.
Perform code vulnerability scans and generate reports.

b. Communication

We may use your email to:

Send essential service updates.
Respond to inquiries or support requests.

3. Cookies and Session Handling

We use cookies to enhance your experience and maintain the functionality of our platform.

a. Essential Cookies

JWT Cookie: Used for authentication and stored on your browser. It expires after 30 days.

b. Third-Party Cookies

The following third-party services may impose cookies:

Intercom: Used as a help desk tool (stores your email only).
Stripe: For secure payment processing. Stripe is PCI DSS compliant.

4. Data Confidentiality

a. Submitted Code

Code submitted for scans is processed within an isolated Docker instance.
The instance is destroyed immediately after the scan (typically within 60-120 seconds).
Snippets of code may be shared with OpenAI via API for generating audit findings and remediation details. OpenAI is subject to strict confidentiality obligations.

b. Scan Reports

Reports may include snippets of vulnerable code but never the entire code.
Reports are stored on Firebase for user access. Contact info@cybersanctus.com if you prefer alternative storage arrangements.

We do not sell your data to data brokers or share it with partners.

5. Data Retention and Deletion

a. Data Retention

We retain your personal data for as long as you have an account with us.

b. Data Deletion

You may permanently delete your account and associated data by:

Navigating to the Profile Page on the dashboard.
Clicking the "Delete Account" button. Once deleted, all associated data is permanently removed from our systems.

6. Legal Disclosures

CyberSanctus may disclose user data in the following circumstances:

Law Enforcement: In response to valid legal requests, such as a court order or warrant.
Business Transfers: If CyberSanctus is acquired or merges with another company, user data may be transferred as part of the transaction.

7. Security Measures

We implement strict security measures to protect user data, including:

Secure processing of code in isolated environments.
Data encryption in transit and at rest.
Compliance with industry best practices for handling sensitive information.

8. Your Rights

As a user, you have the following rights:

Access: Request details of the data we hold about you.
Correction: Update or correct any inaccurate information.
Deletion: Delete your account and associated data.
Opt-Out: Opt-out of certain features (e.g., Firebase report storage).

To exercise these rights, contact us at info@cybersanctus.com.

9. Third-Party Services

CyberSanctus utilizes third-party services to enhance our platform:

Intercom: Customer support.
Stripe: Payment processing.
OpenAI: Audit findings and remediation generation. OpenAI adheres to confidentiality obligations to protect user data.
WeLoveAPI: Temporarily integrated on the CodeHound platform to facilitate for DOCX to PDF conversions.

Each third-party provider has its own privacy practices. We encourage you to review their privacy policies.

10. Changes to This Policy

CyberSanctus reserves the right to update this Privacy Policy. Changes will be communicated through our website. Continued use of our services constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Email: info@cybersanctus.com
Legal Name: CST NETWORK SECURITY SERVICES LTD.

CyberSanctus is dedicated to safeguarding your privacy while providing world-class cybersecurity solutions.

Privacy Policy for CyberSanctus

1. Information We Collect​

a. Account Registration Data​

b. Vulnerability Scans​

2. How We Use Your Data​

a. To Provide Services​

b. Communication​

3. Cookies and Session Handling​

a. Essential Cookies​

b. Third-Party Cookies​

4. Data Confidentiality​

a. Submitted Code​

b. Scan Reports​

c. Data Sharing​

5. Data Retention and Deletion​

a. Data Retention​

b. Data Deletion​

6. Legal Disclosures​

7. Security Measures​

8. Your Rights​

9. Third-Party Services​

10. Changes to This Policy​

11. Contact Us​