Privacy Policy

Last updated: March 21, 2026

1. Information We Collect

We collect the following information when you use AgentScan:

• Account information: Email address and hashed password when you register.
• Scan data: Target URLs, agent responses, and vulnerability results from scans you initiate.
• Usage data: API request logs, timestamps, and scan metadata for service operation.
• Payment information: Billing is processed by Stripe. We do not store credit card numbers.

2. How We Use Your Information

• To provide and operate the scanning service.
• To enforce usage quotas and rate limits.
• To generate scan reports and vulnerability assessments.
• To process payments and manage subscriptions.
• To detect and prevent abuse of the Service.

3. Data Storage and Security

Your data is stored on servers hosted by Hetzner in Germany (EU). We implement industry-standard security measures including:

• Passwords hashed with Argon2id.
• API keys stored as HMAC-SHA256 hashes (never in plaintext).
• All connections encrypted with TLS.
• SSRF protection on all outbound requests.

4. Data Sharing

We do not sell, trade, or share your personal data or scan results with third parties, except:

• Stripe: For payment processing (email and subscription data).
• Legal requirements: When required by law or to protect our rights.

5. Data Retention

Scan results are retained in your account until you delete them. Account data is retained while your account is active. Upon account deletion, all associated data is permanently removed within 30 days.

6. Your Rights

You have the right to:

• Access your personal data via the dashboard and API.
• Delete individual scan results at any time.
• Request full account and data deletion.
• Export your scan data in JSON format via the API.

7. Cookies

We use strictly necessary cookies for authentication (session tokens). We do not use tracking cookies, analytics, or third-party advertising cookies.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date.

9. Contact

For privacy-related questions or data requests, contact us at contact@agentscan.sh.