Privacy Policy

1. Information We Collect

At Justivia, we collect information that you provide directly to us when using our cybersecurity platform, including:

• Name, email address, and business contact information
• Organization name, industry sector, and company size
• Security assessment scope details and target environment information
• Payment and billing information
• Account credentials and authentication data
• Technical data submitted for security scanning (URLs, IP ranges, code repositories)

We also collect technical data automatically, such as:

• IP address, browser type, and device information
• Platform usage logs and session data
• Scan results, vulnerability reports, and remediation activity

2. How We Use Your Information

We use the information we collect to:

• Deliver and operate our cybersecurity services (AI pen testing, vulnerability scanning, code review, identity security)
• Generate security assessment reports and remediation recommendations
• Monitor platform usage and detect abuse or unauthorized access
• Send security intelligence updates, vulnerability advisories, and service notifications
• Process payments and manage subscriptions
• Improve our AI models, detection capabilities, and platform features
• Comply with applicable laws, regulations, and compliance frameworks (GDPR, NIST, ISO 27001)

3. Information Sharing

We do not sell your personal information or security data. We may share information with:

• Trusted infrastructure and cloud service providers (under data processing agreements)
• Payment processors for billing and subscription management
• Law enforcement or regulatory authorities when required by law
• Security incident response teams in the event of a breach affecting your organization

All vulnerability findings, scan results, and security reports generated for your organization are treated as confidential and are never shared with third parties without your explicit consent.

4. Data Security

As a cybersecurity company, we hold ourselves to the highest standards of data protection:

• Data in transit is encrypted using TLS 1.3
• Data at rest is encrypted using AES-256
• Access to customer data is governed by role-based access control (RBAC) and least-privilege principles
• Security assessment data is isolated per customer and purged after the retention period
• We conduct regular internal security reviews of our own platform and infrastructure

5. Data Retention

We retain your account data for the duration of your subscription and for up to 12 months after account closure. Security scan reports and vulnerability data are retained for 90 days by default, or longer if required by your compliance needs. You may request early deletion at any time.

6. Your Rights (GDPR & CCPA)

Depending on your location, you have the right to:

• Access and receive a copy of your personal data
• Correct inaccurate or incomplete data
• Request erasure of your data ("right to be forgotten")
• Restrict or object to processing of your data
• Data portability — receive your data in a machine-readable format
• Withdraw consent at any time for marketing communications
• Lodge a complaint with a supervisory authority (EU/EEA users)

7. Cookies and Tracking

We use strictly necessary cookies for platform authentication and session management. We also use analytics cookies to understand platform usage and improve our services. You may opt out of non-essential cookies via your browser settings.

8. International Data Transfers

Justivia serves organizations in the United States and European Union. Cross-border data transfers comply with GDPR Chapter V requirements, including Standard Contractual Clauses (SCCs) where applicable.

9. Contact Us

For privacy-related requests or questions, contact our Data Protection team: