Privacy Policy - RedTeamKit

1. Introduction

Welcome to RedTeamKit. We are committed to protecting your privacy and handling your data with care and transparency. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our security testing services.

By using RedTeamKit's services, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use our services.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using our services:

Contact Information: Name, email address, company name, and phone number when you fill out our contact form or request a security audit.
Project Information: Application URLs, technical documentation, API endpoints, and other details necessary to perform security testing.
Payment Information: Billing details processed securely through third-party payment processors (we do not store credit card information).
Communication Data: Messages, feedback, and correspondence you send to us via email or contact forms.

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain technical information:

Usage Analytics: Pages visited, time spent on site, browser type, device information, IP address, and referring URLs.
Cookies and Similar Technologies: Session data, preferences, and anonymized analytics (see Section 8 for details).

2.3 Security Testing Data

During security engagements, we may collect:

Application screenshots and behavior logs
Network traffic samples (anonymized)
Vulnerability scan results
Test credentials provided by you (securely stored and deleted post-engagement)

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 To Provide Our Services

Perform security audits and penetration testing on your applications
Generate detailed security reports and recommendations
Communicate about project status, findings, and deliverables

3.2 To Improve Our Services

Analyze usage patterns to enhance website functionality
Develop better testing methodologies and tools
Train our AI models on anonymized, non-sensitive data

3.3 To Communicate With You

Respond to inquiries and support requests
Send project updates and security notifications
Provide information about our services (you can opt out of marketing emails)

3.4 Legal and Security Purposes

Comply with legal obligations and regulatory requirements
Protect against fraud, abuse, and security threats
Enforce our Terms of Service

4. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy and comply with legal obligations.

Standard Retention Period:

Contact Information: Kept for 2 years from last interaction
Security Testing Data: Kept for 2 years for potential follow-up engagements and verification
Reports and Deliverables: Kept for 2 years or as agreed in the contract
Financial Records: Kept for 7 years to comply with tax regulations

Deletion Requests: You may request deletion of your personal data at any time by contacting us at hello@redteamkit.com. We will delete your information within 30 days unless we are legally required to retain it.

5. Third-Party Sharing

We do not sell, trade, or rent your personal information to third parties. We only share information with trusted partners who assist us in operating our services:

5.1 Service Providers

Payment Processors: Stripe, PayStack (for secure payment processing)
Email Services: Postmark, SendGrid (for transactional emails)
Analytics: Plausible Analytics (privacy-focused, GDPR-compliant)
Cloud Infrastructure: AWS, DigitalOcean (for data storage and processing)

5.2 Legal Requirements

We may disclose your information if required by law, court order, or to:

Comply with legal processes or government requests
Protect the rights, property, or safety of RedTeamKit, our clients, or others
Investigate fraud, security breaches, or violations of our Terms of Service

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

6. Data Security

We implement industry-standard security measures to protect your information:

Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
Access Control: Role-based access, multi-factor authentication for team members
Regular Audits: We practice what we preach—our own systems undergo regular security reviews
Secure Infrastructure: Data stored in SOC 2 Type II certified data centers
Data Minimization: We only collect and retain data necessary for our services

Important: While we use best-in-class security practices, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but we continuously work to protect your data.

7. Your Rights

You have the following rights regarding your personal information:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal data (subject to legal retention requirements)
Portability: Request a copy of your data in a structured, machine-readable format
Objection: Object to processing of your data for marketing purposes
Restriction: Request restriction of processing under certain circumstances
Withdraw Consent: Withdraw consent for data processing at any time

To exercise any of these rights, contact us at hello@redteamkit.com. We will respond within 30 days.

8. Cookies and Tracking

We use minimal, privacy-respecting cookies to improve your experience:

8.1 Essential Cookies

Required for the website to function (session management, security).

8.2 Analytics Cookies

We use Plausible Analytics, a privacy-focused analytics tool that does not use cookies, does not track users across sites, and is GDPR-compliant. All data is anonymized and aggregated.

8.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

Update the "Last Updated" date at the top of this page
Notify you via email if you are an active client
Post a notice on our website homepage

Continued use of our services after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out:

Get In Touch

Email: hello@redteamkit.com
Website: redteamkit.com

We aim to respond to all privacy inquiries within 48 hours.