GDPR Compliance

Last updated: March 1, 2026

Our Commitment

PentraGuard is committed to protecting the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR). This page outlines how we meet our obligations under the GDPR for users in the European Economic Area (EEA), United Kingdom, and Switzerland.

Lawful Basis for Processing

We process personal data under the following legal bases:

Contract Performance

Processing necessary to provide our penetration testing services, manage your account, process scan requests, and deliver security reports.

Legitimate Interest

Processing for platform improvement, security monitoring, fraud prevention, and analytics — where our interests do not override your fundamental rights.

Consent

Where required, we obtain your explicit consent before processing data — for example, for optional analytics cookies or marketing communications.

Legal Obligation

Processing required to comply with applicable laws, regulations, and legal requests.

Your Rights Under GDPR

If you are located in the EEA, UK, or Switzerland, you have the following rights:

  • Right to Access— Request a copy of the personal data we hold about you
  • Right to Rectification— Request correction of inaccurate or incomplete data
  • Right to Erasure— Request deletion of your personal data (“right to be forgotten”)
  • Right to Restrict Processing— Request that we limit how we use your data
  • Right to Data Portability— Receive your data in a structured, machine-readable format
  • Right to Object— Object to processing based on legitimate interest or direct marketing
  • Right to Withdraw Consent— Withdraw consent at any time where processing is consent-based

To exercise any of these rights, contact us at privacy@pentraguard.com. We will respond within 30 days.

Data Protection Measures

We implement the following measures to protect your data:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access controls with least-privilege principles
  • Regular security assessments and penetration testing of our own systems
  • Employee security training and confidentiality agreements
  • Incident response procedures with breach notification within 72 hours
  • Data processing agreements with all sub-processors

International Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequacy decision.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Account data is retained while your account is active. Scan data retention periods are configurable per your subscription plan. Upon account deletion, personal data is permanently removed within 30 days, except where retention is legally required.

Data Protection Officer

For any GDPR-related inquiries, you may contact our Data Protection Officer at:

PentraGuard Security — Data Protection Officer
Email: dpo@pentraguard.com

Supervisory Authority

If you believe our processing of your personal data violates the GDPR, you have the right to lodge a complaint with your local data protection supervisory authority.