Privacy Policy

Last updated: April 2026

We wrote this to be readable. No legalese, no dark patterns. Here's exactly what we collect, why, and what we do with it.

No accounts by default

The Door Kicker scan requires only an email address — so we have somewhere to send your report. We don't create a persistent account, we don't store a password, and we don't build a profile on you. Your email is used for report delivery and nothing else.

What we collect

Three things, and only three things: your email address (to deliver your report), the domain you submitted for scanning (to run the scan), and the scan findings (to generate your report). That's the complete list. We don't collect names, phone numbers, or any other personal information beyond what's described here.

Scan data retention

For free Door Kicker scans, all scan data is permanently deleted within 24 hours of report delivery. For paid scans, your report remains available for download for up to 30 days, then it is permanently deleted. We do not archive scan results. Once it's gone, it's gone.

We do not train on your data

Your scan results, your target domain, and any discovered vulnerabilities are never used to train AI models — not ours, not our subprocessors'. We are not in the business of selling data or improving models at your expense.

No tracking

No analytics cookies. No third-party tracking pixels. No retargeting. We don't know who you are before you submit a scan, and we don't try to find out.

Subprocessors

We use a small number of third-party services to operate PenTestedAI. These are the only companies that may touch your data:

Anthropic— AI inference. Your scan data passes through Anthropic's API to generate findings. Subject to Anthropic's data policies, which prohibit training on API inputs by default.

Neon — Database hosting. Scan data is stored here temporarily until deleted per the retention schedule above.

Resend — Email delivery. Used to send your scan report to the email address you provided.

Questions

If you have any questions about this policy or want to request deletion of your data, email us at contact@pentested.ai. We'll respond within 24 hours.