Data storage
Data is stored on Linode servers in Europe. Storage includes encrypted disks, access controls, and network segmentation.Data retention
Not all data has the same retention period:- Scan results are deleted based on your retention settings: after 7, 14, 30, 90, 180, or 365 days, or once your total exceeds 100, 500, 1,500, 5,000, or 10,000 scans. Configure this in your account settings.
- Reports are deleted after 30 days.
- Free accounts with no activity for 12 months have their scans and findings removed automatically. Targets and assets are kept.
- Personal account data (name, email, billing records) is kept per our privacy policy.
Data access
A small number of employees can access customer data, limited to what their role requires. All access is logged. Your scan results belong to you. For details on how we work with contracted service providers, see our privacy policy.Data encryption
All communication with the platform uses 256-bit SSL/TLS. Data stored on platform servers is encrypted with AES 256.Security certification
Pentest-Tools.com is certified under ISO/IEC 27001:2022. The certification covers data protection, access management, risk assessment, incident response, physical security, and HR policies. It is validated through the Global Accreditation Cooperation Incorporated (formerly IAF) and renewed annually.Security audits
Pentest-Tools.com runs regular penetration tests on its own infrastructure and applications. An executive summary of the latest report is available on request through support. To report a security vulnerability, email security@pentest-tools.com.Secure development
Code and configuration are peer-reviewed continuously. Security reviews follow OWASP, STIG, and CIS frameworks, applied based on the scope of each change.Related topics
- Where to find our policies: Privacy Policy, Terms of Service, and DPA