Skip to main content

Terms of service

Usage terms and conditions for Pentest-Tools.com.

Privacy policy

How we collect, use, and protect your personal data.

Security certification

Pentest-Tools.com is ISO 27001 certified. The certification covers the information security management system for the platform and its underlying infrastructure.

Data processing

Data retention

Personal account data is retained for as long as your account is active, and for up to 24 months after it closes. Financial records are kept for 10 years as required by law. For full details, see our privacy policy.

Data deletion

To request deletion of your personal data, contact data.privacy@pentest-tools.com. You can also export your scan data for up to 30 days after account termination.

AI data policy

Our platform includes AI-powered features: the Soft 404 detector, endpoint discovery, and AI-enhanced authentication.

Our AI infrastructure

Our AI features use different models depending on the task:
  • Proprietary models for classification tasks like soft 404 detection, hosted on our own infrastructure (Linode for compute in the UK, Vast.ai for model hosting in EEA datacenters). Data sent to the model is anonymized HTML; the response is a yes/no.
  • Azure-hosted models for browser-based AI features like endpoint discovery and authentication, running within our controlled Azure infrastructure
All infrastructure partners are contractually prohibited from accessing or using your data for any purpose beyond providing the service.

Model training

The foundational models were trained on public data and de-identified scan results. That work is done, and we are not training new models. If we develop AI features that could use your data in the future, we will say so clearly and give you a way to opt out.

Data handling

We do not log or retain your data for AI-related debugging, and there is no retention window for AI processing. Your data is not shared with any party outside the infrastructure needed to run the feature.

About AI accuracy

These AI features don’t generate vulnerability findings. The AI handles scoping: is this a soft 404, where are the endpoints, which element is the login button? The actual findings come from the same testing pipeline regardless. If an AI step fails or gets it wrong, the scan falls back to traditional methods or skips that step.

Responsible disclosure

If you find a security vulnerability in our platform, email security@pentest-tools.com. Include a description of the issue and steps to reproduce it. We follow responsible disclosure practices and will keep you updated on the fix.

Privacy and data requests

For GDPR requests, data deletion, or any other privacy concerns, contact data.privacy@pentest-tools.com.