Privacy Policy

Effective Date: March 9, 2026

Version: 1.3 (Public Release)

01. INTRODUCTION & SCOPE

Moyopal Ltd (trading as "Zentinel", "we", "us", or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, and protect personal data when you use the Zentinel platform, APIs, and remediation tools (the "Service").

02. DATA CONTROLLER

Moyopal Ltd

Company Number: 16288400

Registered Office: England and Wales

Contact: legal@moyopal.io

03. DATA WE COLLECT

  • Account DataName, business email, job title, and authentication credentials (via WorkOS or Google OAuth).
  • Billing DataWe use third-party processors (Dodo Payments). We do not store full credit card numbers on our servers.
  • Usage DataIP addresses, browser types, and interaction logs with our autonomous agents to ensure service stability and security.
  • Scan MetadataDomains and IP ranges submitted for testing.

04. HOW WE USE YOUR DATA

We process your data to:

  • Provide and maintain the Service (Contractual Necessity).
  • Prevent fraud and unauthorized "black-hat" scanning (Legitimate Interest).

AI Improvement & Machine Learning

We use De-identified and Aggregated Data to train our machine learning models and improve the reasoning capabilities of our autonomous security agents. This data is stripped of all identifiers and cannot be linked back to you or your target systems.

05. DATA SHARING & SUB-PROCESSORS

We never sell your personal data. We share data only with essential sub-processors:

  • Infrastructure AWS / Supabase (Encrypted storage).
  • AI Processing Google Cloud Vertex AI (Processing of scan telemetry—no PII shared).
  • Communication AWS SES (Transactional emails).

06. SECURITY SCAN DATA PROTECTIONS

As a security company, we apply "Zero Trust" principles to your scan results:

Isolation

All vulnerability findings are stored with Row-Level Security (RLS).

Encryption

All data is encrypted at rest (AES-256) and in transit (TLS 1.3).

Access

Zentinel employees cannot access your results unless authorized for support.

07. YOUR RIGHTS (UK GDPR / GDPR / CCPA)

Depending on your location, you have the right to:

  • Access & Export: Request a copy of your data in JSON format.
  • Deletion: Request that we "forget" your account and associated logs.
  • Opt-Out: Object to the processing of your data for ML training (where de-identification is not possible).

To exercise these rights, email privacy@moyopal.io.

08. DATA RETENTION

Account & Scan Data

Account Data is retained for the duration of your active subscription. Scan Data is retained for the duration of your subscription plus a 30-day grace period for export. After 30 days of account termination, scan data is cryptographically erased.

09. UK & EEA-SPECIFIC DISCLOSURES

For users in the UK and EEA, we process data in accordance with the UK GDPR and EU GDPR. Where data is transferred outside the UK or EEA, we utilize Standard Contractual Clauses (SCCs) or other valid transfer mechanisms to ensure a level of protection equivalent to local laws.

10. CALIFORNIA-SPECIFIC DISCLOSURES (CCPA)

We do not "Sell" or "Share" personal information for cross-context behavioral advertising. We limit the use of "Sensitive Personal Information" to that which is necessary to perform the Service.

11. CHANGES TO THIS POLICY

We will notify you of material changes via your registered email address at least 30 days prior to the effective date.

12. CONTACT & SUPERVISORY AUTHORITY

For privacy inquiries or to report a data concern:

legal@moyopal.io

If you are located in the UK, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) (ico.org.uk). If you are in the EEA, you may contact your local Data Protection Authority.