1. Introduction
Welcome to Zentinel ("we," "our," or "us"). We are committed to protecting your personal data and your intellectual property. This Privacy Policy explains how we collect, use, and safeguard your information when you use our automated security auditing services (the "Service").
For the purposes of the UK Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), we act as the Data Controller for your account information and a Data Processor for the source code and applications you submit for scanning.
2. The Data We Collect
We collect the minimum amount of data required to provide our security services:
- Account Data: Name, business email address, GitHub/GitLab username, and authentication tokens (e.g., OAuth tokens).
- Target Data: URLs, IP addresses, and repository links you explicitly authorize us to scan.
- Scan Data: Vulnerability reports, logs, and remediation suggestions generated by our "Strix" engine.
- Usage Data: Information about how you interact with our dashboard (e.g., browser type, login times) to improve system performance.
3. How We Process Your Source Code (Ephemeral Processing)
We understand that your code is your most valuable asset. We adhere to a strict "Scan & Forget" policy:
- Temporary Sandboxing: When you trigger a scan, your code is cloned into an isolated, ephemeral container.
- No Permanent Storage: Once the analysis is complete and the report is generated, the container is destroyed. We do not retain your source code in our persistent databases.
- No AI Training: We do not use your source code, proprietary logic, or discovered vulnerabilities to train, fine-tune, or improve our public Artificial Intelligence models.
4. Legal Basis for Processing
Under UK law, we process your data based on the following legal grounds:
- Performance of Contract: To deliver the security audits and reports you requested.
- Legitimate Interests: To detect fraud, prevent abuse of our scanning engines, and improve the security of our own infrastructure.
- Legal Obligation: To comply with UK laws and regulations.
5. Data Security
We implement enterprise-grade security measures to protect your data:
- Encryption: All data is encrypted in transit via TLS 1.3 and at rest using AES-256 standards.
- Access Control: Access to our backend infrastructure is restricted to authorized personnel via strict Multi-Factor Authentication (MFA).
- Penetration Testing: We regularly stress-test our own systems to ensure they remain secure.
6. International Data Transfers
Zentinel is a global platform. Your data may be processed on secure cloud servers (e.g., AWS, Google Cloud, Oracle) located outside the United Kingdom (e.g., in the US or EU). Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by using UK International Data Transfer Agreements (IDTA) or ensuring the recipient country has an Adequacy Decision from the UK Government.
7. Your Data Protection Rights
Under the UK GDPR, you have the following rights:
- Right to Access: You can request a copy of the personal data we hold about you.
- Right to Erasure ("Right to be Forgotten"): You can ask us to delete your account and all associated data. We will permanently delete your information within 30 days of your request.
- Right to Rectification: You can ask us to correct inaccurate data.
- Right to Restrict Processing: You can ask us to suspend the processing of your data in certain scenarios.
To exercise any of these rights, please contact us at: alvin@moyopal.io.
8. Third-Party Services
Our Service integrates with third-party platforms (e.g., GitHub, GitLab, Slack, Supabase). We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or via a prominent notice on our dashboard.
10. Contact & Governing Law
This policy is governed by the laws of England and Wales. If you have any questions about this Privacy Policy, please contact our Data Protection Officer at: