Legal

Privacy Policy

Last updated: 20 June 2026

This Privacy Policy explains how TrueBreach ("we", "us") collects, uses, and protects information when you visit our website or use our security-testing services (the "Services").

1. Information we collect

  • Contact information you provide - name, email, company, and message - when you request a test, join the waitlist, or contact us.
  • Engagement data - information we access under your authorization to deliver the Services, such as configuration, source code, and host state from systems you connect via read-only credentials.
  • Usage data - basic analytics about how visitors use our website (pages viewed, device, and approximate location).

2. How we use information

  • To provide, deliver, and improve the Services and produce findings and reports for you.
  • To respond to your inquiries and communicate about engagements.
  • To maintain the security, integrity, and audit records of the Services.
  • To comply with legal obligations.

3. Engagement data & data minimization

We access engagement data solely to deliver the Services under your authorization, and we collect only what is needed to identify and prove findings. We do not sell engagement data. We retain it only as long as necessary to deliver the engagement and meet legal or contractual obligations, and we will delete it on request, subject to those obligations.

4. How we share information

We do not sell your personal information. We may share information with service providers who help us operate (for example, hosting and email), under confidentiality and data-protection obligations, and where required by law. We do not share your findings with anyone outside your authorized team.

5. Security

We use technical and organizational measures to protect information, including encryption in transit and at rest, least-privilege access controls, and audit logging. No method of transmission or storage is completely secure, but we work to protect your data and continuously improve our controls.

6. Data retention

We keep contact information for as long as needed to provide the Services and for legitimate business purposes, and engagement data as described in Section 3.

7. Your rights

Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal information, and to object to certain processing. To exercise these rights, contact [email protected].

8. International transfers

We may process information in countries other than your own. Where required, we use appropriate safeguards for such transfers.

9. Cookies

Our website may use essential and analytics cookies. You can control cookies through your browser settings. [Add a cookie banner/consent tool if you serve users in regions that require one.]

10. Changes to this policy

We may update this Policy from time to time. We will post the updated version here with a revised "Last updated" date.

11. Contact

Questions about this Policy or your data: [email protected].