Privacy Policy

When you sign up we collect the details needed to run your account, such as your name, work email, organization and the targets you ask us to monitor. We also store authentication data so you can log in securely.

To do its job, CTIScanner collects information that is already public on the internet about the assets you are authorized to monitor, for example domain records, exposed services and leaked credentials appearing in public sources. This intelligence is associated with your tenant.

• to operate the service and present your findings;
• to secure accounts and prevent abuse;
• to communicate with you about the service;
• to improve detection quality and reliability.

We do not sell your data, and we do not hand your intelligence to third parties to store, index or resell. Your findings stay under your control within your tenant.

Data is stored on access-controlled infrastructure and scoped per tenant so that one customer cannot see another customer's data. We apply reasonable technical and organizational measures to protect it, though no system can be guaranteed fully secure.

We keep account and intelligence data for as long as your account is active or as needed to provide the service. You can request deletion of your account data, subject to any legal obligations we have to retain certain records.

Depending on where you are based, you may have the right to access, correct, export or delete your personal data. To exercise these rights, contact us at the address below and we will respond within a reasonable time.

If we make material changes to this policy we will update the date above and, where appropriate, notify you.