Legal

Privacy Policy

This Privacy Policy explains how secdit ("we", "us", or "our") collects, uses, shares, and retains personal data when you visit our website or use our services, including the ConfigSentry firewall auditing platform.

1. Scope

This policy applies to our public website, ConfigSentry sign-up and account flows, cookie preferences tool, support channels, and audit, reporting, and billing features where available.

By using our website or services, you acknowledge the practices described in this Privacy Policy.

2. Data Controller and Contact

Data controller: secdit
Contact: support@secdit.com

If you have questions about this Privacy Policy or how your data is handled, please contact us using the details above.

3. Personal Data We Collect

3.1 Account and Contact Data

When you create an account, sign in, contact us, or manage a subscription or purchase, we may collect:

  • Name
  • Email address
  • Account login information and authentication data
  • Account or profile information such as company or organisation name, preferences, and settings
  • Billing, purchase, and transaction information where relevant
  • User support and correspondence records

3.2 Service and Audit Data

When you use ConfigSentry, we may process data that you submit or that is generated while delivering the service, including:

  • Firewall configuration data uploaded or retrieved for analysis, generally only as needed to run the audit
  • Audit findings, scores, reports, and related metadata
  • Identified potential security issues and related review notes
  • Collector, SSH, or appliance connection details you configure
  • Support requests and correspondence

Generally no actual firewall configuration data is stored in the database, but audit results and identified potential security issues may be stored. Audit results can contain sensitive security-related information about your environment. You are responsible for deciding what you submit and for redacting data where appropriate before upload.

3.3 Technical and Usage Data

When you visit our website or use our services, our systems may automatically collect:

  • IP address
  • Browser type and version
  • Operating system and device information
  • Request timestamps
  • Pages viewed and basic navigation data
  • Error logs and security logs

3.4 Cookie and Session Data

We use a small number of browser cookies that are necessary for the site to work properly. These are described in our Cookie Policy.

4. How We Use Personal Data

We use personal data to:

  • Create and manage accounts and logins
  • Provide and operate our website and services
  • Run audits and generate reports
  • Process billing and purchases where applicable
  • Respond to support requests
  • Protect the security and integrity of our systems, including fraud prevention and service operation
  • Maintain records and comply with legal obligations

5. Legal Bases

Where GDPR applies, we rely on one or more of the following legal bases:

  • Contract: to provide the service you request and manage your account
  • Legitimate interests: to secure, maintain, and improve our website and services, and to prevent misuse
  • Legal obligation: to comply with laws, tax, accounting, and regulatory requirements
  • Consent: where required for optional cookies or optional communications

6. Sharing of Data

We do not sell personal data.

We may share data with service providers and advisers only where reasonably necessary to operate our business, including hosting, payment processing, email delivery, security monitoring, and professional advisers. We may also disclose data where required by law or to protect our rights, users, or systems.

7. Retention

In general, we keep personal data, account data, audit results, and related records until you delete them from your account or your account is removed, unless we need to retain them longer for legal, security, accounting, fraud-prevention, or dispute-resolution reasons.

Session records are stored server-side and are periodically cleared out. Some operational records, logs, or backups may remain for a limited time as part of our normal systems and recovery processes.

8. Security

We use reasonable technical and organisational measures to protect personal data. No system is completely secure, and we cannot guarantee absolute security.

9. International Transfers

Where personal data is transferred outside the European Economic Area, we use appropriate safeguards where required by law.

10. Your Rights

Depending on where you are located, you may have the right to access your personal data, request deletion or erasure, and request correction of inaccurate or incomplete data where applicable. To exercise those rights, contact us at support@secdit.com or use our contact page.

11. Children

Our website and services are not intended for children, and we do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this policy from time to time. The updated version will be posted on this page when changes are made.

13. Contact

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please use our contact page or email us at support@secdit.com.

Contact Us