Legal

Privacy Policy

This Privacy Policy explains how secdit ("we", "us", or "our") collects, uses, shares, and retains personal data when you visit our website or use our services, including the ConfigSentry firewall auditing platform.

1. Scope

This policy applies to our public website, ConfigSentry sign-up and account flows, cookie preferences tool, support channels, and audit, reporting, and billing features where available.

By using our website or services, you acknowledge the practices described in this Privacy Policy.

2. Data Controller and Contact

Data controller: secdit
Contact: support@secdit.com

If you have questions about this Privacy Policy or how your data is handled, please contact us using the details above.

3. Personal Data We Collect

3.1 Account and Contact Data

When you create an account, sign in, contact us, or manage a subscription or purchase, we may collect:

  • Name
  • Email address
  • Account login information and authentication data
  • Account or profile information such as company or organisation name, preferences, and settings
  • Billing, purchase, and transaction information where relevant
  • User support and correspondence records

3.2 Service and Audit Data

When you use ConfigSentry, we may process data that you submit or that is generated while delivering the service, including:

  • Raw firewall configuration data uploaded or retrieved for analysis, including temporary encrypted queued payloads where an audit waits for processing
  • Audit findings, scores, reports, and related metadata
  • Identified potential security issues and related review notes
  • Collector metadata and appliance connection details you configure, while locally-entered secrets can remain on the collector host
  • Support requests and correspondence

When an audit can start immediately, raw firewall configuration data is processed in memory for the audit workflow and is then removed from memory after processing. Where an audit is queued, the submitted configuration or prepared audit payload may be stored temporarily in encrypted form until processing begins or the queued item expires. The queue database record stores encrypted payload data and operational metadata only; plaintext firewall configurations are not stored in the database as queue records, and decrypt keys are stored separately from the database on temporary backend storage. Queued payloads and temporary key files are deleted when processing starts or when cleanup removes expired items. If temporary key material is unavailable before processing begins, the queued audit may need to be re-submitted or re-collected. Audit results, scores, report metadata, and identified potential security issues may still be retained as part of audit history or related account records. Those outputs can contain sensitive security-related information about your environment. You are responsible for deciding what you submit and for redacting data where appropriate before upload.

3.3 Technical and Usage Data

When you visit our website or use our services, our systems may automatically collect:

  • IP address
  • Browser type and version
  • Operating system and device information
  • Request timestamps
  • Pages viewed and basic navigation data
  • Error logs and security logs

3.4 Cookie and Session Data

We use a small number of browser cookies that are necessary for the site to work properly. These are described in our Cookie Policy.

4. How We Use Personal Data

We use personal data to:

  • Create and manage accounts and logins
  • Provide and operate our website and services
  • Run audits and generate reports
  • Process billing and purchases where applicable
  • Respond to support requests
  • Protect the security and integrity of our systems, including fraud prevention and service operation
  • Maintain records and comply with legal obligations

5. Legal Bases

Where GDPR applies, we rely on one or more of the following legal bases:

  • Contract: to provide the service you request and manage your account
  • Legitimate interests: to secure, maintain, and improve our website and services, and to prevent misuse
  • Legal obligation: to comply with laws, tax, accounting, and regulatory requirements
  • Consent: where required for optional cookies or optional communications

6. Sharing of Data

We do not sell personal data.

We may share data with service providers and advisers only where reasonably necessary to operate our business, including hosting, payment processing, email delivery, security monitoring, and professional advisers. We may also disclose data where required by law or to protect our rights, users, or systems.

7. Retention

In general, we keep personal data, account data, audit results, and related records until you delete them from your account or your account is removed, unless we need to retain them longer for legal, security, accounting, fraud-prevention, or dispute-resolution reasons. Raw firewall configurations are normally processed in memory for the audit run and removed from memory after processing. Where an audit is queued, the submitted configuration or prepared audit payload may be stored temporarily in encrypted form until processing begins or the queued item expires, after which the queued payload and its temporary key material are deleted during normal processing or cleanup.

Deleting data from the platform normally removes it from the main account workflow and user interface. Some operational records, logs, or backups may remain for a limited time as part of normal security, resilience, and recovery processes.

8. Security

We use reasonable technical and organisational measures to protect personal data. No system is completely secure, and we cannot guarantee absolute security.

Exported report encryption or password protection, where offered, applies to the downloaded report package and should not be read as a statement about every platform-side storage control. If your review requires current deployment, in-transit, or at-rest architecture details, contact secdit directly.

9. International Transfers

Where personal data is transferred outside the European Economic Area, we use appropriate safeguards where required by law.

10. Your Rights

Depending on where you are located, you may have the right to access your personal data, request deletion or erasure, and request correction of inaccurate or incomplete data where applicable. To exercise those rights, contact us at support@secdit.com or use our contact page.

11. Children

Our website and services are not intended for children, and we do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this policy from time to time. The updated version will be posted on this page when changes are made.

13. Contact

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please use our contact page.

Contact Us