SecurityWall Logo
Legal Information

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, protect, and handle your personal information.

Last Updated: November 26, 2025

Information We Collect

We collect information that you provide directly to us, including:


  • Contact Information: Name, company name, email address, company website.
  • Assessment Data: Information about your systems, applications, and infrastructure during security assessments
  • Payment Information: Billing details for invoicing and wire transfer processing
  • Communication Data: Records of your interactions with our team, support tickets, and consultation notes
  • Usage Data: Information about how you use our services and platforms

    • We collect this information when you request services, instant demos, create an account, communicate with us, or engage with our platforms.

    How We Use Your Information

    We use the information we collect to:


  • Provide Services: Deliver security assessments, penetration testing, and compliance services
  • Communication: Respond to inquiries, provide support, and send service-related updates
  • Improvement: Enhance our services, develop new features, and improve user experience
  • Security: Protect against fraud, unauthorized access, and other security threats
  • Compliance: Meet legal obligations and regulatory requirements
  • Marketing: Send relevant security insights, updates, and service information (with your consent)

    • We process your data lawfully, transparently, and only for legitimate business purposes.

    Data Security & Protection

    We implement robust security measures to protect your information:


  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Strict role-based access controls with mandatory two-factor authentication (2FA) on SLASH Platform
  • Secure Infrastructure: Data hosted on SOC 2 compliant cloud infrastructure
  • Regular Audits: Internal and external security audits and penetration testing
  • Employee Training: All team members undergo security awareness and confidentiality training
  • Incident Response: 24/7 monitoring and rapid incident response procedures
  • Data Minimization: We only collect and retain data necessary for service delivery

    • Your security is our top priority, and we apply the same rigorous standards to our own systems.

    Data Sharing & Disclosure

    We do not sell your personal information. We may share your data only in these circumstances:


  • Service Providers: Trusted third-party vendors who assist in service delivery (cloud hosting infrastructure)
  • Legal Requirements: When required by law, subpoena, or legal process
  • Business Protection: To protect our rights, property, or safety and that of our clients
  • With Your Consent: When you explicitly authorize us to share information
  • Business Transfers: In the event of a merger, acquisition, or sale of assets (with privacy protections maintained)

    • All third parties are bound by strict confidentiality agreements and data protection requirements.

    Third-Party Integrations

    When you connect SLASH to third-party services (like Slack or Jira), SLASH sends data FROM your SLASH account TO those services. Here's what happens:


    How It Works:

    When you enable an integration, SLASH automatically sends specific data to the connected service. This data flows FROM SLASH TO the third-party service (not the other way around).


  • Slack Integration:

    • - What Data is Sent: When vulnerabilities are found or pentest status changes, SLASH sends this information TO your Slack channels:

    - Vulnerability titles and descriptions

    - Severity levels (Critical, High, Medium, Low)

    - Status changes (e.g., "New", "In Progress", "Resolved")

    - Pentest progress updates

    - Report publication notifications

    - Comments added to vulnerabilities

    - Where It Goes: This data appears as messages in your configured Slack channels

    - Purpose: To notify your team in real-time about security findings

    - You Control: You choose which events trigger notifications and which Slack channels receive them. You can disconnect anytime.

    - Third-Party Privacy: Once data is sent to Slack, it's subject to Slack's privacy policy (https://slack.com/privacy-policy)


  • Jira Integration:

    • - What Data is Sent: When vulnerabilities are discovered, SLASH automatically creates Jira issues and sends this data TO your Jira instance:

    - Vulnerability titles and descriptions

    - Severity levels and CVSS scores

    - Remediation steps and recommendations

    - Pentest metadata (project name, dates, etc.)

    - Status updates when vulnerabilities change state

    - Where It Goes: This data becomes Jira issues/tickets in your Jira project

    - Purpose: To automatically create and track vulnerability remediation tasks in your project management system

    - You Control: You configure how issues are created (as Stories, Epics, Tasks, or Bugs) and can disconnect anytime

    - Third-Party Privacy: Once data is sent to Jira, it's subject to Atlassian's privacy policy (https://www.atlassian.com/legal/privacy-policy)


  • Data Security: All data sent to integrations is encrypted during transmission (TLS/SSL). We only send the minimum data needed for the integration to work.

  • Stopping Data Sharing: You can disconnect any integration anytime in SLASH settings. Once disconnected, we stop sending new data. However, data already sent to Slack or Jira will remain there according to their retention policies.

  • Your Responsibility: You're responsible for ensuring your organization's data policies allow sharing security data with these third-party services.

    • Your Rights & Choices

    You have the following rights regarding your personal information:


  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request your data in a portable format
  • Opt-Out: Unsubscribe from marketing communications at any time
  • Restriction: Request limitation of processing in certain circumstances
  • Object: Object to processing based on legitimate interests

    • To exercise these rights, contact us at [email protected]. We will respond within 30 days.

    Data Retention

    We retain your information only as long as necessary:


  • Active Engagement: During the course of service delivery and engagement
  • Assessment Records: Security assessment data retained for 7 years (industry standard and compliance requirements)
  • Certificates: Certificate records maintained indefinitely for verification purposes
  • Communication: Customer communication retained for 3 years
  • Legal Requirements: Some data retained longer when required by law or regulation

    • After retention periods, data is securely deleted or anonymized.

    Data Storage Policy

    SecurityWall stores Customer Data in accordance with industry best practices and compliance requirements:


  • Storage Infrastructure: Customer Data is stored on SOC 2 Type II compliant cloud infrastructure with enterprise-grade security controls
  • Geographic Locations: Data is primarily stored in secure data centers located in the United States. Specific locations are disclosed in service agreements
  • Encryption at Rest: All Customer Data is encrypted at rest using AES-256 encryption standards
  • Encryption in Transit: All data transmission uses TLS 1.2 or higher protocols
  • Access Controls: Data access is restricted through role-based access controls (RBAC) with mandatory multi-factor authentication (MFA)
  • Backup and Redundancy: Regular encrypted backups are maintained with geographic redundancy to ensure data availability and disaster recovery
  • Data Segregation: Customer Data is logically segregated and isolated to prevent unauthorized access between customer environments
  • Infrastructure Security: Our cloud infrastructure providers maintain certifications including SOC 2, ISO 27001, and other relevant security standards
  • Monitoring and Logging: All data access and storage activities are logged and monitored for security and compliance purposes

    • We ensure that Customer Data storage complies with applicable data protection laws and industry regulations.

    Data Archival/Removal Policy

    SecurityWall will remove Customer Data in accordance with the following policy:


  • Upon Request: Customer Data will be removed within 30 days of receiving a valid deletion request, subject to legal retention requirements
  • Request Process: Deletion requests must be submitted in writing to [email protected] with verification of account ownership
  • Retention Exceptions: Certain data may be retained longer when required by:

    • - Legal obligations (e.g., court orders, regulatory requirements)

    - Legitimate business interests (e.g., dispute resolution, fraud prevention)

    - Industry standards (e.g., security assessment records retained for 7 years)

    - Contractual obligations with customers


  • Deletion Methods: Upon removal, Customer Data is:

    • - Permanently deleted from active systems within 30 days

    - Removed from backup systems within 90 days (backup rotation cycle)

    - Securely overwritten to prevent recovery

    - Verified through deletion audit logs


  • Archival Process:

    • - Data may be archived (moved to secure, encrypted long-term storage) before final deletion if required for legal or compliance purposes

    - Archived data remains encrypted and is only accessible for legal or regulatory purposes

    - Archived data is subject to the same retention periods and will be permanently deleted upon expiration


  • Third-Party Data: Data shared with third-party integrations (Slack, Jira) will be removed from our systems per this policy, but may remain in those third-party services according to their retention policies

  • Certificate Data: Certificate records are maintained indefinitely for verification and audit purposes, but can be anonymized upon request

  • Confirmation: Upon completion of data removal, we will provide written confirmation to the requesting party

    • For specific data removal requests or questions about our archival process, contact [email protected].

    International Data Transfers

    SecurityWall operates globally, and data may be transferred internationally:


  • We ensure appropriate safeguards for international transfers
  • Data transferred to countries with adequate data protection laws
  • Standard contractual clauses used where applicable
  • GDPR and international privacy law compliance maintained

    • Your data receives the same level of protection regardless of location.

    Updates to Privacy Policy

    We may update this Privacy Policy periodically:


  • Material changes will be communicated via email or website notice
  • Continued use of services after changes constitutes acceptance
  • Previous versions available upon request
  • Last updated: November 2025

    • We encourage you to review this policy regularly.

    Contact Us

    For privacy-related questions or to exercise your rights:


    Email: [email protected]

    Phone: +1 307 393 9425

    Mail: SecurityWall, Sheridan, WY


    Data Protection Officer: Available for GDPR and privacy inquiries


    We're committed to protecting your privacy and will respond to all inquiries promptly.

    Questions About Privacy?

    We're here to help. Contact our support team for any questions or concerns.