SecurityWall Logo
Legal Information

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, protect, and handle your personal information.

Last Updated: February 5, 2026

Information We Collect

We collect information that you provide directly to us, including:


  • Contact Information: Name, company name, email address, company website.
  • Assessment Data: Information about your systems, applications, and infrastructure during security assessments
  • Payment Information: Billing details for invoicing and wire transfer processing
  • Communication Data: Records of your interactions with our team, support tickets, and consultation notes
  • Usage Data: Information about how you use our services and platforms

    • We collect this information when you request services, instant demos, create an account, communicate with us, or engage with our platforms.

    How We Use Your Information

    We use the information we collect to:


  • Provide Services: Deliver security assessments, penetration testing, and compliance services
  • Communication: Respond to inquiries, provide support, and send service-related updates
  • Improvement: Enhance our services, develop new features, and improve user experience
  • Security: Protect against fraud, unauthorized access, and other security threats
  • Compliance: Meet legal obligations and regulatory requirements
  • Marketing: Send relevant security insights, updates, and service information (with your consent)

    • We process your data lawfully, transparently, and only for legitimate business purposes.

    Data Security & Protection

    We implement robust security measures to protect your information:


  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Strict role-based access controls with mandatory two-factor authentication (2FA) on SLASH Platform
  • Secure Infrastructure: Data hosted on SOC 2 compliant cloud infrastructure
  • Regular Audits: Internal and external security audits and penetration testing
  • Employee Training: All team members undergo security awareness and confidentiality training
  • Incident Response: 24/7 monitoring and rapid incident response procedures
  • Data Minimization: We only collect and retain data necessary for service delivery
  • Integration Security: OAuth tokens for third-party integrations are encrypted at rest using AES-256-GCM. Inbound webhook endpoints are protected with cryptographically generated secret tokens and constant-time signature verification.

    • Your security is our top priority, and we apply the same rigorous standards to our own systems.

    Data Sharing & Disclosure

    We do not sell your personal information. We may share your data only in these circumstances:


  • Service Providers: Trusted third-party vendors who assist in service delivery (cloud hosting infrastructure)
  • Legal Requirements: When required by law, subpoena, or legal process
  • Business Protection: To protect our rights, property, or safety and that of our clients
  • With Your Consent: When you explicitly authorize us to share information
  • Business Transfers: In the event of a merger, acquisition, or sale of assets (with privacy protections maintained)

    • All third parties are bound by strict confidentiality agreements and data protection requirements.

    Third-Party Integrations

    When you connect SLASH to third-party services (like Slack or Jira), data is exchanged bi-directionally between SLASH and those services. Here's what happens:


    How It Works:

    When you enable an integration, SLASH exchanges specific data with the connected service. Both Slack and Jira integrations support bi-directional data flow — SLASH sends vulnerability data to the service, and actions taken in the service sync back to SLASH.


  • Integration for Slack (Bi-Directional):

    • - What SLASH Sends to Slack: When vulnerabilities are found or pentest status changes, SLASH sends this information TO your Slack channels:

    - Vulnerability titles and descriptions

    - Severity levels (Critical, High, Medium, Low)

    - Status changes (e.g., "New", "In Progress", "Resolved")

    - Pentest progress updates

    - Report publication notifications

    - Comments added to vulnerabilities (from the SLASH platform)

    - What Slack Sends to SLASH: When your team interacts with vulnerability notifications in Slack:

    - Status changes made via interactive buttons/dropdowns update the vulnerability status in SLASH

    - Comments submitted via the comment modal are added to the vulnerability in SLASH

    - Thread replies to vulnerability notifications are synced as comments on the vulnerability in SLASH

    - Where It Goes: Outbound data appears as messages in your configured Slack channels. Inbound actions update vulnerability statuses and comments within SLASH.

    - Purpose: To enable your team to receive real-time notifications and take action on security findings directly from Slack

    - You Control: You choose which events trigger notifications and which Slack channels receive them. You can disconnect anytime.

    - User Verification: All actions from Slack are verified by matching the Slack user's email to a SLASH platform user within your organization. Unauthorized users cannot modify data.

    - Authentication: All incoming requests from Slack are verified using Slack's request signing (HMAC-SHA256) with timestamp validation to prevent replay attacks.

    - Third-Party Privacy: Data sent to Slack is subject to Slack's privacy policy (https://slack.com/privacy-policy)


  • Jira Integration (Bi-Directional: SLASH to Jira and Jira to SLASH):

    • - What SLASH Sends to Jira: When vulnerabilities are discovered, SLASH creates Jira issues containing:

    - Vulnerability titles and descriptions

    - Severity levels and CVSS scores

    - Remediation steps and recommendations

    - Pentest metadata (project name, dates, etc.)

    - Status updates when vulnerabilities change state in SLASH

    - Comments added to vulnerabilities in SLASH

    - What Jira Sends to SLASH: When changes occur in Jira, SLASH receives:

    - Status changes on linked Jira issues (mapped back to SLASH vulnerability statuses)

    - Comments added to linked Jira issues (synced as system comments in SLASH)

    - Issue deletion signals (to update sync status in SLASH)

    - Where It Goes: Outbound data becomes Jira issues/tickets in your Jira project. Inbound data updates vulnerability statuses and comments within SLASH.

    - Purpose: To provide bi-directional synchronization between SLASH and your Jira project management system, keeping vulnerability remediation workflows in sync across both platforms.

    - You Control: You configure which Jira project and issue type to use, how statuses map between platforms, and whether comment sync is enabled. You can disconnect anytime.

    - No Jira User Data Stored: SLASH does not store any personally identifiable information about Jira users. We do not store names, emails, or account IDs from Jira. Comments synced from Jira are stored without author attribution to comply with Atlassian's user privacy guidelines.

    - Authentication & Security: The Jira integration uses OAuth 2.0 for secure authorization. All OAuth tokens are encrypted at rest using AES-256-GCM. Inbound webhooks from Jira are authenticated using unique, cryptographically generated secret tokens per client.

    - Audit Trail: All sync operations between SLASH and Jira are logged in an audit trail retained for 90 days, including sync direction, status, and timestamps. No user personal data is included in audit records.

    - Third-Party Privacy: Data sent to Jira is subject to Atlassian's privacy policy (https://www.atlassian.com/legal/privacy-policy). SLASH complies with Atlassian's user privacy developer guidelines and does not store Jira user personal data.


  • Data Security: All data exchanged with integrations is encrypted during transmission (TLS/SSL). OAuth tokens for Jira are encrypted at rest using AES-256-GCM. Webhook endpoints are protected with cryptographically generated secret tokens. We only exchange the minimum data needed for the integration to work.

  • Stopping Data Sharing: You can disconnect any integration anytime in SLASH settings. Once disconnected, we stop sending and receiving new data. Webhook registrations are automatically removed from Jira upon disconnection. However, data already sent to Slack or Jira will remain there according to their retention policies.

  • Your Responsibility: You're responsible for ensuring your organization's data policies allow sharing security data with these third-party services.

    • Your Rights & Choices

    You have the following rights regarding your personal information:


  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request your data in a portable format
  • Opt-Out: Unsubscribe from marketing communications at any time
  • Restriction: Request limitation of processing in certain circumstances
  • Object: Object to processing based on legitimate interests

    • To exercise these rights, contact us at [email protected]. We will respond within 30 days.

    Data Retention

    We retain your information only as long as necessary:


  • Active Engagement: During the course of service delivery and engagement
  • Assessment Records: Security assessment data retained for 7 years (industry standard and compliance requirements)
  • Certificates: Certificate records maintained indefinitely for verification purposes
  • Communication: Customer communication retained for 3 years
  • Legal Requirements: Some data retained longer when required by law or regulation

    • After retention periods, data is securely deleted or anonymized.

    Data Storage Policy

    SecurityWall stores Customer Data in accordance with industry best practices and compliance requirements:


  • Storage Infrastructure: Customer Data is stored on SOC 2 Type II compliant cloud infrastructure with enterprise-grade security controls
  • Geographic Locations: Data is primarily stored in secure data centers located in the United States. Specific locations are disclosed in service agreements
  • Encryption at Rest: All Customer Data is encrypted at rest using AES-256 encryption standards
  • Encryption in Transit: All data transmission uses TLS 1.2 or higher protocols
  • Access Controls: Data access is restricted through role-based access controls (RBAC) with mandatory multi-factor authentication (MFA)
  • Backup and Redundancy: Regular encrypted backups are maintained with geographic redundancy to ensure data availability and disaster recovery
  • Data Segregation: Customer Data is logically segregated and isolated to prevent unauthorized access between customer environments
  • Infrastructure Security: Our cloud infrastructure providers maintain certifications including SOC 2, ISO 27001, and other relevant security standards
  • Monitoring and Logging: All data access and storage activities are logged and monitored for security and compliance purposes

    • We ensure that Customer Data storage complies with applicable data protection laws and industry regulations.

    Data Archival/Removal Policy

    SecurityWall will remove Customer Data in accordance with the following policy:


  • Upon Request: Customer Data will be removed within 30 days of receiving a valid deletion request, subject to legal retention requirements
  • Request Process: Deletion requests must be submitted in writing to [email protected] with verification of account ownership
  • Retention Exceptions: Certain data may be retained longer when required by:

    • - Legal obligations (e.g., court orders, regulatory requirements)

    - Legitimate business interests (e.g., dispute resolution, fraud prevention)

    - Industry standards (e.g., security assessment records retained for 7 years)

    - Contractual obligations with customers


  • Deletion Methods: Upon removal, Customer Data is:

    • - Permanently deleted from active systems within 30 days

    - Removed from backup systems within 90 days (backup rotation cycle)

    - Securely overwritten to prevent recovery

    - Verified through deletion audit logs


  • Archival Process:

    • - Data may be archived (moved to secure, encrypted long-term storage) before final deletion if required for legal or compliance purposes

    - Archived data remains encrypted and is only accessible for legal or regulatory purposes

    - Archived data is subject to the same retention periods and will be permanently deleted upon expiration


  • Third-Party Data: Data shared with third-party integrations (Slack, Jira) will be removed from our systems per this policy, but may remain in those third-party services according to their retention policies

  • Certificate Data: Certificate records are maintained indefinitely for verification and audit purposes, but can be anonymized upon request

  • Confirmation: Upon completion of data removal, we will provide written confirmation to the requesting party

    • For specific data removal requests or questions about our archival process, contact [email protected].

    International Data Transfers

    SecurityWall operates globally, and data may be transferred internationally:


  • We ensure appropriate safeguards for international transfers
  • Data transferred to countries with adequate data protection laws
  • Standard contractual clauses used where applicable
  • GDPR and international privacy law compliance maintained

    • Your data receives the same level of protection regardless of location.

    Updates to Privacy Policy

    We may update this Privacy Policy periodically:


  • Material changes will be communicated via email or website notice
  • Continued use of services after changes constitutes acceptance
  • Previous versions available upon request
  • Last updated: February 2026

    • We encourage you to review this policy regularly.

    Contact Us

    For privacy-related questions or to exercise your rights:


    Email: [email protected]

    Phone: +1 307 393 9425

    Mail: SecurityWall, Sheridan, WY


    Data Protection Officer: Available for GDPR and privacy inquiries


    We're committed to protecting your privacy and will respond to all inquiries promptly.

    Questions About Privacy?

    We're here to help. Contact our support team for any questions or concerns.