Privacy Policy

Last Updated: March 2, 2026

Your privacy matters to us. This Privacy Policy explains what information Reconnity ("we", "us", "our") collects when you use our External Attack Surface Management platform, how we use it, and your choices regarding your data.

This policy applies to our website, web application, APIs, and any other way you interact with our Service.

1. Information We Gather

We collect information in several ways:

• When you sign up: Email, name, organization details
• When you use the platform: Domains you scan, configurations, usage patterns
• When you contact us: Support tickets, feedback, communications
• Automatically: IP address, browser info, access times

2. How We Use Your Information

2.1 Running Your Account

We use your email, name, and organization info to:

• Create and manage your account
• Send important service notifications
• Process payments (for paid plans)

Legal basis: Necessary to provide the service you signed up for.
Kept: While your account exists, plus any legally required period.

2.2 Delivering the Service

We process technical data (IP, browser, device info) to:

• Make the platform work properly
• Secure your account
• Troubleshoot issues

Legal basis: Necessary for service delivery.
Kept: Based on your subscription plan.

2.3 Support and Communication

When you contact us, we keep records to help you effectively and improve our support.

Legal basis: Contract fulfillment and legitimate interest.
Kept: Duration of the support matter plus 2 years.

2.4 Product Updates and Marketing

We may send you product news, security tips, and occasional promotional content. You can unsubscribe anytime.

Legal basis: Legitimate interest (existing customers) or consent (others).
Kept: Until you opt out.

2.5 Making Things Better

We analyze usage patterns (anonymized where possible) to improve features and fix problems.

Legal basis: Legitimate interest in improving our service.
Kept: Anonymized data kept indefinitely; identifiable data deleted when no longer needed.

Retention Summary

Data Type	How Long We Keep It
Account info	While account is active + legal requirements
Scan reports (Free)	30 days
Scan reports (Pro)	6 months
Scan reports (Enterprise)	12 months (customizable)
Support tickets	2 years after resolution
Audit logs	30-365 days by plan

3. Who We Share Data With

We never sell your data. Period.

We work with trusted service providers who help us run the platform:

Provider Type	What They Do	Location
Cloud hosting (AWS)	Stores and processes your data	USA (us-east-1)
Security (Cloudflare)	Protects against attacks, speeds up delivery	Global
Payments (Stripe)	Processes credit card payments	USA/EU
Email delivery	Sends notifications and alerts	USA

All providers are bound by contracts requiring them to protect your data and use it only as we direct.

When We Must Disclose

We may share data if legally required (court order, law enforcement request) or to protect rights and safety. If we're acquired or merge with another company, your data transfers to the new owner - we'll notify you beforehand.

4. Where Your Data Lives

Your data is primarily stored in AWS data centers in the United States (N. Virginia region).

For EU/EEA users, we ensure lawful transfers through:

• Standard Contractual Clauses (SCCs) approved by the EU Commission
• Additional security measures where appropriate
• Working with providers who participate in recognized frameworks

AWS maintains SOC 2, ISO 27001, and other certifications demonstrating their security practices.

5. How We Protect Your Data

Security is our business, so we take it seriously for our own systems too:

• Encryption everywhere: TLS 1.2+ in transit, AES-256 at rest
• Strong password handling: Secure hashing, never stored in plain text
• MFA available: Add an extra layer to your account
• Access controls: Role-based permissions, principle of least privilege
• Monitoring: We watch for suspicious activity 24/7
• Regular testing: We assess our own security regularly

If Something Goes Wrong

In the unlikely event of a data breach affecting you, we'll notify you within 72 hours and work with you to address it.

6. Your Privacy Rights

You have control over your data. Here's what you can do:

• See your data: Request a copy of what we have about you
• Fix mistakes: Correct any inaccurate information
• Delete your data: Ask us to erase your information (with some exceptions for legal requirements)
• Export your data: Get your data in a portable format
• Limit processing: Restrict how we use your data in certain cases
• Object: Say no to processing based on legitimate interest
• Withdraw consent: Change your mind about optional processing anytime

Most of these you can do yourself in Account Settings. For anything else, email [email protected].

7. Cookies

We use only essential cookies to make the platform work:

Cookie	Why	Expires
Session token	Keeps you logged in	7 days or logout
Preferences	Remembers your settings	1 year
Security token	Prevents cross-site attacks	Session

What we don't do:

• No tracking cookies
• No advertising cookies
• No social media pixels
• No selling cookie data

You can block cookies in your browser, but the platform won't work properly without the essential ones.

8. Age Requirement

Reconnity is for business use by adults (18+). We don't knowingly collect data from minors. If you believe a child has created an account, contact us and we'll remove it.

9. Policy Updates

We may update this policy as our practices evolve or laws change. For significant changes, we'll email you at least 30 days before they take effect. The date at the top shows when we last updated.

10. Questions?

Reach out anytime:

© 2026 Reconnity. All rights reserved.
Home  |  Terms of Use  |  Privacy Policy