RedVeil Security Privacy Policy

Effective Date: January 7, 2026

RedVeil Security, Inc. (“RedVeil,” “we,” “our,” or “us”) is committed to protecting the privacy and confidentiality of information processed in connection with its software-as-a-service platform that provides agentic, AI-powered penetration testing (the “Platform”).

This Privacy Policy describes how RedVeil collects, uses, stores, and protects information when you access or use the Platform. By using the Platform, you agree to this Privacy Policy.

1. Scope and Applicability

This Privacy Policy applies to information processed by RedVeil in connection with the Platform. The Platform is intended for use by organizations and authorized users eighteen (18) years of age or older acting in a business or professional capacity.

2. Information We Collect

RedVeil collects only information necessary to operate the Platform, provide security testing services, and meet legal and contractual obligations.

2.1 Account and Identity Information

  • Name

  • Business email address

  • Company name

  • Job title

  • Authentication credentials

2.2 Platform Operational Data

  • System logs and audit logs

  • Session metadata

  • Platform configuration settings

  • Usage records required for service operation, security, and support

2.3 Testing and Technical Data

  • Systems, applications, domains, IP addresses, and environments submitted for testing

  • Security findings, artifacts, and reports generated by the Platform

2.4 AI Execution Data

  • Inputs and outputs generated during agentic testing workflows

  • Execution metadata required to deliver testing results

2.5 Billing Information

Payment and billing information is processed by third-party payment processors. RedVeil does not store full payment card information.

3. Purpose Limitation and Use of Information

RedVeil uses collected information solely for the following purposes:

  • Providing, operating, and maintaining the Platform

  • Executing penetration testing workflows and generating reports

  • Ensuring platform security, availability, and integrity

  • Responding to support requests and customer inquiries

  • Communicating service-related notices

  • Enforcing contractual terms and preventing misuse

  • Complying with applicable legal, regulatory, and audit obligations

RedVeil does not use Customer Data for advertising, marketing analytics, or unrelated commercial purposes.

4. Agentic AI Systems and Data Use

The Platform performs penetration testing using agentic artificial intelligence systems that autonomously plan, execute, and adapt security testing workflows. Human involvement is limited to initial configuration, scoping, or customer-directed setup.

4.1 No AI Training on Customer Data

RedVeil does not use Customer Data to train, fine-tune, or improve artificial intelligence or machine learning models, whether owned by RedVeil or operated by third parties.

Improvements to RedVeil’s AI systems are developed through internal research and engineering efforts, including synthetic data and controlled testing environments that do not incorporate Customer Data.

4.2 Use of Third-Party Services

RedVeil may utilize third-party services to support infrastructure, processing, or inference necessary for Platform functionality. RedVeil does not intentionally submit Customer Data for model training, dataset creation, or persistent memory.

5. Data Sharing and Disclosure

RedVeil does not sell or rent personal information.

Information may be shared only in the following circumstances:

  • Service Providers: Vendors supporting Platform operations under confidentiality and data protection obligations

  • Legal and Regulatory Requirements: Where required by law, regulation, or legal process

  • Corporate Transactions: In connection with a merger, acquisition, or asset sale, subject to appropriate safeguards

6. Data Retention

RedVeil retains information only for as long as necessary to:

  • Provide the Platform and related services

  • Meet legal, regulatory, audit, and security obligations

  • Resolve disputes and enforce agreements

Following account termination, Customer Data may be deleted, de-identified, or retained in accordance with these purposes and RedVeil’s internal data retention policies.

7. Information Security

RedVeil maintains administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, or destruction.

Security measures are implemented consistent with recognized industry practices and are periodically reviewed and updated based on risk assessments. However, no system can be guaranteed to be completely secure.

8. Individual Rights and Requests

Depending on jurisdiction, individuals may have rights to access, correct, delete, or restrict processing of personal information.

  • California (CCPA/CPRA): Rights to disclosure, deletion, and opt-out of sale or sharing

  • European Economic Area (GDPR): Rights to access, correction, deletion, restriction, objection, and portability

  • United Kingdom (UK GDPR): Rights enforceable through the Information Commissioner’s Office (ICO)

Requests may be submitted to support@redveil.ai. RedVeil will respond in accordance with applicable law.

9. Age Restrictions

The Platform is intended solely for individuals eighteen (18) years of age or older who are authorized to act on behalf of an organization. RedVeil does not knowingly collect personal information from individuals under 18.

10. Changes to This Privacy Policy

RedVeil may update this Privacy Policy from time to time. Material changes will be communicated through the Platform or via email.

11. Contact Information

RedVeil Security, Inc.
131 Continental Dr Suite 305 Newark, DE, 19713 US
support@redveil.ai