Privacy Policy
At FortPilot Pro, safeguarding enterprise security telemetry and user confidentiality is critical to our mission. This Privacy Policy details our data governance practices, telemetry collection boundaries, and adherence to global privacy frameworks including GDPR, CCPA, and ISO/IEC 27001.
1. Information We Collect
We collect information necessary to deliver automated vulnerability scanning, SecOps workflow management, and threat analysis:
- Account & Billing Telemetry: Work email addresses, organization profile data, and encrypted payment tokens processed via verified Stripe merchant connectors.
- Target Target Artifacts: URLs, IP addresses, HTTP response headers, DOM snapshots, and TLS certificate metadata gathered during user-initiated or scheduled vulnerability audits.
- System Audit Logs: Access timestamps, user-agent headers, and RBAC permission changes logged for internal security verification.
2. How We Use Telemetry
Scanned vulnerability data is isolated strictly to your tenant workspace. FortPilot Pro does not sell, trade, or expose your target web artifacts to third-party data aggregators. Our neural AI models process heuristic patterns strictly in-memory or within isolated tenant containers without training global shared models on your proprietary source payloads.
3. Data Residency & Encryption
All customer data is encrypted in transit using TLS 1.3 with strict HSTS enforcement, and at rest using AES-256 block ciphers. Enterprise tenants may elect data residency regions across North America (AWS us-east-1) or the European Union (AWS eu-central-1) to ensure full GDPR sovereignty.
4. Data Retention & Deletion Requests
Scan reports and historical audit records are retained for the duration of an active subscription plan. Tenants may execute permanent data purge requests directly via their workspace settings or by contacting our Data Protection Officer at privacy@fortpilot.io. Purges remove all target metadata across database clusters within 72 hours.