Page cover

Privacy Policy

This is the Privacy Policy for catchify's PTaaS System.

Catchify – Privacy Policy

At Catchify, we respect your privacy and are committed to protecting the confidentiality, integrity, and security of your information. This Privacy Policy explains how we collect, use, store, and protect your data when you interact with our services.

1. Information We Collect

We collect only the information necessary to deliver secure, ethical, and efficient penetration testing services:

1.1 Client-Provided Information

  • Full name and contact details (email, phone number, company)

  • Authorized asset details (domains, IP ranges, app URLs)

  • Test accounts (if applicable)

1.2 Automatically Collected Data

  • Audit logs and testing metadata (date/time of access)

  • IP addresses or browser data when using our client portal

2. How We Use Your Information

We use your data solely to:

  • Perform the agreed-upon penetration testing engagement

  • Identify and report vulnerabilities

  • Communicate findings, updates, or follow-up actions

  • Process payments in accordance with the chosen engagement model

  • Comply with legal and regulatory obligations

3. Data Retention

  • Sensitive credentials or access tokens are stored securely and deleted immediately after the engagement ends.

  • Reports and client communication are retained for a period of [12 months] for record keeping, unless otherwise requested by the client.

4. Sharing and Disclosure

We do not sell, trade, or rent your personal or system data.

We may share information only:

  • With your explicit written consent

  • With authorized team members bound by confidentiality agreements

  • When legally required by competent authorities

5. Data Security

We take security seriously. Measures include:

  • Encryption at rest and in transit

  • Role-based access control (RBAC)

  • Secure credential handling

  • Regular internal audits and secure development practices

6. Your Rights

You have the right to:

  • Request access to your stored data

  • Request correction or deletion of your data

  • Withdraw consent for future processing

  • Request secure deletion of reports after engagement closure

For any of the above, contact us at [email protected]

7. Cookies and Authentication

Catchify may use minimal cookies to:

  • Authenticate user sessions

  • Improve performance and user experience

No tracking or advertising cookies are used.

8. Third-Party Services

Catchify may integrate with third-party platforms such as Jira to streamline issue tracking and reporting processes. These integrations are used only to:

  • Report validated vulnerabilities directly into client-managed Jira projects (when authorized)

  • Automate secure communication of technical findings

  • Enhance client remediation workflows

We do not share client data with third-party services without explicit written consent. All integrations are limited in scope, use secure API connections, and follow best practices for access control and data minimization.

9. Changes to This Policy

Catchify may update this Privacy Policy periodically. Material changes will be communicated via email or our website.

10. Contact

For questions or privacy-related requests, please contact:

Catchify Security Services Email: [email protected] Website: www.catchify.sa

PreviousTerms and Conditions

Last updated