Privacy Policy

Privacy Policy

Last updated 2026-07-09.

What we collect

To create an account: your email address, an optional name, and a password (stored as a salted Argon2 hash — we never store or can recover your plaintext password). To operate the service: your IP address is used transiently for rate-limiting abuse (signups, login attempts), and is not retained beyond that purpose.

Build session data (cloud tier)

If you use the cloud-hosted detection tier, execve telemetry from your build sessions is processed in real time to produce findings, which are streamed live to your account's dashboard. This data is not persisted on our side: if no one is connected to view a finding when it fires, it is not queued, stored, or retained — it is simply not seen. We do not use your build session content for any purpose other than producing your own findings.

On-prem deployments don't send build session data to us at all — detection runs entirely within your own infrastructure.

What we don't do

  • We do not sell your data.
  • We do not share build session content with third parties.
  • We do not use your data to train models without a separate, explicit agreement.

Where data is processed

Our infrastructure is hosted in Switzerland.

Retention

Account records (email, hashed password, license and billing history) are retained for as long as your account is active, plus a reasonable period afterward for legal and accounting purposes. Audit log entries recording account and license actions (signup, license issuance, suspension, etc.) are retained indefinitely for security and support purposes. Cloud-tier build session findings are not retained at all, per above.

Your rights

You can request a copy of your account data, or request deletion of your account, by emailing hello@protet.io.

Contact

Questions about this policy: hello@protet.io.