Privacy Policy

Introduction

At CleverMoat ("we," "our," or "us"), we respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our security scanning platform.

Information We Collect

Information You Provide

• Account Information: Name, email address, and password when you create an account
• Payment Information: Billing details for subscription payments (processed securely by our payment providers)
• Scan Data: Domain names and URLs you submit for security scanning
• Communications: Messages you send us through contact forms or support channels

Information We Collect Automatically

• Usage Data: How you interact with our platform, features used, and scan history
• Device Information: Browser type, operating system, IP address, and device identifiers
• Cookies: We use cookies and similar technologies to enhance your experience

Scan Results and Technical Data

• Security Findings: Technical security data collected from your scanned domains
• SSL/TLS Information: Certificate data, cipher suites, and protocol versions
• DNS Records: Publicly available DNS information for your domains
• HTTP Headers: Security headers and server configuration data

How We Use Your Information

We use your information to:

• Provide and improve our security scanning services
• Process your payments and manage your subscription
• Send you scan results, reports, and service notifications
• Provide customer support and respond to your inquiries
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations and enforce our terms
• Analyze usage patterns to improve our platform
• Send marketing communications (with your consent)

AI and Data Processing

CleverMoat uses artificial intelligence (Claude AI via Anthropic) to generate remediation suggestions. When using AI features:

• Security findings are sent to our AI provider to generate contextual recommendations
• We do not send personally identifiable information to AI providers
• AI-generated suggestions are cached for performance and stored with your scan results
• You can opt out of AI features by using Technical Scan instead of Assessment

Data Sharing and Disclosure

We may share your information with:

Service Providers

• Payment Processors: To process subscription payments securely
• Email Services: To send transactional emails and reports (Postmark)
• AI Providers: To generate remediation suggestions (Anthropic/OpenRouter)
• Security APIs: To perform security scans (SSL Labs, Shodan, etc.)
• Cloud Infrastructure: To host our platform (Vercel, PostgreSQL)

Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, property, or safety, or that of our users or the public.

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

Data Security

We implement industry-standard security measures to protect your data:

• All data transmission is encrypted using TLS/SSL
• Passwords are hashed using bcrypt
• Database connections are encrypted and access-controlled
• Regular security audits and updates
• Limited employee access to personal data

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Data Retention

We retain your information for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal obligations (e.g., tax records)
• Resolve disputes and enforce our agreements

Scan results are retained indefinitely unless you delete them. You can delete individual scans or your entire account at any time from your dashboard.

Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request corrections to inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request transfer of your data to another service
• Objection: Object to certain processing of your data
• Restriction: Request limitation of processing in certain circumstances
• Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, please contact us at privacy@clevermoat.io

Cookies and Tracking

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and security
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Understand how you use our platform

You can control cookies through your browser settings, but disabling certain cookies may affect platform functionality.

Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies.

Children's Privacy

CleverMoat is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through a notice on our platform. Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or our data practices, please contact us:

• Email: privacy@clevermoat.io
• Support: support@clevermoat.io
• Website: clevermoat.io/contact