Privacy Policy

Introduction

At CleverMoat ("we," "our," or "us"), we respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our security scanning platform.

Information We Collect

Information You Provide

• Account Information: Name, email address, and password when you create an account
• Payment Information: Billing details for subscription payments (processed securely by our payment providers)

Scan and Monitoring Data

When you use our scanning or monitoring features, we collect:

• Domain names and URLs you submit
• Publicly available technical data (DNS, SSL, Headers)
• Security vulnerability findings
• Email addresses you configure for monitoring
• Breach alert history associated with your domains
• Dark Web Data: We query third-party databases to check if your credentials have been compromised

• Communications: Messages you send us through contact forms or support channels

Information We Collect Automatically

• Usage Data: How you interact with our platform, features used, and scan history
• Device Information: Browser type, operating system, IP address, and device identifiers
• Cookies: We use cookies and similar technologies to enhance your experience

Scan Results and Technical Data

• Security Findings: Technical security data collected from your scanned domains
• SSL/TLS Information: Certificate data, cipher suites, and protocol versions
• DNS Records: Publicly available DNS information for your domains
• HTTP Headers: Security headers and server configuration data
• CMS & Vulnerabilities: Detected software versions and associated CVEs (Common Vulnerabilities and Exposures)
• Reputation Data: Domain reputation status from external threat intelligence feeds

How We Use Your Information

We use your information to:

• Provide and improve our security scanning services
• Process your payments and manage your subscription
• Send you scan results, reports, and service notifications
• Provide customer support and respond to your inquiries
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations and enforce our terms
• Email Services: To send transactional emails and reports (Postmark)
• AI Providers: To generate remediation suggestions (trusted AI providers)
• Security APIs: To perform security scans (SSL Labs, Shodan, NIST NVD, VirusTotal, etc.)
• Cloud Infrastructure: To host our platform (Vercel, PostgreSQL)

Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, property, or safety, or that of our users or the public.

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

Data Security

We implement industry-standard security measures to protect your data:

• All data transmission is encrypted using TLS/SSL
• Passwords are hashed using bcrypt
• Database connections are encrypted and access-controlled
• Regular security audits and updates
• Limited employee access to personal data

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Data Retention

We retain your information for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal obligations (e.g., tax records)
• Resolve disputes and enforce our agreements

Scan results are retained indefinitely unless you delete them. You can delete individual scans or your entire account at any time from your dashboard.

Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request corrections to inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request transfer of your data to another service
• Objection: Object to certain processing of your data
• Restriction: Request limitation of processing in certain circumstances
• Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, please contact us at privacy@clevermoat.com

Cookies and Tracking

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and security
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Understand how you use our platform

You can control cookies through your browser settings, but disabling certain cookies may affect platform functionality.

Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies.

Children's Privacy

CleverMoat is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through a notice on our platform. Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or our data practices, please contact us:

• Email: privacy@clevermoat.com
• Support: support@clevermoat.com
• Website: clevermoat.com/contact