PRIVACY POLICY
1. INFORMATION WE COLLECT
We collect information you provide directly to us:
- Contact information β name, email, and company name when you book a pentest or contact us
- Payment information β processed securely via Stripe (we never store your full payment details)
- Project details β target domains/IPs, agent types, and scope information required to perform security assessments
- Communication data β emails, DMs, and call notes from consultations
2. HOW WE USE YOUR INFORMATION
- To deliver penetration testing and security audit services
- To communicate about your engagement and deliverables
- To send you security findings and remediation guidance
- To comply with legal and regulatory obligations
- To improve our services and client experience
3. DATA SECURITY
As a cybersecurity professional with 10+ years of experience, I implement industry-leading security measures:
- 256-bit SSL encryption for all data transfer
- Dedicated, isolated pentest environment for client assessments
- No storage of client API keys or credentials after testing
- Access controls on all internal systems
- Regular security audits of my infrastructure
π PENTEST & AUDIT DATA
For clients who engage penetration testing services:
- All client data is handled on a dedicated, isolated pentest laptop
- Audit reports are encrypted and shared via secure channels
- Client data is deleted 90 days after project completion unless retention is required by law
- I never retain client credentials, API keys, or sensitive system information after testing
- Findings are shared only with authorized client representatives
4. YOUR RIGHTS (GDPR & CCPA)
As a user, you have the right to:
- Access β request a copy of your data
- Correct β update inaccurate information
- Delete β request removal of your data
- Opt-out β unsubscribe from communications
- Portability β receive your data in a structured format
For privacy requests, DM @StackOfTruths on X or email info@stackoftruths.com.
5. DATA RETENTION
We retain your information only as long as necessary to provide services or comply with legal obligations:
- Client engagement records: 7 years (tax/legal requirements)
- Pentest reports and findings: 90 days after project completion, then securely deleted
- Communication emails/DMs: 2 years
- Invoices and payment records: 7 years
6. THIRD-PARTY SERVICES
We use trusted third-party services:
- Stripe β payment processing for pentest services
- Hostinger β website hosting
- Tailscale β secure remote access for infrastructure
- X (Twitter) β social media presence and client communication
Each service has its own privacy policy and data handling practices.
7. CONFIDENTIALITY
All pentest findings, reports, and client information are treated as strictly confidential. I do not:
- Share client identities or findings without written permission
- Publish case studies without explicit client consent
- Discuss client engagements publicly
An NDA can be signed before any engagement upon request.
8. COOKIES
Our website uses essential cookies for functionality. No tracking or analytics cookies are used.
9. CHANGES TO THIS POLICY
We may update this privacy policy occasionally. The latest version will always be posted here with the effective date.
10. CONTACT US
For privacy questions or requests:
- X: @StackOfTruths
- Email: info@stackoftruths.com
- Address: Keurenplein 41, 1069CD Amsterdam, Netherlands
KVK: 94992266 | Location: Amsterdam, Netherlands
