Effective Date: [9/4/2025]

PrivEsc Labs LLC (“we,” “our,” or “us”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, retain, and safeguard your information when you engage with our services or visit our website.

We may collect the following types of information:

• Contact Information – such as name, email address, phone number, and company details when you request services, proposals, or reports.
   
• Client Data – information you provide during penetration testing engagements, which may include technical details about your systems, applications, and infrastructure.
   
• Website Data – including IP addresses, browser type, and usage statistics (via analytics tools) when you visit our website.
   

We do not collect sensitive personal information (such as financial data, social security numbers, or personal identifiers) unless explicitly required for an engagement and agreed upon in writing.

We use collected information for:

• Delivering penetration testing, red teaming, and security assessment services.
   
• Communicating with you about reports, recommendations, and remediation steps.
   
• Maintaining business operations, invoicing, and legal compliance.
   
• Improving our website and services.
   

We take security seriously. All client data, reports, and sensitive information are stored securely with access restricted to authorized personnel only. Data is encrypted both in transit and at rest.

We do not sell, rent, or trade your information. We may share information only in these limited cases:

• With your consent.
   
• With trusted service providers who assist in delivering our services (under confidentiality agreements).
   
• When required by law, regulation, or legal process.
   

As part of authorized security testing, PrivEsc Labs may perform social engineering assessments to evaluate an organization’s human and procedural defenses. These may include activities such as phishing simulations, phone pretexting, or physical security testing.

• Social engineering engagements are only conducted with prior written authorization from the client.
   
• Any data collected during these engagements (e.g., email responses, login attempts, or interaction logs) is used strictly for evaluating security awareness and resilience.
   
• Personally identifiable information (PII) of client employees is never disclosed publicly and is only shared with authorized client representatives in final reports.
   
• All findings are reported in a way that emphasizes risk and remediation without unnecessary exposure of individual identities.
   

At PrivEsc Labs, we handle sensitive information with the utmost care. To protect both our clients and their data, we retain information only as long as necessary to fulfill the purpose of our engagements or meet legal or contractual obligations.

• Pentesting & Red Team Reports: Final reports and supporting data are retained for up to 180 days after delivery, unless a client requests a longer retention period.
   
• Logs & Technical Data: Network scans, vulnerability logs, and exploit testing data are kept only as long as necessary to generate reports, generally 30–90 days, and are then securely deleted.
   
• Social Engineering & Human Interaction Data: Information collected during authorized social engineering tests is retained solely to produce actionable findings and is anonymized or deleted as soon as possible.
   
• Contractual or Regulatory Requirements: If a client engagement or applicable law requires longer retention (e.g., for compliance purposes), we will securely store data for the required period.
   

All retained information is stored securely and access is limited to authorized personnel. Once the retention period expires, all data is permanently deleted or anonymized to minimize risk.

Depending on your location, you may have rights to access, correct, or request deletion of your personal information. To exercise these rights, please contact us at:
📧 root@privesclabs.com

Our website may contain links to external websites. We are not responsible for the privacy practices or content of those third parties.

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date.

If you have any questions about this Privacy Policy or how we handle your information, contact us at:

PrivEsc Labs LLC
📧 root@privesclabs.com