Privacy Policy

Prowl Security (“Prowl,” “we,” “us”) is operated by Cestulab Co., Limited. We respect your privacy and are committed to protecting your personal data. This policy explains how we collect, use, and safeguard your information when you use our AI-powered security audit platform.

We collect the following types of information:

• Account Information: Name, email address, company name, and role when you create an account or request an audit.
• Domain & Audit Data: The domain(s) you submit for security assessment, verification records, and the resulting audit findings.
• Usage Data: Pages visited, features used, and interactions with the dashboard.
• Device Information: Browser type, IP address, and device identifiers for security and analytics purposes.
• Payment Information: Processed securely by Stripe. We never store credit card numbers on our servers.

We use collected information to:

• Perform security audits on the domains you authorize and deliver reports to you.
• Verify domain ownership before testing begins.
• Send transactional emails: audit confirmations, report delivery notifications, and security alerts.
• Process payments and manage your subscription.
• Maintain the security and reliability of our platform.
• Generate anonymized, aggregate statistics for published research (only with your consent, and never including identifying information).

We do not use your data for advertising, sell your data to third parties, or train AI models on your audit findings.

All security audit findings are delivered privately and exclusively to you. We will not disclose your company name, domain, findings, or any site-specific details to any third party without your explicit written consent. Reports are retained for up to 90 days after delivery, after which they are deleted unless you request otherwise.

When you consent to anonymized research use, only aggregate, non-identifiable statistics are included (e.g., “X% of sites tested were missing DMARC enforcement”). Your domain, company name, IP addresses, and personnel names are never disclosed.

We do not sell your personal information. We may share data with:

• Service providers: Stripe (payments), Google (authentication), Neon (database hosting), Vercel (application hosting), and AWS SES (email delivery) — all subject to strict confidentiality agreements.
• Legal requirements: When required by law, court order, or to protect our rights.

We implement industry-standard security measures including encrypted data in transit (TLS 1.3), encrypted data at rest, secure authentication via OAuth 2.0, and access controls limiting data access to authorized personnel only. All security testing is performed under the non-destructive scope defined in our Security Assessment Authorization.

You have the right to:

• Access and receive a copy of your personal data
• Request correction of inaccurate data
• Request deletion of your data and audit records
• Revoke authorization for security testing at any time
• Opt out of anonymized research use
• Withdraw consent where applicable

To exercise any of these rights, contact us at support@prowlsecurity.io.

We use essential cookies for authentication and session management. We use analytics cookies to understand usage patterns and improve the platform. You can manage cookie preferences through your browser settings.

Account data is retained for as long as your account is active. Audit reports are retained for 90 days after delivery unless you request otherwise. Consent records are retained for legal compliance purposes. You can request deletion of all your data at any time.

We may update this privacy policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the “Last updated” date. Continued use of the platform after changes constitutes acceptance.

If you have questions about this privacy policy or our data practices, contact us at support@prowlsecurity.io