Legal

Privacy Policy

Last updated: 1 January 2026  ·  Effective date: 1 January 2026

PentesterHub is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, and the rights you have over it. We do not sell your data to anyone.

1. Overview

PentesterHub ("we", "us", "our") operates the website at pentesterhub.com and provides professional penetration testing and cybersecurity services. This Privacy Policy applies to all personal data collected through our website and the services we provide.

By using our website or submitting an enquiry, you acknowledge that you have read and understood this policy.

2. Data We Collect

Information you provide directly

When you submit our contact form or request a quote, we collect:

  • Full name and job title
  • Company or organisation name
  • Business email address
  • Phone number (optional)
  • Service requirements and any information you include in your message

Information collected automatically

When you visit our website, basic technical data may be collected by your browser or our hosting provider, including your IP address, browser type, operating system, referring URL, and pages visited. We do not use tracking pixels or analytics scripts.

3. How We Use Your Data

We use your personal data only for the purposes for which it was provided:

  • To respond to your enquiry and provide you with a tailored proposal
  • To deliver contracted penetration testing or consultancy services
  • To send engagement-related communications (project updates, reports, invoices)
  • To comply with legal and regulatory obligations

We will never use your data for unsolicited marketing without your explicit consent.

4. Third-Party Services

Our website uses the following third-party services:

  • FormSubmit — processes contact form submissions and forwards them to our email. FormSubmit may temporarily store submitted data. Please review FormSubmit's privacy policy.
  • Google Fonts — our website loads the Inter typeface from Google's CDN. This may result in your IP address being sent to Google. Please review Google's privacy policy.
  • GitHub Pages — our website is hosted on GitHub Pages. GitHub may log basic access data. Please review GitHub's privacy policy.

We do not share your personal data with any other third parties without your explicit consent, except where required by law.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected:

  • Enquiry data (unconverted leads): up to 12 months
  • Client project data: up to 5 years from project completion, in line with standard business record-keeping
  • Financial records: as required by applicable law (typically 7 years)

After the applicable retention period, data is securely deleted or anonymised.

6. Data Security

Given the nature of our business, we take data security extremely seriously. We apply industry-standard technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. All client deliverables, reports, and sensitive communications are handled under strict confidentiality controls.

Despite our best efforts, no method of transmission over the internet is 100% secure. If you have specific data security requirements, please contact us to discuss secure transfer options.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your data where there is no lawful basis for continued processing
  • Restriction — request that we restrict processing of your data
  • Portability — request your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

8. Cookies

Our website does not use advertising cookies, tracking cookies, or analytics cookies. The only data stored in your browser is limited to essential session functionality required for the website to operate correctly. No consent banner is required because we do not place non-essential cookies.

9. Children's Privacy

Our website and services are intended for business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us: