Privacy Policy

This Privacy Policy describes how Hound, a Fauna AI company ("we," "us," or "our"), collects, uses, and protects your information when you use our platform, website, and penetration testing services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

This policy applies to individuals who use the Service, whether on their own behalf or on behalf of an organization. References to "your information" include both personal information and business information you provide.

1. Information We Collect

Account Information: When you create an account, we collect your email address and domain information for verification purposes.

Payment Information: If you purchase paid services, we collect billing information through our third-party payment processor. We do not store full payment card details on our servers.

Testing Data: When you use our penetration testing services, our systems may encounter or process data hosted on your verified domains. This data is used solely to deliver your security assessment results.

Usage Information: We may collect information about how you interact with the Service, including IP addresses, browser type, and usage patterns through cookies and similar technologies.

2. How We Use Your Information

We use your information to:

• Provide and operate the Service
• Verify domain ownership and authorization for testing
• Generate and deliver security assessment reports
• Process payments and maintain your account
• Communicate with you about the Service, including support and updates
• Improve and develop the Service and user experience
• Comply with legal obligations

Legal Basis for Processing (EEA/UK Users): If you are located in the European Economic Area or the United Kingdom, our legal bases for processing your personal data are:

• Contractual necessity: Processing your account information, domain data, and payment information to deliver the Service you requested
• Legitimate interest: Collecting anonymous usage analytics to improve the Service, and maintaining security logs to protect our infrastructure
• Legal obligation: Retaining certain data where required by applicable law

3. AI and Your Data

Our Service uses artificial intelligence to perform security testing and analysis. We want to be clear about how your data is handled:

Your data is not used to train or improve any AI models. Data processed during testing is used solely for delivering your security assessment results. Our third-party AI providers are bound by terms that prohibit the use of your data for model training or improvement.

4. Data Storage and Security

Your data is stored on servers located in the United States using Amazon Web Services (AWS) infrastructure.

We designed our infrastructure so that each customer's engagement data is completely isolated at the network, compute, and storage layers:

• Encryption of data at rest and in transit
• Per-engagement network isolation: each pentest runs in a dedicated private network, provisioned fresh and destroyed after the run completes
• Per-domain findings storage: your assessment results are stored in dedicated storage, never co-mingled with data from other customers
• Scoped access controls: your data is never accessible to another customer's engagement, and other customers' data is never accessible to yours
• Audit logging of all network activity and infrastructure lifecycle events

In the event of a security incident that affects your personal information, we will notify affected users and relevant authorities as required by applicable law.

5. Data Retention

We retain your account information and test results for as long as your account is active or as needed to provide the Service. If you request deletion of your account and data, we will process your request in accordance with the "Your Rights" section below.

Upon a verified deletion request, we will delete your personal data within 30 days, except where retention is required by law or necessary to resolve disputes or enforce our agreements.

6. Third-Party Services

We share your information with the following categories of third-party service providers:

• AI Providers: To perform security testing and analysis
• Payment Processors: To process transactions securely
• Infrastructure Providers: To host and operate the Service
• Analytics Provider: We use Plausible Analytics to collect anonymous, aggregate website usage metrics such as page views, referral sources, and visitor country. Plausible does not use cookies and does not collect personal data.

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

We may also disclose your information when required by law, such as in response to a subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.

7. Cookies and Tracking

We use Plausible Analytics for website usage statistics. Plausible is a privacy-focused analytics tool that does not use cookies, does not collect personal data, and does not track you across websites. It generates only anonymous, aggregate metrics that cannot be used to identify individual visitors.

We do not use any analytics cookies, advertising trackers, or third-party tracking pixels.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information under applicable data protection laws (including the GDPR and CCPA):

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data and account
• Export: Request a portable copy of your data
• Opt-Out of Sale: We do not sell or share your personal information as defined under the California Consumer Privacy Act (CCPA/CPRA)

To exercise any of these rights, please contact us at support@cyberhound.ai. We will respond to your request within a reasonable timeframe.

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Users

The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States.

Where required by applicable law (including the GDPR), we rely on Standard Contractual Clauses approved by the European Commission, along with supplementary security measures described in Section 4, as the legal mechanism for transferring personal data from the EEA or UK to the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the platform. Your continued use of the Service after such changes constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at support@cyberhound.ai.