This Privacy Policy explains how SecureLayer7 Cybersecurity Inc. ("SecureLayer7", "we", "us") handles personal data when you visit securelayer7.net, contact us, or use our products and services. SecureLayer7 is a business-to-business offensive-security firm; this site is not directed to children and is not a consumer marketplace.
1. Who we are
SecureLayer7 Cybersecurity Inc. is incorporated in Delaware, USA, and operates from Austin, Texas and Pune, Maharashtra, India. For data-protection matters, contact info@securelayer7.net. SecureLayer7 is the controller of personal data collected through this site, our marketing, and account registration. For data processed while delivering a client security engagement, SecureLayer7 acts on the client's instructions as a processor under the engagement agreement and its data-processing addendum.
2. Information we collect
Information you give us. When you submit a form (for example "Book a scoping call" or "Get the sample report") we collect the data you provide: name, work email, phone number, company, job title, and the engagement details or interest you describe.
Account and billing data. If you register for a portal or a paid subscription (for example the BugDazz API Scanner), we collect account credentials, the billing contact, the plan selected, and transaction identifiers. Card and bank details are entered with and processed by our payment processor, PayPal; SecureLayer7 does not receive or store full payment-card numbers.
Information collected automatically. When you browse the site we collect standard log data — IP address, device and browser type, pages viewed, referring URL — and a visitor identifier stored in a cookie.
Product data. The BugDazz API Scanner runs inside the customer's own environment; customer API traffic is not transmitted to or stored by SecureLayer7. For BugDazz Autonomous and the BugDazz PTaaS platform, engagement scope, findings and evidence are processed under the client engagement agreement and our SOC 2 Type II and ISO/IEC 27001 controls.
3. How we use information
We use personal data to: respond to your enquiry and scope work; provide, operate, secure and improve our products and services; process subscriptions and billing; send service messages and, where permitted, relevant business communications you can opt out of at any time; and meet legal and accreditation obligations. We do not sell personal data, and we do not use client engagement data to train machine-learning models.
4. Automated and AI-assisted processing
Our testing workflow uses automation and large-language-model analysis to map attack surface and accelerate research; conclusions are reviewed by human testers. Client data is filtered and sanitised through our internal trust layer before any model processing, is used only to deliver the engagement, and is not used to train or fine-tune models. We do not make decisions producing legal or similarly significant effects about individuals through solely automated means.
5. Legal bases (EEA/UK)
Where the GDPR or UK GDPR applies we rely on: performance of a contract or pre-contract steps; our legitimate interests in operating and securing our business and conducting business-to-business communications; your consent (for example non-essential cookies and certain communications); and compliance with legal obligations. You may withdraw consent at any time.
6. Sharing and sub-processors
We share personal data only with: service providers that host, secure, analyse, bill or support the site and our communications, under contract and only as needed — currently including cloud hosting and content delivery (AWS/CloudFront), email delivery (Mailgun), product analytics, and payment processing (PayPal); professional advisers; and authorities where required by law or to protect rights and safety. Where you configure integrations, findings may be delivered into your own tools (for example Jira, ServiceNow, Slack, or CI/CD) at your direction.
7. International transfers
We operate in the United States and India and may transfer personal data between them and to service providers in other countries. For transfers from the EEA or UK we use the Standard Contractual Clauses with appropriate supplementary measures; transfers involving India are handled in accordance with the Digital Personal Data Protection Act, 2023.
8. Retention
We keep personal data only as long as necessary: enquiry and marketing data for up to 24 months after your last interaction; account data for the life of the account plus 90 days; client engagement records and security evidence for the term of the engagement plus three years, or as the engagement agreement specifies; and billing and tax records for the period required by law. Data is then deleted or anonymised.
9. Security
We apply administrative, technical and physical safeguards appropriate to the data, aligned with our SOC 2 Type II and ISO/IEC 27001 programs and our CREST and CERT-In accreditations. No method of transmission or storage is perfectly secure; you are responsible for protecting your account credentials.
10. Your rights
Depending on where you are (for example the GDPR/UK GDPR, US state laws such as the CCPA/CPRA, or India's DPDP Act) you may have rights to access, correct, delete, port, restrict or object to processing, and to opt out of marketing. We do not sell or "share" personal data for cross-context behavioural advertising. To exercise rights, email info@securelayer7.net; we will verify your identity and respond within the period required by applicable law. You may also complain to your supervisory authority.
11. Cookies
We use strictly necessary cookies to run the site and, with your choice where required, analytics and preference cookies to understand usage and improve the site. You can control cookies through your browser; disabling some may affect functionality.
12. Third-party links
Our site and research may link to third-party sites we do not control. Their privacy practices are their own; review their policies before providing information.
13. Changes
We may update this policy. Material changes will be reflected here with a new "last updated" date and, where appropriate, communicated to you.
Contact
SecureLayer7 Cybersecurity Inc. (Delaware, USA)
Austin: 11801 Domain Blvd, 3rd Floor, Austin, TX 78758, USA
Pune, Maharashtra, India
Privacy: info@securelayer7.net · General: info@securelayer7.net · Security: info@securelayer7.net