Privacy Policy

Privacy Policy

Table of Contents

Your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

1. Information We Collect

We practice data minimization and only collect the essential information required to provide our services. Our data collection is limited to:

Login Information Only: We collect and store only the data necessary for user authentication and account access.

  • Account Information: Username/email address and encrypted password for login purposes
  • Basic Technical Data: IP address and session information for security and functionality
  • No Payment Data: We do not collect, store, or process any payment or financial information
  • No Tool Usage Data: RTFMv2 tools are self-hosted by users - we do not monitor, log, or have access to any penetration testing activities or results
Data Type Purpose Retention
Login Credentials User authentication Until account deletion
Session Data Security & functionality Session duration only
Access Logs Security monitoring 30 days maximum

2. How We Use Your Information

Given our minimal data collection approach, we use your information only for essential service operation:

  • User Authentication: Verifying your identity when you log in
  • Account Management: Maintaining your user account and preferences
  • Security: Protecting against unauthorized access and maintaining system security
  • Service Delivery: Providing access to RTFMv2 tools and documentation
  • Legal Compliance: Meeting minimal legal and regulatory requirements

Important: Since RTFMv2 tools are self-hosted, we have no knowledge of or access to any penetration testing activities, targets, results, or data processed by the tools.

3. Information Sharing and Disclosure

We practice strict data minimization and do not share your information except in very limited circumstances:

  • No Third-Party Analytics: We do not use third-party analytics or tracking services
  • No Marketing Partners: We do not share data with marketing or advertising partners
  • Legal Requirements: Only when required by law, court order, or legal process
  • Security Incidents: Only if necessary to investigate security breaches affecting our platform

Self-Hosted Tools: Since RTFMv2 tools run on your infrastructure, we have no access to or knowledge of your penetration testing activities, and therefore cannot share what we do not possess.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Employee training on data protection

5. Your Rights and Choices

You have certain rights regarding your personal information:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a structured format
  • Opt-out: Unsubscribe from marketing communications
  • Consent Withdrawal: Withdraw consent for specific data processing

6. Cookies and Tracking Technologies

We use minimal cookies necessary for basic functionality. We do not use extensive tracking or analytics cookies.

  • Essential Cookies: Required for login sessions and basic site functionality
  • Security Cookies: Used to prevent unauthorized access and maintain account security
  • No Analytics Cookies: We do not use cookies for usage tracking or analytics
  • No Marketing Cookies: We do not use cookies for advertising or marketing purposes

You can control cookie settings through your browser preferences, though disabling essential cookies may affect login functionality.

7. Data Retention

We retain minimal data for the shortest time necessary:

  • Account Data: Retained until you delete your account
  • Access Logs: Automatically deleted after 30 days
  • Session Data: Deleted when your session expires
  • No Tool Data: We do not retain any data from RTFMv2 tool usage as tools are self-hosted

You can request account deletion at any time, which will permanently remove all associated data from our systems.

8. International Data Transfers

If you are located outside of our primary operating region, please note that your information may be transferred to and processed in countries with different data protection laws. We ensure appropriate safeguards are in place for such transfers.

9. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. Self-Hosted RTFMv2 Tools

Complete User Control: RTFMv2 tools are designed to run entirely on your own infrastructure.

This means:

  • No Data Collection: We do not collect, monitor, or have access to any data processed by the tools
  • No Penetration Test Logging: We have no knowledge of what targets are tested or what results are obtained
  • Your Infrastructure: All tool data remains on your systems under your control
  • No Remote Access: We cannot and do not access your self-hosted instances
  • User Responsibility: You are responsible for the security and privacy of your self-hosted tools

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.