Privacy Policy

Last Updated: April 7, 2026

1. Introduction

Phantava ("Company," "we," "us") operates the Phantava platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.

2. Information We Collect

Account Information
  • Email address and display name
  • Authentication credentials (hashed and encrypted)
  • Team membership and role information
  • Profile data (title, avatar)
Assessment Data
  • Target scope definitions (IP addresses, domains, URLs)
  • Assessment configurations and credentials you provide
  • Vulnerability findings and security reports
  • Tool output and terminal session history
  • Screenshots captured during assessments
Usage Data
  • Login history (IP address, browser user-agent, geolocation)
  • Feature usage patterns and session activity
  • Error logs and diagnostic information
Knowledge Base Content
  • Documents you upload for RAG-based retrieval
  • Custom prompts and report templates

3. How We Use Your Information

  • To provide and operate the Service
  • To authenticate your identity and manage access
  • To process AI-assisted security assessments
  • To generate reports and security findings
  • To improve the Service and develop new features
  • To communicate with you about your account
  • To enforce our Terms & Conditions and prevent abuse

4. Third-Party Services

The Service integrates with third-party providers as configured by your team:

  • LLM Providers (e.g., OpenAI, Anthropic, Google): Assessment conversations and tool outputs may be sent to your configured LLM provider for AI processing. These providers have their own privacy policies.
  • MCP Servers: Commands are executed on your configured MCP infrastructure. We do not control or monitor MCP server environments.
  • Supabase: Our backend infrastructure provider for authentication, database, and storage.
  • Payment Processors: Subscription billing is handled by third-party payment processors. We do not store full credit card numbers.

5. Data Storage & Security

We implement industry-standard security measures including:

  • Encryption at rest and in transit (TLS 1.2+)
  • API key encryption for stored credentials
  • Row-level security policies on all database tables
  • Role-based access control within teams
  • Regular security audits of our infrastructure

Data is stored in secure cloud infrastructure. While we take reasonable measures to protect your data, no method of electronic storage is 100% secure.

6. Data Retention

  • Account data is retained for the lifetime of your account
  • Assessment data is retained according to your team's configuration and subscription tier
  • Session history can be managed through the dashboard settings
  • Login history is retained for security auditing purposes

Upon account deletion, we will delete your personal data within 30 days, except where required by law or legitimate business interests (e.g., fraud prevention).

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@phantava.com.

8. Cookies & Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising trackers. Analytics, if used, are privacy-respecting and do not track individual users across sites.

9. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect data from minors. If we learn that we have collected data from a minor, we will delete it promptly.

10. International Data Transfers

Your data may be processed in the United States. By using the Service, you consent to the transfer and processing of your data in the US, which may have different data protection laws than your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification. The "Last updated" date reflects the most recent revision.

12. Contact Us

For privacy-related inquiries, contact us at privacy@phantava.com.