Privacy Policy
Effective May 23, 2026 · Slate Security, Inc.
This Privacy Policy describes how Slate Security, Inc.(“Slate,” “we,” “us,” or “our”) collects, uses, and shares information when you visit slatesecurity.ai, use our web application at app.slatesecurity.ai, or otherwise interact with the Slate Securityvulnerability scanning platform (the “Service”).
By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.
1. Scope
This policy applies to information we process about visitors to our marketing site, registered users, and organizations that use Slate Security to configure targets and run security scans. It does not apply to third-party websites, applications, or infrastructure you choose to scan using the Service; those systems remain subject to their own policies.
2. Information we collect
We collect information you provide, information generated when you use the Service, and limited technical data from your device or browser.
Account and organization data
- Name, email address, and authentication credentials (including magic-link or password sign-in via our identity provider)
- Organization name, membership role, and account preferences
- Communications you send to support or sales
Billing and subscription data
- Plan tier, scan credit balance, and usage history
- Payment-related information processed by our payment provider (we do not store full payment card numbers on our servers)
Scan configuration and results
- Target URLs, hostnames, and related metadata you submit for scanning
- Scan schedules, status, timestamps, and reference identifiers
- Findings produced by scans, including severity, titles, descriptions, remediation guidance, and technical evidence (such as request/response excerpts, headers, or proof of vulnerability) when applicable
- API keys you create for programmatic access (stored in hashed or otherwise protected form)
Automatically collected data
- IP address, browser type, device information, and approximate location derived from IP
- Log data related to authentication, API requests, errors, and security events
- Cookies and similar technologies used for session management and site functionality
When you run a scan, our systems initiate automated interactions with the targets you authorize. Those interactions may generate server logs on your infrastructure; you are responsible for configuring retention and access to those logs.
3. How we use information
We use information to:
- Provide, operate, and improve the Service, including running scans and generating reports
- Authenticate users, enforce access controls, and protect against abuse or unauthorized scanning
- Process subscriptions, scan credits, trials, and other billing events
- Communicate with you about the Service, security notices, and support requests
- Comply with legal obligations and respond to lawful requests
- Analyze aggregated or de-identified usage to improve product quality and reliability
Where required by applicable law, we rely on contractual necessity, legitimate interests (such as securing our platform and preventing misuse), consent, or legal obligation as the legal basis for processing.
5. Data retention
We retain information for as long as your account is active or as needed to provide the Service. Scan results and related artifacts are retained according to your plan and product settings unless you delete them or close your account.
After account termination, we may retain certain information for a limited period to comply with legal obligations, resolve disputes, enforce our agreements, and maintain security backups. We delete or de-identify data when it is no longer required for these purposes.
6. Security
We implement administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, or alteration. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
You are responsible for safeguarding your account credentials and API keys, and for ensuring that only authorized individuals in your organization can access scan results, which may contain sensitive information about your systems.
7. Your choices and rights
Depending on where you live, you may have the right to:
- Access, correct, or delete personal information we hold about you
- Object to or restrict certain processing
- Receive a portable copy of certain data
- Withdraw consent where processing is based on consent
- Lodge a complaint with a supervisory authority
You can update account details in the Service where available. To exercise privacy rights or request deletion, contact us at legal@slatesecurity.ai. We may need to verify your identity before responding.
California residents
We do not sell personal information as defined by the California Consumer Privacy Act (CCPA/CPRA). California residents may request access, deletion, or correction as described above.
8. International transfers
We are based in the United States and may process information in the U.S. and other countries where our service providers operate. When we transfer personal information internationally, we use appropriate safeguards where required by law.
9. Children
The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version on this page and update the effective date. Material changes may be communicated through the Service or by email where appropriate. Continued use after changes become effective constitutes acceptance of the updated policy.
11. Contact us
Slate Security, Inc.
Email: legal@slatesecurity.ai
Website: Contact form
Questions about this document? Email legal@slatesecurity.ai. See also Terms of Use.
← Back to home