Privacy Policy

Effective May 23, 2026 · Slate Security, Inc.

This Privacy Policy describes how Slate Security, Inc.(“Slate,” “we,” “us,” or “our”) collects, uses, and shares information when you visit slatesecurity.ai, use our web application at app.slatesecurity.ai, or otherwise interact with the Slate Securityvulnerability scanning platform (the “Service”).

By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

1. Scope

This policy applies to information we process about visitors to our marketing site, registered users, and organizations that use Slate Security to configure targets and run security scans. It does not apply to third-party websites, applications, or infrastructure you choose to scan using the Service; those systems remain subject to their own policies.

2. Information we collect

We collect information you provide, information generated when you use the Service, and limited technical data from your device or browser.

Account and organization data

  • Name, email address, and authentication credentials (including magic-link or password sign-in via our identity provider)
  • Organization name, membership role, and account preferences
  • Communications you send to support or sales

Billing and subscription data

  • Plan tier, scan credit balance, and usage history
  • Payment-related information processed by our payment provider (we do not store full payment card numbers on our servers)

Scan configuration and results

  • Target URLs, hostnames, and related metadata you submit for scanning
  • Scan schedules, status, timestamps, and reference identifiers
  • Findings produced by scans, including severity, titles, descriptions, remediation guidance, and technical evidence (such as request/response excerpts, headers, or proof of vulnerability) when applicable
  • API keys you create for programmatic access (stored in hashed or otherwise protected form)

Automatically collected data

  • IP address, browser type, device information, and approximate location derived from IP
  • Log data related to authentication, API requests, errors, and security events
  • Cookies and similar technologies used for session management and site functionality

When you run a scan, our systems initiate automated interactions with the targets you authorize. Those interactions may generate server logs on your infrastructure; you are responsible for configuring retention and access to those logs.

3. How we use information

We use information to:

  • Provide, operate, and improve the Service, including running scans and generating reports
  • Authenticate users, enforce access controls, and protect against abuse or unauthorized scanning
  • Process subscriptions, scan credits, trials, and other billing events
  • Communicate with you about the Service, security notices, and support requests
  • Comply with legal obligations and respond to lawful requests
  • Analyze aggregated or de-identified usage to improve product quality and reliability

Where required by applicable law, we rely on contractual necessity, legitimate interests (such as securing our platform and preventing misuse), consent, or legal obligation as the legal basis for processing.

4. How we share information

We do not sell your personal information. We share information only as described below:

  • Service providers that help us host infrastructure, operate databases, send email, process payments, and run scan workloads (for example, cloud hosting and database providers). These providers are bound by contractual obligations to protect data and use it only to perform services for us.
  • Within your organization — scan results and targets are visible to members of your organization according to your account configuration.
  • Legal and safety — when we believe disclosure is required by law, to protect rights and safety, or to investigate suspected unauthorized scanning or abuse of the Service.
  • Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality protections.

5. Data retention

We retain information for as long as your account is active or as needed to provide the Service. Scan results and related artifacts are retained according to your plan and product settings unless you delete them or close your account.

After account termination, we may retain certain information for a limited period to comply with legal obligations, resolve disputes, enforce our agreements, and maintain security backups. We delete or de-identify data when it is no longer required for these purposes.

6. Security

We implement administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, or alteration. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

You are responsible for safeguarding your account credentials and API keys, and for ensuring that only authorized individuals in your organization can access scan results, which may contain sensitive information about your systems.

7. Your choices and rights

Depending on where you live, you may have the right to:

  • Access, correct, or delete personal information we hold about you
  • Object to or restrict certain processing
  • Receive a portable copy of certain data
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with a supervisory authority

You can update account details in the Service where available. To exercise privacy rights or request deletion, contact us at legal@slatesecurity.ai. We may need to verify your identity before responding.

California residents

We do not sell personal information as defined by the California Consumer Privacy Act (CCPA/CPRA). California residents may request access, deletion, or correction as described above.

8. International transfers

We are based in the United States and may process information in the U.S. and other countries where our service providers operate. When we transfer personal information internationally, we use appropriate safeguards where required by law.

9. Children

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the effective date. Material changes may be communicated through the Service or by email where appropriate. Continued use after changes become effective constitutes acceptance of the updated policy.

11. Contact us

Slate Security, Inc.
Email: legal@slatesecurity.ai
Website: Contact form

Questions about this document? Email legal@slatesecurity.ai. See also Terms of Use.

← Back to home