Legal

Privacy Policy

Last updated: March 2026

BreachBrain is a product of BreachBrain. This Privacy Policy explains what information we collect, how we use it, and what rights you have regarding your data. If you have questions, contact us at support@breachbrain.com.

1. Who we are

BreachBrain is operated by BreachBrain, located at 504 W. Plant Street, Winter Garden, Florida 34787. References to "we," "us," or "our" in this policy refer to BreachBrain and the BreachBrain platform.

2. Information we collect

We collect information in two ways: information you provide to us directly, and information generated as part of the assessment process.

Information you provide

  • Account registration details: name, email address, company name, and billing information.
  • Questionnaire responses: your answers to our security assessment questions across eight domains.
  • Contact form submissions: name, email, company, and the content of your message.
  • Communications: emails or messages you send us directly.

Information generated during assessment

  • External scan data: information collected from publicly accessible sources related to your organization's domain, IP infrastructure, email configuration, and SSL/TLS certificates.
  • Risk score and findings: the output of our analysis of your questionnaire responses and scan data.
  • Usage data: how you interact with your dashboard, report views, and platform features.

Information collected automatically

  • Log data: IP address, browser type, pages visited, time and date of visits.
  • Cookies: session cookies required for authentication. We do not use tracking or advertising cookies.

3. How we use your information

We use the information we collect to:

  • Deliver your cybersecurity risk assessment and associated report.
  • Operate and maintain your account and dashboard access.
  • Communicate with you about your account, your report, or your inquiry.
  • Process payments through our payment processor (Stripe). We do not store full payment card data on our systems.
  • Improve the accuracy and methodology of our assessments.
  • Comply with applicable legal obligations.

We do not sell your data. We do not use your data for advertising. We do not share your questionnaire responses or assessment results with third parties except as described in Section 4.

4. How we share your information

We share information only in the following limited circumstances:

  • Service providers. We use third-party services to operate the platform, including cloud hosting (AWS), payment processing (Stripe), and transactional email. These providers have access to data only as necessary to perform their functions and are contractually required to protect it.
  • Analyst review. Your questionnaire responses and scan results are reviewed by a certified analyst at BreachBrain as part of the report delivery process. This review is performed under the same confidentiality obligations that govern all BreachBrain engagements.
  • Legal requirements. We may disclose information if required by law, court order, or governmental authority.
  • Business transfers. If BreachBrain is acquired or merges with another entity, your data may be transferred as part of that transaction. We will notify you if this occurs.

5. Data retention

We retain your account data and assessment results for as long as your account is active. If you cancel your subscription or request deletion, we will remove your data within 30 days, except where retention is required by law or for legitimate business purposes such as resolving billing disputes.

Scan data derived from publicly accessible sources (domain records, IP information, etc.) may be retained in aggregated, de-identified form for methodology improvement.

6. Security

We use industry-standard measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and infrastructure hosted on AWS with appropriate security configurations. No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at support@breachbrain.com.

7. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data, subject to legal retention requirements.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority if you are located in a jurisdiction with such rights (including the EU/EEA under GDPR, or California under CCPA).

To exercise any of these rights, contact us at support@breachbrain.com. We will respond within 30 days.

8. California residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect and how it is used, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To submit a request, contact us at support@breachbrain.com.

9. Children's privacy

BreachBrain is intended for use by businesses and is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page and, where changes are material, notify you by email or through a notice in your dashboard.

11. Contact

BreachBrain
504 W. Plant Street
Winter Garden, Florida 34787
support@breachbrain.com