Legal
Privacy Policy
Last Modified: December 7, 2025
PLEASE READ THIS PRIVACY POLICY CAREFULLY.
PensarAI, Inc. ("PensarAI," "we," "us," or "our") is committed to protecting your privacy. This privacy policy ("Privacy Policy") explains how we collect, use, disclose, and safeguard personal information when you interact with our websites, platforms, mobile applications, and other online services that link to this policy (collectively, the "Services").
This Privacy Policy applies to personal information that we collect and process in connection with your use of the Services. It does not apply to third-party websites, services, or applications, even if they are accessible through the Services.
Unless otherwise defined in this Privacy Policy, capitalized terms have the meanings given to them in our Terms of Service. In the event of any inconsistency between this Privacy Policy and the Terms regarding definitions or interpretation, the Terms will control.
1. WHAT INFORMATION WE COLLECT ABOUT YOU
1.1 Information You Provide to PensarAI
When you interact with us by using the Services or contacting Support, we collect Personal Data that you provide directly. This includes your login credentials such as your name and email address, as well as user preferences. We may also collect other Personal Data you submit, including information provided when you request customer support, or participate in marketing promotions. We do not collect or store your payment card or banking information; all payment processing is handled exclusively by our third-party payment processors.
To register and access the Services, you may authenticate using a third-party authentication service or an authentication code received via email. When you use third-party authentication services, we may receive limited profile information from those services in accordance with their respective privacy policies and your privacy settings with those providers.
1.2 Information We Collect When You Use Our Services
In addition to the information you provide directly, we also collect certain data automatically when you interact with the Services. This includes technical, usage, and device-related information that helps us operate, secure, and improve our platform. The types of data we collect in this context include the following:
1.2.1 Log Files
When you use our Services, we may automatically collect information about your computer hardware and software. This information can include your IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times and referring website addresses.
1.2.2 Usage Data
We collect detailed usage data when you interact with the Services to help us improve our security testing capabilities and optimize system performance. This includes information about your security testing activities, such as: the number and duration of test runs; computational resources consumed (measured in tokens); security issues identified, remediated, and their resolution timelines; project creation and management activities; workspace user management (when users are added); and user interactions such as comments added or deleted on security findings. We use this data to support analytics, improve our AI-powered testing capabilities, troubleshoot issues, and optimize the Services. This usage data is stored securely and is not shared with third parties except as described in Section 3.
1.2.3 Information from Cookies and Similar Technologies
We and our third-party partners may collect personal information using cookies, pixel tags, or similar technologies. For more information on our use of cookies and your choices regarding cookies, please see Section 6 (Cookies). We may also collect information through other methods, such as online conferences, events, or contests.
1.2.4 Location and Device Information
When you use the Services, we may collect and process information about your device and real-time location, including GPS coordinates, device type, mobile operating system, unique device identifiers, mobile network information, and diagnostic data. We use this information to enable location-based features (such as contextual recommendations), enhance security, and improve app functionality. You can disable location access through your device settings, but this may limit certain functionalities of the Services.
1.2.5 Information Related to Security Testing Services
Our core service offering is on-demand security and penetration testing powered by AI agents. When you use the Services to test your applications, systems, or infrastructure, we collect and process technical information about those security tests, including test configurations, identified vulnerabilities, security findings, remediation status, and related metadata. This information is necessary to provide the security testing services you request and to generate reports on security issues. All security testing data is stored within your private workspace and is subject to the same privacy protections as your personal information. We use aggregated, de-identified security testing data to improve our AI models and enhance the accuracy of our automated security testing capabilities, but we never share your specific security findings or vulnerabilities with third parties.
1.2.6 API Integration Data
If you integrate our Services with your CI/CD pipeline via our API, we collect technical information about API calls, including request timestamps, authentication tokens, test configurations, and results. This data is necessary to provide automated security testing within your development workflow. API credentials and authentication tokens are encrypted and stored securely. You are responsible for maintaining the security of your API credentials and for ensuring that your CI/CD integration complies with your organization's security policies.
2. HOW WE USE PERSONAL DATA
2.1 To Provide the Services
We use your account information and User Data to provide the products and services to you. For example, we use the username and password you choose to provide when signing up for the Services to create your user account. We may also use this information to authenticate you when you use the Services and to provide customer support. We collect the content, communications and other information you provide when you use our Services, including when you initiate the use of the Services or contact customer support.
2.2 To Improve and Develop Our Product and Services
We use Usage Data to understand how users interact with the Services and to guide product development. This includes identifying popular features, assessing user behavior trends, and evaluating potential new features or integrations. We may also analyze aggregated data across our user base to understand overall usage patterns. When shared externally, this statistical information does not identify individual users. We also use this data to enhance our AI models and improve the accuracy of our security testing capabilities.
2.3 To Secure and Protect our Users
We use your information to help prevent security incidents, verify accounts, process product sign-ups, and detect misuse of the Services. Log files may also be used to generate general usage statistics, improve navigation, and support compliance with analytics, export control, and regulatory requirements. We collect and log IP addresses to monitor access patterns, investigate security events, and troubleshoot issues. Where appropriate, we may link this automatically collected data to other personal information you provide.
2.4 To Communicate with Our Users
We use your account information to communicate with you, which could include providing you with updates and other information relating to our services and products, providing information that you request, and responding to comments, questions, and requests. We do not send promotional emails, text messages, or push notifications for marketing purposes. All communications from us are transactional in nature and related to your use of the Services.
2.5 To Monitor and Improve Autonomous System Behavior
We use interaction data and system metadata to monitor and improve the AI agents that power our security and penetration testing services. This includes analyzing test execution patterns, error detection accuracy, security issue identification rates, and system performance metrics to continuously enhance the effectiveness and reliability of our automated security testing capabilities.
3. HOW WE SHARE PERSONAL DATA
3.1 Service Providers
We may share Personal Data with our third-party service providers to support our Services. For example, we may use service providers for data hosting and payment processing. We may need to share your information with service providers to provide services to you. Examples may include developing and improving the product and services and providing customer service or support. These service providers are prohibited from using your Personal Data except for these purposes, and they are required to maintain the confidentiality of your information.
3.2 Compelled Disclosure
We reserve the right to use or disclose your Personal Data if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
3.3 Workspace-Based Privacy Model
All content you create within the Services, including security test results, identified issues, and comments, is maintained within private workspaces. Your content is only accessible to you and users you explicitly invite to your workspace. We do not share your workspace content with other PensarAI users, and users cannot access workspaces to which they have not been granted permission. You are responsible for managing access to your workspaces and the users you invite.
4. HOW WE TRANSFER PERSONAL DATA INTERNATIONALLY
4.1 Scope of International Transfers
PensarAI is based in the United States, and all personal information is processed and stored on servers located in the United States. While we primarily serve U.S.-based customers, we also have users located in other countries including Croatia, the United Kingdom, and India. By using the Services, you acknowledge and consent to the transfer of your personal information to the United States for processing and storage. If you are located in the European Economic Area (EEA), Switzerland, or the United Kingdom, please be aware that the United States may not provide the same level of data protection as your home jurisdiction. We implement appropriate safeguards to protect your personal information in accordance with this Privacy Policy and applicable law and will comply with all applicable international laws to safeguard the transfer. Please contact us if you need more information about which legal mechanisms we rely on to transfer personal data internationally.
5. HOW WE STORE AND SECURE PERSONAL DATA
5.1 Data Storage and Security
We use a variety of security technologies and procedures to help protect your Personal Data from unauthorized access, use or disclosure. We secure the Personal Data you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. All Personal Data is protected using appropriate physical, technical and organizational measures.
5.2 Retention of Personal Data
We retain Personal Data that you provide to us where we have an ongoing legitimate business need to do so (for example, as needed to comply with our legal obligations, resolve disputes and enforce our agreements).
6. COOKIES
6.1 Cookies
Technologies such as cookies may be used by PensarAI and our analytics or service providers (as applicable). Cookies are used to remember you and to collect information about how you interact with the Services. If you have an account with the Services, we may link this usage data with other information. You may have the option to either accept or refuse these cookies. If you choose to refuse, you may not be able to use some portions of the Services.
6.2 What Are Cookies?
Cookies are small text files sent to your browser when you visit a website. They allow the site to recognize your device and remember your preferences on future visits. Cookies may store settings or other data to support functionality and improve your experience. Cookies set by us are called first-party cookies, while cookies set by other parties, such as analytics or content providers, are called third-party cookies. These may track activity across multiple websites. We also use third-party mobile analytics tools to understand how users interact with our app, identify bugs or crashes, and improve performance. These tools collect anonymized data such as usage patterns, device status, and error logs, and are not used to personally identify users.
6.3 Why Do We Use Cookies?
We use first party and third party cookies for several reasons. Some cookies are required for technical reasons in order for our website to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Services. This data is used to analyze trends, administer the website, monitor how visitors navigate around the website, and to gather demographic information about our user base as a whole.
6.4 What Types of Cookies Do We Use and How Do We Use Them?
We use several types of cookies to support and improve our website. Essential cookies are required to deliver the services available through the site. Performance and functionality cookies enhance the user experience but are not strictly necessary for the website to function. We also use analytics and customization cookies, which help us understand how users interact with the site and allow us to tailor content based on those interactions. These cookies may operate in aggregate form or be used to personalize your experience.
6.5 How Can I Control Cookies?
7. YOUR PRIVACY RIGHTS AND CHOICES
7.1 Access, Correction or Deletion
7.2 Objection
You can object to our processing of your Personal Data, ask us to restrict processing of your Personal Data or request portability of your Personal Data.
7.3 Withdraw Consent
If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
7.4 Complaint
You have the right to complain to a data protection authority about our collection and use of your Personal Data. To exercise any of these rights, please contact us at team@pensarai.com. Please note that to protect personal information, we may verify your identity by a method appropriate to the type of request you are making. Depending on where you reside, you may be entitled to empower an "authorized agent" to submit requests on your behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws.
We will respond to your request to change, correct, or delete your data within a reasonable timeframe and notify you of the action we have taken. In some instances, your rights may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights.
8. CALIFORNIA PRIVACY RIGHTS
8.1 CCPA Applicability
As PensarAI does not currently meet the thresholds established by the California Consumer Privacy Act (the "CCPA"), the CCPA does not apply to your use of the Services. In the event that PensarAI does meet the thresholds established by the CCPA in the future, this section will be updated accordingly.
9. OTHER IMPORTANT PRIVACY INFORMATION
9.1 We Never Sell Personal Data
We will never sell your Personal Data to any third party.
9.2 Information About Children
[End of Privacy Policy]