Zero Data Retention (24h) Policy

At 1PenTesting Ltd, we understand that security scan data is highly sensitive. Our Zero Data Retention (ZDR) policy ensures that your scan data is automatically and permanently deleted within 24 hours of report delivery.

1. What is Zero Data Retention?

Zero Data Retention (ZDR) is our commitment to minimize data exposure by automatically purging all scan-related data within 24 hours. This includes:

• Raw scan results and vulnerability findings
• Screenshots and evidence collected during scans
• Temporary files and cached data
• Server logs related to your scans

2. How It Works

The ZDR process follows a strict timeline:

• Scan Completion: Your security scan finishes and results are compiled
• Report Delivery: PDF and dashboard reports are generated and delivered to you
• 24-Hour Window: You have 24 hours to download and save your reports
• Automatic Deletion: All scan data is permanently purged from our systems

3. What Gets Deleted

After 24 hours, the following data is permanently removed:

• Complete scan results and vulnerability details
• IP addresses and domain information scanned
• Screenshots, payloads, and proof-of-concept data
• Request/response logs from testing
• Any credentials or tokens discovered during scans
• Temporary analysis files

4. What We Retain

For service operation and compliance, we retain only:

• Your account information (email, company name)
• Billing records and transaction history
• Scan metadata (date, duration, scan type) - not results
• Aggregated, anonymized statistics

5. Data Deletion Process

Our deletion process ensures complete and irrecoverable removal:

• Secure Erasure: Data is overwritten using DoD 5220.22-M standard
• Database Purge: Records are deleted from all database replicas
• Backup Exclusion: ZDR data is never included in backups
• Verification: Automated checks confirm complete deletion

6. Plan Availability

Zero Data Retention is available on:

• All Plans: 24-hour ZDR is included by default
• Enterprise: Custom retention windows (1h, 6h, 12h) available
• On Request: Immediate deletion after report download

7. Extended Retention Option

If you need to retain scan data longer for compliance or audit purposes:

• You can opt-in to extended retention (30, 90, or 365 days)
• Extended retention requires explicit consent per scan
• You can request deletion at any time during the retention period
• Data is encrypted at rest with customer-specific keys

8. Your Responsibilities

To ensure you have access to your reports:

• Download PDF reports within 24 hours of delivery
• Save reports to your secure storage
• Set up email notifications to receive reports promptly
• Contact support if you need to extend retention before deletion

9. Compliance Benefits

ZDR helps you meet compliance requirements:

• GDPR: Data minimization principle (Article 5)
• SOC 2: Reduced data exposure risk
• PCI DSS: Minimized cardholder data storage
• HIPAA: Limited PHI retention

10. Contact Us

For questions about our Zero Data Retention policy:

1PenTesting Ltd
Email: legal@1pentesting.com