1. About WYKYK

WYKYK B.V. provides offensive security services, including continuous AI scanning, penetration testing, and PenPortal issue management. Our mission is simple yet powerful: Breach the code. Teach the dev. While we attack systems to make them stronger, we protect your data with the same rigor. We believe in security by design, and that extends to how we handle personal information.

2. Data We Collect

We only collect the information necessary to deliver our services, support our clients, and keep our platform secure. The data we may collect includes:

• Account Information: Name, email, phone number, company details, and billing information. This allows us to create and manage your account.
• Service Data: Domain names, IP addresses, and application details you provide for scanning or testing. This is the core data needed to deliver WYKYK services.
• Usage Data: Logins, activity in PenPortal, and security events. This data ensures system availability, prevents abuse, and strengthens your user experience.
• Support Data: Any information you share when contacting our team for help. This may include technical details about your systems.

3. How We Use Your Data

We use your data strictly to deliver, improve, and secure our services:

• Provide access to Wykyk 24/7, Pentests, Pentester-as-a-Service, and PenPortal.
• Generate findings, issues, and actionable security reports.
• Process payments, billing, and invoices.
• Maintain platform security, detect abuse, and prevent fraud.
• Analyze usage patterns to improve our products and services.
• Communicate important updates about services or changes to this policy.

We never use your data for unrelated purposes.

4. Legal Basis for Processing

We process personal data under the following legal grounds:

• Contract: To provide the services you requested and fulfill our obligations.
• Legitimate Interest: To secure our systems, protect clients, and prevent misuse.
• Consent: When required, such as for optional marketing communications or additional services.

5. Sharing of Data

We keep data sharing minimal and only share with trusted partners:

• Vendors: Such as payment processors, hosting providers, or email delivery platforms.
• Legal Requirements: If required by law, court order, or to protect rights and security.
• With Your Permission: If you request integrations with third-party tools or services.

Every vendor we use is vetted and bound by strict data processing agreements to ensure compliance and protection.

6. International Data Transfers

When data must leave the EU, we ensure it remains protected through standard contractual clauses or equivalent safeguards. We review and monitor our vendors regularly to ensure they remain GDPR-compliant and align with our security standards.

7. Data Retention

We retain data only as long as necessary:

• Account Data: Retained while you maintain an active subscription and up to 24 months after termination.
• Security Findings: Stored for as long as they are needed for validation and reporting, then anonymized or deleted.
• Logs: Kept short-term for monitoring and troubleshooting, typically no longer than 90 days.

Once data is no longer needed, we securely delete or anonymize it.

8. Your Rights

As a user, you have the following rights under GDPR and other applicable privacy laws:

• Access your personal data.
• Correct or update inaccurate information.
• Delete data where legally permissible.
• Restrict or object to certain types of processing.
• Port your data to another service provider.

9. Security Measures

We protect your data with the same offensive mindset we apply to security testing:

• Encryption of data in transit and at rest.
• Strict role-based access controls.
• Continuous monitoring, anomaly detection, and logging.
• Regular internal reviews and third-party penetration tests.

Our team applies hacker-level scrutiny to ensure your information is safe from adversaries.

10. Cookies

Our website uses minimal cookies to function effectively and improve user experience:

• Essential Cookies: Required for login, account access, and platform functionality.
• Analytics Cookies: Used to understand performance and improve our website.

For more details, see our https://www.wykyk247.com/cookies.

11. Contact Information

12. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or security practices. When we do, we will update the “Last Updated” date at the top. Significant changes will be communicated through email or platform notifications.