Data Handling
CyberXtron is built with security-first principles. This page explains what data we collect, how we process it, and how we protect it.
What Data We Collect
Scan Data
When you add assets and run scans, CyberXtron processes:
- IP addresses, domain names, and hostnames you provide
- Open ports and service banners discovered during scanning
- HTTP response headers and status codes
- SSL/TLS certificate information
- Vulnerability signatures matched against your systems
CyberXtron does not store the content of your applications (page bodies, database contents, user data). We collect only the metadata required to identify security issues.
Account Data
- Email addresses and names of workspace members
- Authentication credentials (hashed, never stored in plaintext)
- Audit logs of platform actions
- Billing information (processed by Stripe, not stored by CyberXtron)
Data Storage
| Data Type | Location | Retention |
|---|---|---|
| Scan results | Encrypted at rest (AES-256) | 12 months |
| Audit logs | Encrypted at rest | 12 months (Enterprise: 24 months) |
| Account data | Encrypted at rest | Duration of account |
| API keys | Hashed (SHA-256), never stored in plaintext | Until revoked |
All data is stored in ISO 27001-certified data centers located in the United States.
Data Transmission
All data transmitted between your browser/API clients and CyberXtron is encrypted using TLS 1.2 or higher. We enforce HTTPS on all endpoints and reject plaintext connections.
Data Isolation
Each organization's data is logically isolated using workspace-level access controls. No data from one organization can be accessed by another.
Scanning Scope
CyberXtron only scans assets that you explicitly add to your workspace. Our platform:
- Never scans assets not registered in your account
- Never stores sensitive data encountered during web crawling
- Never performs destructive or write operations on your systems
Third-Party Sub-processors
CyberXtron uses the following sub-processors:
| Sub-processor | Purpose |
|---|---|
| Amazon Web Services | Infrastructure hosting |
| Stripe | Payment processing |
| SendGrid | Transactional email |
| Datadog | Infrastructure monitoring |
Data Deletion
To request deletion of your organization's data:
- Go to Settings → Organization → Danger Zone
- Click Delete Organization
- Confirm by entering your organization name
Account data and scan results are permanently deleted within 30 days of deletion request.
You may also submit a deletion request via email at: privacy@cyberxtron.com
GDPR & Privacy
CyberXtron is compliant with the General Data Protection Regulation (GDPR). EU customers can:
- Request a copy of their stored data (Data Subject Access Request)
- Request deletion of their personal data
- Opt out of non-essential data processing
Contact: privacy@cyberxtron.com
Our full Privacy Policy is available at cyberxtron.com/privacy.