DXSense AI · Legal

Privacy Policy

Last updated: 19 April 2026

1. Who We Are

DXSense AI ("we", "us") operates the autonomous penetration testing platform available at https://dxsense.com. This policy explains what personal data we collect. How we use it. Your rights.

2. Data We Collect

  • Account data: name, email, organisation, hashed password.
  • Billing data: Razorpay / Stripe customer ID, invoice history, billing address. Card and bank details are handled directly by Razorpay / Stripe; we never see them.
  • Engagement data: targets you authorise, scope definitions, tool output, findings, evidence artefacts, reports.
  • Usage data: logs, IP address, user-agent, feature usage metrics.

3. How We Use Data

  • To deliver. Operate. Improve the Platform.
  • To bill for usage and prevent fraud.
  • To communicate service updates. Invoices. Security notices.
  • To comply with legal obligations and authorised law-enforcement requests.

We do not sell personal data. We do not use your engagement data to train public models.

4. Processors and Subprocessors

We share data only with vetted processors who act on our instructions:

  • Razorpay Software Private Limited: payments (India).
  • Stripe, Inc.: payments (US / EU).
  • Cloud infrastructure providers for hosting and storage.
  • Model inference providers used for automated reasoning (engagement prompts and responses only, never account secrets).

5. Data Retention

Account data is retained while your account is active and for up to 12 months after closure. Engagement artefacts are retained for the duration of your subscription or for any legal-hold period you specify. Invoice records are retained for the period required by Indian tax law (currently 8 years).

6. Security

We apply encryption in transit (TLS 1.2+). Encryption at rest. Role-based access control. Least-privilege credentials. Audit logging. Evidence artefacts are integrity-sealed with modern public-key signatures so every report is independently verifiable.

7. Your Rights

Subject to applicable law (including the DPDP Act 2023 in India and GDPR in the EU), you may access. Correct. Export. Delete your personal data. Object to or restrict certain processing. Contact admin@dxsense.com to exercise these rights.

8. International Transfers

Data may be processed outside India. Where required, we rely on Standard Contractual Clauses or equivalent safeguards with our processors.

9. Cookies

We use strictly-necessary cookies for authentication. Session management. Optional cookies for anonymous usage analytics. You can disable non-essential cookies in your browser.

10. Changes to this Policy

We will post updates to this page. For material changes we notify registered users by email at least 14 days before the change takes effect.

11. Contact

Grievance Officer: admin@dxsense.com. We respond to verified requests within 30 days.