Privacy Policy

Last updated: October 17, 2025

Introduction

PentestList ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

By using PentestList, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address (for authentication via magic link)
  • Display name (optional)
  • Username/handle
  • Profile bio and professional information (optional)
  • Social media links (optional)

User-Generated Content

We collect information you provide when using our platform:

  • Tool submissions and descriptions
  • Content submissions (articles, videos, podcasts)
  • Reviews and ratings
  • Upvotes and interactions
  • Comments and feedback

Automatically Collected Information

When you access our platform, we may automatically collect:

  • IP address and general location information
  • Browser type and version
  • Device information
  • Pages visited and time spent
  • Referral source

How We Use Your Information

We use the collected information for:

  • Account Management: Creating and maintaining your account, authentication, and profile customization
  • Platform Features: Enabling submissions, reviews, upvotes, kudos tracking, and leaderboard rankings
  • Communication: Sending magic link emails for authentication and important platform updates
  • Security: Detecting and preventing fraud, abuse, and unauthorized access
  • Improvement: Analyzing usage patterns to improve our platform and user experience
  • Legal Compliance: Complying with legal obligations and enforcing our terms

Information Sharing and Disclosure

Public Information

The following information is publicly visible on your profile:

  • Display name and username
  • Bio and professional information you choose to share
  • Social media links you add
  • Your submissions, reviews, and kudos score
  • Public activity on the platform

Your email address is never publicly displayed.

Third-Party Services

We may share information with trusted third-party service providers who assist us in:

  • Database hosting (Neon/PostgreSQL)
  • Application hosting (Vercel)
  • Email delivery for authentication
  • Analytics and performance monitoring

These providers are contractually obligated to protect your information and use it only for specified purposes.

Legal Requirements

We may disclose your information if required to:

  • Comply with legal obligations or court orders
  • Protect our rights, property, or safety
  • Investigate fraud or security issues
  • Enforce our Terms of Service

Data Security

We implement industry-standard security measures to protect your information:

  • Encryption of data in transit using HTTPS/TLS
  • Secure database with encryption at rest
  • Passwordless authentication using time-limited magic links
  • Regular security audits and updates
  • Access controls and principle of least privilege

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: View and download your personal information from your profile
  • Update: Edit your profile information at any time
  • Delete: Request deletion of your account and associated data
  • Opt-Out: Control what information you share publicly
  • Portability: Request a copy of your data in a machine-readable format

To exercise these rights or for privacy-related questions, please contact us at privacy@pentestlist.com

Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your authenticated session
  • Remember your preferences
  • Analyze platform usage and performance

You can control cookies through your browser settings. Disabling cookies may limit some platform functionality.

Children's Privacy

PentestList is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete such information promptly.

International Users

PentestList is operated from the United States. If you are accessing our platform from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.

By using PentestList, you consent to the transfer of your information to the United States and other countries where we operate.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

For material changes, we will provide notice through email or a prominent notice on our platform.

Contact Us

If you have questions or concerns about this Privacy Policy, please contact us: