Privacy Policy

1. Introduction

Exploitless ("Exploitless", "we", "us", or "our") is a cybersecurity company specialising in smart contract audits, blockchain security, and advanced offensive security services.

We are committed to protecting the privacy, confidentiality, and security of all personal and technical information entrusted to us.

This Privacy Policy explains how we collect, use, process, store, disclose, and safeguard information when you:

  • Visit exploitless.com
  • Request our services
  • Enter into an audit or security engagement
  • Communicate with our team
  • Submit project materials or documentation

By using our website or services, you agree to the practices described in this Privacy Policy.

2. Scope of Policy

This Privacy Policy applies to:

  • Clients and prospective clients
  • Website visitors
  • Business partners
  • Job applicants
  • Contractors and collaborators

It covers both personal data and confidential technical data shared with Exploitless.

3. Information We Collect

We collect only the information necessary to operate professionally, securely, and lawfully.

3.1 Information You Provide Voluntarily

This may include:

Identity & Contact Data

  • Full name
  • Company name
  • Email address
  • Phone number
  • Telegram / Discord / communication handles

Business & Project Data

  • Project descriptions
  • Security requirements
  • Engagement scope
  • Budget ranges

Audit Materials

  • Smart contract source code
  • Git repositories
  • Architecture diagrams
  • Documentation
  • Deployment addresses
  • Internal technical files

You provide this information when you:

  • Contact us
  • Request a quote
  • Sign an agreement
  • Submit repositories or documentation
  • Engage our services

3.2 Information Collected Automatically

When you visit exploitless.com, we may collect:

  • IP address
  • Browser type & version
  • Device type
  • Operating system
  • Pages visited
  • Time/date of visits
  • Referring URLs

This data is used strictly for:

  • Website security
  • Performance monitoring
  • Abuse prevention
  • Traffic analytics

We do not use invasive behavioural tracking.

4. Sensitive & Confidential Technical Data

Due to the nature of our services, we may receive highly sensitive materials, including:

  • Smart contract codebases
  • Proprietary algorithms
  • Financial logic systems
  • Security architectures
  • Infrastructure diagrams
  • Internal tooling
  • Exploit scenarios

All such materials are treated as strictly confidential, regardless of whether a Non-Disclosure Agreement (NDA) is signed.

We:

  • Do not sell confidential data
  • Do not share it externally
  • Do not use it for marketing without written consent
  • Restrict access internally on a need-to-know basis

5. How We Use Information

We use collected data to:

  • Deliver smart contract audits
  • Conduct penetration testing & security reviews
  • Produce technical reports
  • Communicate during engagements
  • Manage contracts & billing
  • Improve service delivery
  • Maintain internal records
  • Comply with legal obligations
  • Prevent fraud or abuse

We do not use your data for automated decision-making or profiling.

6. Legal Basis for Processing (GDPR)

Where GDPR applies, we process data under:

  • Contractual necessity
  • Legitimate business interests
  • Legal obligations
  • User consent (where required)

You may withdraw consent at any time where processing relies on consent.

7. Data Sharing & Disclosure

We do not sell or rent personal or project data.

We may disclose information only:

  • To authorised internal team members
  • To vetted contractors bound by confidentiality
  • When required by law or court order
  • To protect legal rights or safety
  • With your explicit written consent

All collaborators operate under strict confidentiality agreements.

8. International Data Transfers

As a global cybersecurity firm, data may be processed in jurisdictions outside your country.

Where transfers occur, we implement safeguards such as:

  • Contractual confidentiality clauses
  • Access restrictions
  • Secure storage protocols
  • Industry-standard encryption

9. Data Retention

We retain data only as long as necessary to:

  • Fulfil contractual obligations
  • Deliver reports
  • Maintain audit records
  • Comply with legal requirements
  • Resolve disputes

Upon request, we may:

  • Delete data
  • Anonymise records
  • Return submitted materials

Subject to legal and contractual retention obligations.

10. Data Security Measures

Security is central to our operations.

We implement industry-standard technical and organisational safeguards, including:

  • Role-based access control
  • Least-privilege principles
  • Encrypted communications
  • Secure repository handling
  • Segregated storage environments
  • Internal confidentiality policies
  • Device security protocols

However, no digital system is 100% secure, and absolute security cannot be guaranteed.

11. Cookies & Tracking Technologies

We use minimal cookies strictly for:

  • Website functionality
  • Security protection
  • Basic analytics

We do not use:

  • Advertising trackers
  • Behavioural profiling
  • Cross-site tracking

You may disable cookies in your browser settings.

12. Third-Party Links

Our website may contain links to third-party sites.

We are not responsible for:

  • Their privacy practices
  • Security policies
  • Content accuracy

Users access external sites at their own discretion.

13. Children's Privacy

Our services are not intended for individuals under 18.

We do not knowingly collect personal data from minors.

If such data is identified, we will delete it promptly.

14. Your Privacy Rights

Depending on jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccuracies
  • Request deletion
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent

Requests can be submitted via the contact details below.

15. Confidentiality of Security Engagements

All audit and security engagements operate under strict confidentiality.

Unless explicitly authorised in writing or in the signed contract, Exploitless will not:

  • Publicly disclose client names
  • Publish audit findings
  • Share vulnerability details
  • Reference engagements in marketing

Client anonymity is respected by default.

16. Breach Notification

In the unlikely event of a data breach affecting your information, we will:

  • Investigate immediately
  • Contain the exposure
  • Notify affected parties where legally required
  • Implement remediation measures

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

Updates will be posted on this page with a revised effective date.

Continued use of our website or services constitutes acceptance of updates.

18. Contact Information

For privacy inquiries, data requests, or security concerns: