Last updated: May 7, 2025 

This privacy policy (“Privacy Policy”) governs how Pentera Security Ltd., together with its affiliates (together, “Pentera” “we”, “our” or “us”), use, collect and store Personal Data we collect or receive from or about you (“you”) in connection with your use of the Pentera website, any other website owned or operated by Pentera, any portal, webinar and other services we may offer (collectively, the “Services”).

Please read this Privacy Policy carefully, so you can understand our practices and your rights in relation to Personal Data. We respect your privacy. Therefore, we make every effort to ensure that our Services adhere to the highest privacy standards. “Personal Data” or “Personal Information” have the meanings ascribed to them by applicable privacy laws. Nothing in this Privacy Policy is intended to limit in any way your statutory rights, including your rights to a remedy or means of enforcement.

Table of contents:
1. What information we collect, why we collect it, and how it is used
2. How we protect and retain your Personal Data
3. How we share your Personal Data
4. Transfers of Personal Data
5. Your privacy rights. How to delete your account
6. Use by children
7. Interaction with third party products
7. Information for california residents
8. Contact us

This Privacy Policy can be updated from time to time in our sole discretion and, therefore, we ask you to check back periodically for the latest version of this Privacy Policy. If we implement significant changes to the use of your Personal Data in a manner different from that stated at the time of collection, we will notify you by posting a notice on our Website or by other means.

1. WHAT INFORMATION WE COLLECT, WHY WE COLLECT IT, AND HOW IT IS USED

  • When you browse our website https://www.pentera.io/ (“Website”) or use our Services, we may use analytics tools, cookies and log files in our Services which may collect information such as IP address and pages clicked. Please see our Cookie Policy for further information about how and why we use cookies.

    • Purposes for which we use the Personal Data: To analyze trends and behavior, maintain and improve the Services and marketing and promotional efforts. We may disclose this information to third party platforms.
    • Third parties with whom we share the Personal Data: We share Personal Data with our affiliates, including our subsidiaries. We share Personal Data with third parties in a variety of circumstances. We take steps to ensure that these third parties use Personal Data only to the extent necessary to perform their functions. These third parties include business partners, service providers, suppliers, agents and sub-contractors. They assist us in providing the Services, processing transactions, fulfilling requests for information, receiving and sending communications, analyzing data, providing IT and other support services or in other tasks. These third parties also include analytics and search engine providers that assist us in the improvement and optimization of our website and our marketing. You may request a list of relevant third-party sub-processors at any time by sending us an email to [email protected].
    • Legal basis (only applicable for people in the EU or UK): Consent (e.g. for non-essential cookies, to the extent required by applicable law) and legitimate interest (e.g. essential cookies for the services to work).
  • When you submit information via our Website forms (e.g., contact us form, request a demo, register for an event).

    • We collect the following categories of Personal Data: Full name, phone number, email address, business name, job position, country, comments/messages (for example, in our Website forms), as well as any other Personal Data that you decide to provide/supply us with when you communicate with Pentera (via email, Website and/or telephone).
    • Purposes for which we use the Personal Data: To answer your questions; and to provide further information to the extent requested. To allow you to download an asset. To provide and operate the Website. To respond to your questions, comments, and other requests for ongoing customer assistance, technical support and maintenance of the Website. To further develop, customize and improve our Website based on users’ preferences, experiences and difficulties. To communicate with you and contact you to obtain feedback from you regarding the Website. To establish a business relationship with you.
    • Third parties with whom we share the Personal Data: We share Personal Data with our affiliates, including our subsidiaries. We share Personal Data with third parties in a variety of circumstances. We take steps to ensure that these third parties use Personal Data only to the extent necessary to perform their functions. These third parties include business partners, service providers, suppliers, agents and sub-contractors. They assist us in providing the Services, processing transactions, fulfilling requests for information, receiving and sending communications, analyzing data, providing IT and other support services or in other tasks. These third parties also include analytics and search engine providers that assist us in the improvement and optimization of our website and our marketing. They also include service providers who may help prevent fraud, protect Pentera, its staff and its property, and assert our rights. You may request a list of relevant third-party sub-processors at any time by sending us an email to [email protected].
    • Legal basis (only applicable for people in the EU or UK): Performance of contract (or for the purposes of entering int a contract), legitimate interest (e.g. respond to a query sent by you, marketing purposes, prevent fraud etc.), and your consent, as appropriate.
    • Marketing communications: We will collect your full name and email address to send you marketing communications subject to your consent and for purposes of entering into a business relationship with you. We share these Personal Data with 3rd party platforms for the following purposes: (i) to intake, store, collate, and analyze the information you provided; (ii) to facilitate our response back to you; and (iii) to enter your information into an applicable relationship management system. You can unsubscribe from our marketing emails at all times by clicking the unsubscribe link at the bottom of the email.
  • When you subscribe to our distribution list(s) / newsletter(s).

    • We collect the following categories of Personal Data: Full name and email address.
    • Purposes for which we use the Personal Data: To send you marketing communications.
    • Third parties with whom we share the Personal Data: We may share Personal Data with third parties, such as business partners, for joint marketing purposes or our business partners’ (or our own) marketing purposes. You may request a list of relevant third-party sub-processors at any time by sending us an email to [email protected].
    • Legal basis (only applicable for people in the EU or UK): Consent and to enter into a business relationship including a contract.
  • When we collect and use Personal Data of our vendors, service providers, resellers and other partners.

    • We collect the following categories of Personal Data: Full name, email address, phone number, company name job position, payment information (to the extent that includes Personal Data) and any other category of Personal Data that you decide to share with us.
    • Purposes for which we use the Personal Data: To negotiate and execute the contract with you. To send you contract/service-related communications. To provide you with all of the relevant services as listed at Section 1(iii) above. To fulfill the purpose of the business relationship between our companies.
    • Third parties with whom we share the Personal Data: see above under paragraph (iii). In addition we engage third parties to collect and process payments. In addition to the Personal Data that such third parties collect directly in order to process payments, we may provide such third parties with your Personal Data to facilitate transactions. You may request a list of relevant third-party sub-processors at any time by sending us an email to [email protected].
    • Legal basis (only applicable for people in the EU or UK): Processing is necessary for the performance of a contract to which our customer is a party; compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.); legitimate interest (e.g. send you contract-related communications); and consent (e.g. discussing, negotiating, and entering into a business relationship).
  • When we collect and use Personal Data of our customers’ representatives.

    • We collect the following categories of Personal Data: Full name, email address, phone number, company name job position, payment information (to the extent that includes Personal Data) and any other category of Personal Data that you decide to share with us.
    • Purposes for which we use the Personal Data: To provide our Services; to perform the applicable agreement; to communicate with you for service-related communications. To provide, negotiate, and execute the Services, as well as to provide the services detailed in the contract between Pentera and the customer. To effect and process payment for the Services rendered. To provide technical support or troubleshooting related to the Services provided. To communicate with you for contract-related matters and to contact you to obtain feedback or follow up information about the provision of Services. To enforce our terms of use, policies and other contractual arrangements and rights, to comply with court orders and warrants, and prevent misuse of the Website, and to take any action in any legal dispute and proceeding.
    • Third parties with whom we share the Personal Data: see above under paragraph (ii). We also engage third parties to collect and process payments. In addition to the Personal Data that such third parties collect directly in order to process payments, we may provide such third parties with your Personal Data to facilitate transactions. You may request a list of relevant third-party sub-processors at any time by sending us an email to [email protected].
    • Legal basis (only applicable for GDPR): Processing is necessary for the performance of a contract to which our customer is a party; compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.); legitimate interest (e.g. send you contract-related communications); and consent (e.g. discussing, negotiating, and entering into a business relationship).
  • When you attend a marketing event and provide us with your Personal Data and/or you give us your business card.

    • We collect the following categories of Personal Data: Full name, email address, company name, job title, phone number, any other Personal Data you decide to provide/supply us with.
    • Purposes for which we use the Personal Data: To establish a business connection. To send you marketing communications.
    • Third parties with whom we share the Personal Data: We may share Personal Data with third parties, such as service providers, affiliates, and business partners. You may request a list of relevant third-party sub-processors at any time by sending us an email to [email protected].
    • Legal basis (only applicable for people in the EU or UK): Consent for marketing communication such as newsletters, and legitimate interest for other forms of communication and marketing.
    • Marketing communications: We will collect your full name and email address to send you marketing communications subject to your consent. We process these Personal Data using service providers. If you do not provide us with the data, we cannot send marketing communications. You can unsubscribe to our marketing emails at all times by clicking the unsubscribe option in each such email.
  • When we acquire your Personal Data from third-party sources (such as lead-generation companies).

    • We collect the following categories of Personal Data: Full name, email address, phone number, company name job position, and any other category of Personal Data that you decided to share with the third party.
    • Purposes for which we use the Personal Data: To establish a business connection. To send you marketing communications. To consider you as a candidate for a current or future open position at our company.
    • Third parties with whom we share the Personal Data: We share Personal Data with our affiliates, including our subsidiaries. We share Personal Data with third parties in a variety of circumstances. We take steps to ensure that these third parties use Personal Data only to the extent necessary to perform their functions. These third parties include business partners, service providers, suppliers, agents and sub-contractors. They assist us in providing the Services, processing transactions, fulfilling requests for information, receiving and sending communications, analyzing data, providing IT and other support services or in other tasks including those related to candidacy and interview functions. These third parties also include analytics and search engine providers that assist us in the improvement and optimization of our website and our marketing. They also include service providers who may help prevent fraud, protect Pentera, its staff and its property, and assert our rights. You may request a list of relevant third-party sub-processors at any time by sending us an email to [email protected].
    • Legal basis (only applicable for people in the EU or UK): Legitimate interest, to discuss and enter into a business or employment relationship with you or the company you represent.
  • When we interact with you on social media platforms.

    • We collect the following categories of Personal Data: Full name, email address, company name, job title, phone number, any other Personal Data you have made public as part of your social media profile or that you decide to share with us.
    • Purposes for which we use the Personal Data: To establish a business connection. To send you marketing communications. To consider you as a candidate for a current or future open position at our company.
    • Third parties with whom we share the Personal Data: We may share Personal Data with third parties, such as service providers, affiliates, and business partners. You may request a list of relevant third-party sub-processors at any time by sending us an email to [email protected].
    • Legal basis (only applicable for people in the EU or UK): Consent for marketing communication such as newsletters, consent for job application processing, and legitimate interest for other forms of communication and marketing.
  • When we process your job application.

    • We will collect, use, process, share and retain your Personal Data as described in the Pentera Candidate Privacy Policy linked to within the job application.

Personal Data may also be used to comply with applicable laws, to comply with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims. In certain cases, we may or will anonymize or de-identify your Personal Data and further use it for internal and external purposes, including, without limitation, to improve the Services and for research purposes. “Anonymous Information” means information which does not enable identification of an individual user, such as aggregated information about the use of our Services. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our Services and enhance your experience with them).

  1. HOW WE PROTECT AND RETAIN YOUR INFORMATION

    1. 2.1 Security. We have implemented appropriate administrative, technical, and organizational security measures designed to protect your Personal Data. For example, Pentera obtains SOC 2 Type II and ISO 270001 audits and certifications on a regular basis. However, please note that we cannot guarantee that the information will not be compromised as a result of unauthorized access to our servers. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.
    2. 2.2 Retention of your Personal Data. We retain your Personal Data only as long as is necessary for the purposes for which it was collected, to reserve and enforce our rights, and as required by law or regulation. Your Personal Data will be stored until we delete the record and we proactively delete it in accordance with our retention policy, or when we receive a valid deletion request from you. Please note that in some circumstances we may store your Personal Data for longer periods of time, including for the following reasons, which may supersede a deletion request you send to us: (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings.
    3. 2.3 Processing of Personal Data. When we share your Personal Data with a sub processor, we enter into a valid data processing agreement with that third party governing their access and use of your Personal Data.

  2. HOW WE SHARE YOUR PERSONAL DATA

    In addition to the recipients described above, we may share your Personal Data as follows.

    1. 3.1 With our business partners with whom we jointly offer products or services. We will also share Personal Data with our affiliated companies.
    2. 3.2 To the extent necessary, with regulators, courts or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order;
    3. 3.3 In the event that we are acquired by, or merged with, a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, disclose or assign your Personal Data in connection with the foregoing events, including, in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, public offering, or acquisition of all or a portion of our business by or to another company;
    4. 3.4 With social media platforms, for the purposes listed under Section 1(viii) above; and/or
    5. 3.5 Where you have provided your consent to us sharing or transferring your Personal Data (e.g., where you provide us with marketing consents or you opt-in to optional additional services or functionality).

  3. TRANSFERS OF PERSONAL DATA

    1. 4.1 Internal transfers: Transfers within the Pentera group will be covered by an internal processing agreement (including the Standard Contractual Clauses issued by the European Commission when relevant) entered into by members of the Pentera group (an intra-group data processing agreement) which contractually obliges each member to ensure that Personal Data receives an adequate and consistent level of protection wherever it is transferred to.
    2. 4.2 External transfers: Where we transfer your Personal Data to third parties outside of EU/EEA (for example to third parties who provide us with services), we will obtain contractual commitments from them to protect your Personal Data. When Pentera engages in such transfers of personal information, it relies on i) Adequacy Decisions as adopted by European Commission on the basis of Article 45 of Regulation (EU) 2016/679 (GDPR) (in particular, for Israel), or ii) Standard Contractual Clauses issued by the European Commission (in particular, for the USA or elsewhere). Pentera also continually monitors the circumstances surrounding such transfers in order to ensure their continued compliance with the requirements of GDPR.

  4. YOUR PRIVACY RIGHTS. HOW TO DELETE YOUR ACCOUNT

    1. 5.1 Rights: The following rights (which are subject to certain exemptions or derogations in applicable law) shall apply to certain individuals (some of which only apply to personal data protected by the GDPR):

      • You have a right to access Personal Data held about you. Your right of access may normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
      • You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading;
      • You have the right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise or defense of legal claims;
      • You have the right to object to, or to request restriction, of the processing;
      • You have the right to data portability. This means that you have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
      • You have the right to object to direct marketing;
      • When we process your Personal Data on the basis of your consent, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal or our ability to comply with legal and regulatory obligations;
      • You also have a right to request certain details of the basis on which your Personal Data is transferred outside the European Economic Area, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality;
      • You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement). We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.
    2. 5.2 You can exercise your rights by contacting us at [email protected]. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing or executing your request. We may charge a fee for exercise of these rights, where permitted by law, for instance if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others, we may not fulfil your request, all in accordance with applicable law.

  5. USE BY CHILDREN

    We do not offer our products or services for use by children and, therefore, we do not knowingly collect Personal Data from, and/or about children under the age of sixteen (16). If you are under the age of sixteen (16), do not provide any Personal Data to us. In the event that we become aware that a child under age sixteen (16) has provided us their personal data, we will delete it. If you believe that we might have any such information, please contact us at [email protected].

  6. INTERACTION WITH THIRD PARTY PRODUCTS

    We enable you to interact with third party websites, mobile software applications and products or services that are not owned or controlled by us (each a “Third Party Service”). We are not responsible for the privacy and other practices or the content of such Third Party Services. Please be aware that Third Party Services can collect Personal Data from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service.

    We also use Third Party Targeting and/or Pixel services. Such services may use cookies or similar technologies to collect or receive Personal Data from our website and may use that Personal Data to provide aggregated analytics related to the performance of our marketing campaigns and/or to enhance our marketing targeting functionality. You have the right to opt out to the collection and sharing of your Personal Data with such third parties in compliance with applicable data protection laws. To exercise this right, please contact us at [email protected].

  7. INFORMATION FOR CALIFORNIA RESIDENTS

    If you are a resident of California and to the extent applicable, the California Consumer Privacy Act (“CCPA”) requires us to provide you with additional information about: (1) how we use each category of “personal information” (as defined by the CCPA) that we collect; and (2) the categories of third parties to whom we (a) disclose personal information for business purposes, (b) “share” personal information for “cross-context behavioral advertising,” and/or (c) “sell” such personal information. According to the CCPA, “sharing” refers to targeting ads based on personal information gathered from a consumer’s activity across different websites, while “selling” refers to disclosing personal information to third parties in exchange for money or other valuable benefits. If we hold personal information about you that falls under the CCPA, and you are a California resident, you have certain rights regarding this data.

    • Right to Know: You have the right to request that we disclose certain information about our collection and use of your personal information over the past twelve months. Once we receive and confirm your verifiable consumer request, we will disclose to you: (i) categories of personal information collected; (ii) categories of sources for the personal information collected; (iii) categories of personal information disclosed for a business or commercial purpose; (iv) the purposes for collecting, selling, or sharing personal information; (v) categories of third parties with whom your personal information was shared; (vi) specific pieces of personal information we collected for portability reasons.
    • Right to Delete: You have the right to request that we delete the personal information that we collected from you and retain, subject to certain exceptions. Once we receive and verify your request, we will delete your personal information from our records, unless an exception applies.
    • Right to Correct: You have the right to correct or amend the personal information we have on file. You may correct or amend by logging into your account or by contacting us.
    • Right to Opt-Out of Sale or Sharing: You have the right to opt-out of the “sale” or “sharing” of your personal information.
    • Right to Limit the Use of Your Sensitive Personal Information: You have the right to limit the use of your “sensitive personal information” to the purposes outlined in Cal. Code Regs. tit. 11, § 7027(m) of the CCPA regulations.
    • Right to Non-discrimination: You have the right not to receive discriminatory treatment for the exercise of your privacy rights conferred by the CCPA.

  8. CONTACT US

    If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to contact us at [email protected].