Detectify is GDPR compliant and maintains high information security standards in order to keep customer data secure and process and store personal data in compliance with applicable data protection regulations. 

Detectify acts as a data controller when processing personal data of its customers, e.g. when setting up a service account, and as data processor to the extent Detectify processes customer personal data in connection with providing the services. For further information on how we use customer personal data see our Privacy Policy. A DPA will be applicable for customer’s within the EU.

If you are contemplating on initiating security vulnerability scanning for your web applications but are concerned about the lawfulness of processing personal data in such context we wish to highlight recital 49 in the GDPR. Recital 49 suggests that the processing of personal data for the purposes of ensuring that your networks and information systems are secure and protected from malicious attacks constitutes a legitimate interest for you as a data controller.