All our legal documents and policies in one place. Transparency and trust are the foundation of everything we do.
The agreement governing use of FindTheBreach services.
Read →How we collect, use, and protect your personal data.
Read →Our cookie practices and your consent choices.
Read →Our commitments under the EU General Data Protection Regulation.
Read →Controller/processor framework for data handling.
Read →Rules and restrictions for using our scanning platform.
Read →How to cancel your subscription and request refunds.
Read →Uptime commitments, response times, and remedies.
Read →Report security vulnerabilities and earn rewards.
Read →Acknowledgments for open-source tools integrated into our platform.
Read →Business Associate Agreement for healthcare customers.
Read →Frequently asked questions about security, legality, and compliance.
Read →Security architecture, compliance frameworks, and data handling practices.
View →Our formal process for identifying, containing, and recovering from security incidents.
View →Our formal process for restoring platform operations after a disruptive incident.
View →Detailed response procedures for data breaches, unauthorized access, DDoS, credential compromise, and third-party vendor incidents.
View →Real-time service health, uptime monitoring, and system metrics.
View →Our commitment to WCAG 2.1 AA accessibility standards and inclusive design.
View →GDPR Article 30 structured records of all personal data processing activities.
View →GDPR Article 35 DPIA for vulnerability scanning as a data processing activity.
View →GDPR Article 28 third-party data processor transparency list with change log.
View →Rate limits, authentication, SLAs, and usage policies for our security scanning API.
View →Formal security policies aligned with SOC 2 CC1, ISO 27001 Annex A, and enterprise audit requirements.
Enterprise information security policy covering access control, encryption, monitoring, and incident management.
View →RBAC, authentication, MFA, API key governance, and privileged access review aligned with SOC 2 CC6 and PCI DSS Req 7.
View →Formal change control procedures for platform modifications, aligned with SOC 2 CC8 and ITIL best practices.
View →Data categorization framework defining sensitivity levels, handling requirements, and access controls.
View →Formal risk identification, scoring, and treatment methodology aligned with SOC 2 CC3, ISO 27001, and NIST CSF.
View →Ethical principles, professional standards, confidentiality obligations, and disciplinary process for all team members. SOC 2 CC1.
View →If you have questions about any of our policies or need specific legal documentation, our team is here to help.
Contact Us