Privacy Policy

Last updated: April 2, 2026

1. What We Collect

Adversec collects only what is necessary to provide our adversarial testing service:

• Account information — email address and name (if you sign in via Google)
• API keys — hashed (SHA-256), never stored in plain text
• Usage logs — which API endpoints you call, timestamps, and approximate token consumption for quota tracking
• Test data — descriptions of agents you submit for testing, generated test cases, and run results

2. What We Don't Collect

We do not collect, and you should never send through our service:

• Actual customer PII or payment card information
• Production database credentials or secrets
• Any data unrelated to adversarial testing of your own AI agents

3. How We Use Your Data

Your data is used solely for:

• Generating adversarial test cases tailored to your agent
• Executing tests against endpoints you specify
• Calculating vulnerability scores and generating reports
• Enforcing usage quotas and preventing abuse

We do not sell, rent, or share your data with third parties. The LLMs we use (via OpenRouter) process test generation prompts, but no customer-identifiable information is included in LLM prompts.

4. Test Data and Privacy

When you run a test suite against an endpoint, our system sends adversarial inputs to and receives outputs from that endpoint. We store:

• The adversarial inputs we generated
• The raw outputs received from your endpoint (truncated to 500 characters)
• The scoring analysis and verdict for each test

You can delete test suites and run results at any time.

5. Data Retention

Test suites and run results are retained for the duration of your active subscription plus 30 days. After account deletion, all associated data is permanently removed within 30 days. Usage logs (anonymized, no identifiable information) may be retained for analytics.

6. Security

We use industry-standard security practices:

• API keys are hashed with SHA-256 before storage
• All API traffic is encrypted in transit (HTTPS/TLS)
• Access to user data is restricted to authorized personnel only
• Regular security audits of our infrastructure

7. Your Rights

You have the right to:

• Access, export, or delete your personal data at any time
• Revoke API keys and terminate your account
• Opt out of any non-essential data processing
• Request a copy of all test data we hold for your account

Contact us at privacy@adversec.io to exercise these rights.

8. Children's Privacy

Adversec is not designed for or marketed to individuals under 18. We do not knowingly collect personal information from minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Adversec dashboard. Your continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

For questions about this Privacy Policy, contact: privacy@adversec.io