Privacy Policy

How Pwned Labs collects, uses, and safeguards your information.

Last updated: 12 July 2026

Introduction

Welcome to Pwned Labs. This Privacy Policy is designed to help you understand how we collect, use, and safeguard your information. By using our services, you agree to the terms of this Privacy Policy.

1. General Information

  • Company Name: Pwned Labs
  • Purpose of Data Collection: To provide a service
  • Legal Basis for Data Processing: Necessary to provide the service

2. Data Collection

Types of Data Collected:

  • Personal Data: Such as name, email address, and contact details.
  • Financial Data: Collected through a third-party for payment processing.
  • Location Data: To enhance service delivery.
  • Cookies and Tracking Data: For analytics and user experience improvement.

Methods of Data Collection:

  • Through Forms: Such as sign-up and contact forms.
  • Automatically: Through cookies and other tracking technologies.
  • Third-Party Services: Such as payment processors and analytics providers.

Responsible for Data Collection: The company is responsible for all data collection activities.

Direct or Third-Party Data Collection: Data may be collected both directly and through third parties.

3. Data Usage

We use the collected data for:

  • Delivering and Improving the Service: To provide features and perform essential functions.
  • Managing Payments: Through third-party payment processors.
  • Marketing: To send you promotional materials, if you have opted in.

Data Sharing with Third Parties:

  • HubSpot: personal, contact, and cookie data, for product communication and marketing.
  • Recurly: personal, contact, and usage data, for processing of payments.

Data Usage for Marketing or Analytics: We use and store some data for analytics and marketing purposes.

4. Data Storage and Security

Data Storage Location: Data is stored in secure servers located in Europe.

Data Security: Data is encrypted in transit using TLS and encrypted at rest. Access to production systems is restricted to authorised personnel on a least-privilege basis, protected by multi-factor authentication, and logged.

Data Retention: Data is retained ongoing while the user subscribes, for 1 year after the user ends the subscription, or earlier if a "Right to be Forgotten" request is raised.

Data Breach Procedures: In the unfortunate event of a data breach, Pwned Labs will take the following steps as outlined by GDPR:

  • Immediate Containment: We will work to immediately contain the breach to prevent further unauthorized access or data loss.
  • Internal Investigation: We will initiate an internal investigation to understand the scope, cause, and impact of the breach.
  • Notification to Authorities: We will promptly notify the relevant data protection authorities, such as the Information Commissioner's Office (ICO), within 72 hours of becoming aware of the breach, as required by law.
  • Notification to Affected Users: We will inform affected users about the breach, the type of data that was compromised, and any actions they should take to protect themselves, such as changing passwords.
  • Remedial Actions: We will take steps to address the vulnerability that led to the data breach and implement additional security measures to prevent future breaches.
  • Ongoing Monitoring: We will continue to monitor the situation and may provide updates to affected users and authorities as new information becomes available.
  • Post-Incident Review: After the situation has been resolved, we will conduct a post-incident review to assess the effectiveness of our response and make necessary adjustments to our security protocols.

5. User Rights

You have the right to:

  • Access: View the data we have on you.
  • Rectification: Update or correct your information.
  • Erasure: Request deletion of your data.
  • Data Portability: Request a copy of your data.

To exercise these rights, please contact hi@pwnedlabs.io.

6. Consent

Consent is obtained during the sign-up process and through the acceptance of cookies. You may withdraw your consent at any time.

7. International Data Transfers

We do not transfer data internationally.

8. Children's Privacy

Our services are not intended for use by children.

9. Updates and Changes

We may update this Privacy Policy from time to time. You will be notified of any changes through email.

10. Contact Information

For any privacy-related concerns, please contact hi@pwnedlabs.io.

11. Compliance

General Data Protection Regulation (GDPR): Pwned Labs is committed to complying with the GDPR, which applies to our European users. Here are some of the ways we ensure compliance:

  • Data Minimization: We collect only the data that is necessary for the purposes stated in this Privacy Policy.
  • Consent: We obtain explicit consent from users for data collection and processing, as outlined in Section 6.
  • User Rights: We respect the rights of users to access, rectify, erase, and port their data, as described in Section 5.
  • Data Protection: We implement robust security measures to protect user data, as outlined in Section 4.
  • Data Breach Notification: In case of a data breach, we follow stringent procedures to notify affected parties and authorities, as detailed in Section 4.
  • Legal Basis for Processing: Our legal basis for processing user data is to provide the services described in this Privacy Policy.
  • Data Protection Officer: We have appointed a Data Protection Officer to oversee our GDPR compliance. For inquiries, please contact hi@pwnedlabs.io.

California Consumer Privacy Act (CCPA): Pwned Labs also complies with the CCPA, which applies to residents of California, USA. Our compliance measures include:

  • Transparency: We clearly disclose the types of data we collect, how it is used, and with whom it is shared.
  • User Rights: We respect the rights of California residents to access, delete, and opt-out of the sale of their personal information.
  • Data Security: We take reasonable measures to protect the personal information of California residents.
  • Opt-Out Options: While we do not sell personal information, we provide mechanisms for users to control how their data is used.
  • Annual Review: We conduct an annual review of our privacy practices to ensure ongoing compliance with CCPA.
  • Contact for CCPA Inquiries: hi@pwnedlabs.io.

12. Miscellaneous

Dispute Resolution: Any disputes arising out of or related to this Privacy Policy or our services will be resolved through arbitration, in accordance with the rules of the London Court of International Arbitration (LCIA). Arbitration will take place in London, United Kingdom. If arbitration is not possible, disputes will be handled in a court of competent jurisdiction in London, United Kingdom.

Governing Law: This Privacy Policy is governed by the laws of England and Wales, without regard to its conflict of laws principles.

Severability: If any provision of this Privacy Policy is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Privacy Policy will otherwise remain in full force and effect.

Changes to the Policy: We reserve the right to change this Privacy Policy at any time. Any changes will be posted on this page with an updated revision date. Users will be notified of any changes through email, as stated in Section 9.

This Privacy Policy is subject to change. Please review it regularly.