Privacy Policy

RAIDSEC is an Exposure Intelligence platform in pre-launch. We act as controller of the data we process to operate the service.

This policy describes how we collect, use, share and protect personal data and client data in compliance with Brazilian Law No. 13.709/2018 (LGPD).

Operator user registration data: name, corporate email, role (RBAC) and authentication credentials.

Client (tenant) data: company name, declared scope (domains, brands, targets), related entities and operational settings.

Public data discovered by the platform about the tenant scope: DNS records, certificates (Certificate Transparency), WHOIS/RDAP, web fingerprints, OSINT signals.

Technical usage data: access logs, audit events, operational metrics and minimal telemetry to sustain the service.

Provide the contracted service: external surface discovery, exposure analysis, scorecard generation, reports and the Signal Feed operational flow.

Operate platform security: authentication, authorization (RBAC), audit trail, anomalous-use detection.

Comply with legal obligations and respond to requests from competent authorities when applicable.

Communicate operational updates, contractual changes and notices relevant to the service.

Contract performance: to deliver the service to the client who contracted it.

Legitimate interest: for operation, platform security and passive discovery over the client-declared scope.

Compliance with legal obligation: when required by law or competent authority.

Consent: when applicable and expressly requested.

We do not sell personal data to third parties.

Essential subprocessors (infrastructure provider, monitoring and transactional email) are contractually required to process data per this policy and the LGPD.

The list of active subprocessors can be requested from the Data Protection Officer.

RAIDSEC automated discovery uses public sources only (OSINT-grade): DNS queries, Certificate Transparency, WHOIS/RDAP, passive web fingerprints and public intelligence providers.

We do not perform intrusive scans, vulnerability exploitation or authenticated access without explicit contractual authorization from the client.

Client data is retained while the contractual relationship is active, plus the minimum period required to meet legal obligations.

The client may request deletion, anonymization or portability of their data at any time by contacting the Data Protection Officer.

Operational backups follow a documented rotation cycle and are purged per the retention policy.

Multi-tenant isolation by tenant_id across all data layers.

Encryption in transit (TLS) and at rest for the database and backups.

Role-based access control (RBAC), with clear separation between operation, read and administration.

Audit trail of sensitive actions with actor, scope, timestamp and context.

Continuous platform security review program, especially during the pre-launch phase.

Under the LGPD, the data subject may exercise the following rights: confirmation of processing, access to data, correction of incomplete or outdated data, anonymization or blocking, portability, deletion, information about sharing and withdrawal of consent.

To exercise any of these rights, simply contact the Data Protection Officer at the email below.

We use strictly necessary cookies for authentication and application functioning.

We do not use third-party cookies for advertising profiling on the institutional site or the workspace.

For any request related to personal data, LGPD or this policy, the official channel is contato@raidsec.com.br.

Every request is logged and answered within the timeframe set by applicable law.

This policy may be updated to reflect changes in the service, legislation or operational practices.

The current version is always available on this page, with the last-updated date shown at the top.

This policy is governed by the laws of the Federative Republic of Brazil. Any disputes will be settled in the competent jurisdiction of the data subject's domicile or per a specific contractual agreement.