Know what apps to scan? We do. Launching Asset Classification and Scan Recommendations.

Watch a 5-min product walkthrough Log in
Customer log in

Access Detectify tool

Crowdsource log in

Access Crowdsource platform

Detectify logo
Products & Solutions Resources Crowdsource Alfred AI Pricing About us
Start a trial Book a demo
Detectify AppSec platform
  • Platform overview

    A platform that provides evolving coverage across all your exposed assets

  • Surface Monitoring

    Discovery and vulnerability testing across the entire attack surface

  • Application Scanning

    Automatic scanning of web apps for business-critical vulnerabilities

  • Integrations

    Integrate Detectify with your security workflow

Solutions by use case
  • Attack surface protection

    Determine what actions to take for complete attack surface protection

  • Prevent subdomain takeover

    Find and manage subdomains to prevent hostile takeover

  • Scaling organizations

    EASM that scales alongside rapidly growing attack surfaces

  • Know what apps to scan

    9 out of 10 hackable apps are missed - cover what matters

Solutions by industry
  • Technology

    Solve common challenges faced by technology organizations

  • Consumer packaged goods

    Get more visibility and control over your digital products

  • Media & Gaming

    Manage digital transformation and secure what you're hosting in the cloud

  • Public Sector

    For agencies, higher education, and European governments

Start 2-week free trial Start 2-week free trial
Watch a demo Talk to sales
Detectify Crowdsource
  • What is Crowdsource?

    How Detectify customers benefit from our community of elite ethical hackers

  • Meet the community

    Meet some of our ethical hackers who come from all corners of the globe

  • Leaderboard

    See which ethical hackers are leading for the quarter, year, and all time

FOR ETHICAL HACKERS
  • Ethical hacking with us

    Learn what Crowdsource is and how we're not your average bug bounty platform

  • How Crowdsource works

    How to join, submission types, 0-day rewards, and payment information

  • Detectify Labs

    Technical and security research blog featuring write-ups and how to guides

  • Join Crowdsource

    Ready to join? Solve our Crowdsource Challenge and become part of our community

Start 2-week free trial
Watch a demo Talk to sales
Resource Center
  • All resources

    Explore case studies, webinars, e-books, whitepapers and videos

  • Case studies

    Learn how Detectify is an essential tool in these customer stories

  • Webinars

    Webinars and recordings to level up your AppSec knowledge

  • E-books & Whitepapers

    Browse and download e-books and whitepapers on AppSec and related topics

  • Events

    Register and browse for both online and in person events and webinars

  • Detectify Blog

    Read the latest product updates, news, industry insights and best practices

  • E-books & Whitepapers

    Browse and download e-books and whitepapers on AppSec and related topics

  • Events

    Register and browse for both online and in person events and webinars

  • Detectify Blog

    Read the latest product updates, news, industry insights and best practices

Trending Topics
  • External Attack Surface Management
  • Common attack vectors
Start 2-week free trial
Watch a demo Talk to sales
Products & Solutions Resources Crowdsource Alfred AI Pricing About us
Customer log in Crowdsource log in Book a demo
Products & Solutions
Platform overview Surface Monitoring Application Scanning Integrations
Solutions by use case Attack surface protection Prevent subdomain takeover Scaling organizations Know what apps to scan
Solutions by Industry Technology Consumer packaged goods Media & Gaming Public Sector
Start 2-week free trial
Watch a demo Talk to sales
Crowdsource
Detectify Crowdsource What is Crowdsource? Meet the community Leaderboard
For ethical hackers Ethical hacking with us How Crowdsource works Detectify Labs
Start 2-week free trial
Watch a demo Talk to sales
Resources
Resource Center All resources Case studies Webinars E-books & Whitepapers Events Detectify Blog
Trending Topics External Attack Surface Management Common attack vectors
Start 2-week free trial
Watch a demo Talk to sales

Privacy Policy

Last Updated: 23 June 2022

At Detectify, we respect your privacy and are committed to ensuring that your personal data is protected. This privacy policy sets out how Detectify AB, Swedish reg. no. 556985-9084, (“Detectify”, “we” or “us”) uses and protects the information that you provide to us when you use our external attack surface management services (the “Service”), as further described in our Terms of Use, and when you visit our website. This privacy policy governs your access to the Service (available through our website, APIs or third parties) regardless which part of the Service you are using.

Detectify is the data controller of any processing of your personal data, unless otherwise stated in this privacy policy. For the general terms and conditions applicable to our Service, please see our Terms of use.

THE TYPE OF DATA WE COLLECT

We collect your personal data when you (i) register a user account, (ii) use our Service, (iii) sign up as a Crowdsource-member, (iv) interact with us e.g. in support matters, via marketing activities or events, and/or (v) visit our website. Such personal data will include your name, e-mail address, telephone number, payment details, IP address, and other information that you voluntarily provide us. For more specific information on what type of personal data we collect in each processing activity, see below.

Your use of the Service will generate reports containing information regarding your website (i.e. the website that you choose to scan with the Service). All such reports generated as part of the Service will be stored by Detectify for the purpose of making the reports available to you. The reports may be deleted by you at any time. Such a report may include personal data, if the Service gets access to such data during security testing. On such occasions, Detectify acts as a data processor, acting on your behalf (and thus not as a data controller).

Below you can read more on the purpose and legal basis for our processing of the personal data we collect.

OUR PURPOSES, LEGAL BASES AND STORAGE PERIODS

User account

Purpose of processing: When you register a user account, we will process your personal data to provide and administrate that user account. If you have a shared account, please note that the administrator of the account may be able to e.g. access, disclose and change information connected to the account.

Categories of personal data: Name, website domain, e-mail address and billing related information.

Legal basis for processing: The processing is necessary for the performance of our contractual obligations towards you regarding the user account (since we have agreed to provide you with that).

Storage period: We store and process the personal data for as long as your user account is active, unless applicable laws or regulations obliges us to continue the processing for a longer period, e.g. accounting legislation.

Use of the Service

Purpose of processing: When you use the Service, we will process your personal data. This personal data will to some extent be automatically collected based on your use of the Service, in order for us to provide the Service to you in accordance with our agreement (including administering and personalizing your use of the Service).

Categories of personal data: IP-address, the website visited before you came to Detectify’s website, information on your search for the Detectify website, identification numbers associated with your devices, your mobile carrier, browser type local preferences, date and time stamps associated with your transactions, system configuration information, metadata concerning your files and other interactions with the Service.

Legal basis for processing: The processing of your personal data for this purpose is that it is necessary in order for us to deliver the agreed functionality of the Service to you. If you have registered an account on behalf of your employer, the legal basis for the processing is that it is necessary for our legitimate interest to conduct business with your employer.

Storage period: We store and process the personal data for the period necessary for us to be able to fulfill our contractual obligations, unless applicable laws or regulations obliges us to continue the processing. The storage period may thus vary depending on the term of the contract.

Crowdsource community

Purpose of processing: When you apply to become a crowdsource member and gain access to the web-based crowdsourcing platform, Detectify will process your personal data in order to administer your membership and provide you access to the platform.

Categories of personal data: The personal data processed for this purpose include your contact details, your application, and other type of information you provide us with. If you participate in interviews, the information collected in relation to such interviews may also be stored and processed by us (e.g. recordings).

Legal basis for processing: The data processing is necessary for the fulfillment of our contractual obligations regarding your membership, and the management of the crowdsourcing platform. The data processed during and in connection to any interview is based on our legitimate interest of improving our platform.

Storage period: The personal data processed is stored for as long as the original purpose for collecting the personal data remains valid.

Communication and support matters

Purpose of processing: When you interact with us via our website, social media or via our marketing activities, we process the personal data you provide us with in order to communicate with you and, if requested, provide support relating to our Service or website.

Categories of personal data: We will process the personal data you provide us with within the scope of the interaction, which typically includes your name, contact details and, if relevant, data related to the support matter.

Legal basis for processing: To the extent the support request is related to your use of the Service, the processing is necessary for the fulfillment of our contractual obligations regarding the provision of the Service. Processing of personal data in other types of interactions is based on our legitimate interest to communicate with you and/or provide you with support.

Storage period: We store and process your personal data for the period necessary for us to interact with you and provide the requested support. We may continue to store and use your data if we have any outstanding commitments to you, or if we are prevented from deleting them for other reasons (e.g. legal requirements or to safeguard our legal interests).

Marketing activities

Purpose of processing: We will process your personal data in order to send out direct marketing, event invitations and other types of commercial communications. In some cases, our direct marketing may be customized based on profiling, which means that we will customize the advertisement you receive based on information you provide to us, such as firmographics, role and expertise.

Categories of personal data: The personal data include your name and contact details as well as interests and expertise, website usage and on rare occasions meal preferences.

Legal basis for processing: The processing is necessary for our legitimate interests to maintain good customer relations and inform you about our business and services. If you are using our Service as a private individual (i.e. not acting on behalf of a company, as an employee or otherwise), any direct marketing activities will be subject to your consent.

Storage period: You may opt-out or unsubscribe from our commercial communications at any time. In such case we will no longer process your personal data for this purpose. Unless there is another legal basis for keeping your data (such as an active user account), we will also erase your personal data.

Analysis and improvements

Purpose of processing: We may use personal data to develop and improve our Service and/or our website by monitoring and analyzing your use, and when we request your feedback. For more information on our use of cookies on our website, see Cookie Policy.

Categories of personal data: During your use of the Service, we collect usage-based activity data (e.g. frequency of usage, activated functionality) to create an aggregated analysis of our customers’ usage pattern. When you visit our website, we will process e.g. IP-number and other pseudonymised data when possible. When we request and receive your feedback, we process your name, contact details, customer ID, user behavior and support data.

Legal basis for processing: For data collected via cookies in our Service or on our website, the legal basis for the processing is your consent provided to us in our cookie banner. As for data processing within the scope of feedback, the legal basis is our legitimate interest to develop and improve our Service.

Storage period: We process your personal data for the period necessary for us to fulfill the purpose. We will anonymize all personal data where this is technically possible. When your personal data has been anonymized, it will no longer be considered personal data under applicable data protection laws.

SHARING OF YOUR PERSONAL DATA AND INTERNATIONAL TRANSFERS

To fulfill the purposes described above, Detectify may need to share personal data with our suppliers when they perform services on our behalf. Such suppliers mainly provide us with IT systems and communication, support, maintenance, and/or storage services. These suppliers act as our data processors when they get access to your personal data and we have entered into data processing agreements with each supplier with the purpose of ensuring that your data is well protected.

We also share your personal data with certain trusted third-party companies which will act as controllers of your personal data. Such controllers mainly provide us with payment and/or billing services. When your personal data is shared with other controllers, they will be responsible for your personal data and we refer to them for more information on how they process your personal data. We may need to disclose personal data based on requirements in applicable laws or by government authorities or law enforcement.

Personal data may be disclosed and otherwise transferred to an (whether actual or prospective) acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient commits to a privacy policy that has terms substantially consistent with this privacy policy. Although we would make any reasonable effort to limit the disclosure, such disclosure could potentially include all of the above mentioned categories of personal data, and would be based on the legitimate interest of the buyer and seller to conduct business. We will make sure to inform you if any such asset transfer entails that Detectify AB is replaced as controller of your personal data.

The data processors and/or the third parties that we share the data with may process your data in countries outside of the EU/EEA (more specifically in the USA). Any transfer of personal data outside the EU/EEA is made in accordance with applicable data protection laws. Our international transfers of personal data (including transfers to our group companies and suppliers outside the EU/EEA) are based on the EU Commission’s standard contractual clauses and, if necessary, any supplementary measures to ensure the protection of your data. You may find the EU Commission’s standard contractual clauses here (link: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en).

YOUR RIGHTS

You are entitled to the following rights under applicable data protections laws:

  • The right to access: You are entitled to receive certain information on our processing of your personal data. Such information is provided in this information document. Further, you have the right to receive a copy of the personal data we process relating to you. Upon request, we will provide a copy of your personal data in a commonly used electronic form.

  • The right to rectification: You are entitled to obtain rectification of inaccurate personal data and to have incomplete personal data completed.

  • The right to erasure (“right to be forgotten”): You may under certain circumstances request us to delete your personal data. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not necessarily lead to an action from us.

  • The right to restriction of processing: You may under certain circumstances request us to restrict the processing of your personal data. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not necessarily lead to an action from us.

  • The right to data portability: You are entitled to receive your personal data (or have your personal data directly transmitted to another data controller) in a structured, commonly used and machine-readable format.

  • The right to object: You are entitled to object to certain processing activities conducted by us in relation to your personal data, such as our processing of your personal data based on our legitimate interest. The right to object also applies to processing of your personal data for direct marketing purposes. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not necessarily lead to an action from us.

Please be aware that you may review, update, correct or delete the personal data provided in your registration or account profile by changing your “account settings”.

You also have the right to lodge a complaint with the applicable supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten).

CHANGES TO THIS PRIVACY POLICY

If we change how we handle your personal data, we will update this privacy policy and publish it on this website.

COMPANY INFORMATION

If you have questions concerning our processing of your personal data, or want to invoke your rights, you may contact us at:

Detectify AB (reg.no: 556985-9084)
Medborgarplatsen 25 11872, Stockholm, Sweden Email: privacy@detectify.com

Get started
  • Start 2-week free trial
  • Book a demo
Product
  • Platform overview
  • Surface Monitoring
  • Application Scanning
  • Asset Classification and Scan Recommendations
  • Alfred AI
  • Custom Policies
  • Integrations
  • Customer login
Pricing
  • Platform pricing
For customers
  • Product changes
  • API documentation
  • Knowledge Base
  • Status page
Solutions by use case
  • Attack surface protection
  • Prevent subdomain takeover
  • Scaling organizations
Solutions by industry
  • Technology
  • Consumer packaged goods
  • Media & Gaming
  • Public Sector
Crowdsource
  • What is Crowdsource
  • Meet the community
  • Hack with us
  • How it works
  • Join Crowdsource
  • Hacker login
Resources
  • All resources
  • Case studies
  • Webinars
  • E-books & whitepapers
  • Videos
  • Events
Blogs
  • Detectify Blog
  • Detectify Labs
Trending topics
  • External Attack Surface Management
  • Common attack vectors
  • Log4j help
Partner program
  • Become a partner
Legal
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
  • Cookie Settings
  • Compliance & Security
  • Responsible Disclosure
Company
  • About us
  • Careers
  • Press & Media
  • Contact
Twitter icon
linkedin icon
G2 Badge High Performer Fall 2024
G2 Badge Easiest To Use Fall 2024
G2 Badge Easiest To Do Business With Fall 2024
G2 Badge Users Love Us
ISO certification badge
AWS partner logo
Detectify logo
© 2025 Detectify