Legal

Privacy Policy

Last updated: February 1, 2026

1. Introduction

Exploit Score ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our vulnerability prioritization platform and related services.

By accessing or using our services, you agree to the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

  • Account information (name, email, company name)
  • Contact form submissions
  • Demo request information
  • Support communications

2.2 Vulnerability Data

When you use our platform, you may import vulnerability scan data. We process this data solely to provide our scoring and prioritization services. Your raw vulnerability data (CVE IDs, IP addresses, hostnames) remains in your environment. Only anonymized feature vectors are transmitted to our cloud scoring service.

2.3 Automatically Collected Information

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Usage analytics
  • Cookies and similar technologies

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our services
  • Process vulnerability data and generate exploit scores
  • Improve and optimize our ML models
  • Communicate with you about your account and our services
  • Respond to your inquiries and support requests
  • Send product updates and security notifications
  • Comply with legal obligations

4. Data Security

We implement industry-standard security measures to protect your data:

  • All data encrypted at rest using AES-256
  • TLS 1.3 encryption for all data in transit
  • Regular security audits and penetration testing
  • Role-based access controls
  • Multi-factor authentication support
  • SOC 2 Type II compliant infrastructure

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Vulnerability scoring data is retained according to your subscription terms. You may request deletion of your data at any time by contacting us at privacy@exploitscore.com.

6. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers: Cloud hosting, analytics, and support tools
  • Legal requirements: When required by law or to protect our rights
  • Business transfers: In connection with a merger or acquisition

7. Your Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Export your data
  • Opt out of marketing communications
  • Withdraw consent

To exercise these rights, contact us at privacy@exploitscore.com.

8. Cookies

We use cookies and similar technologies to improve your experience, analyze usage, and personalize content. You can control cookies through your browser settings. Essential cookies are required for the platform to function properly.

9. International Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@exploitscore.com
Address: Exploit Score, Inc.