WebHound
Legal

Privacy Policy

Last updated: May 13, 2025

WebHound ("we", "our", or "us") is committed to protecting your privacy. This Policy explains what information we collect, how we use it, and your rights regarding that information when you use the WebHound web application security scanning service.

1. Information We Collect

  • Account information you provide when registering: name, email address, and password.
  • Scan targets you submit: domain names and URLs you authorize WebHound to scan.
  • Usage data: pages visited, features used, scan frequency, and session duration.
  • Technical data: IP address, browser type, operating system, and device identifiers.
  • Payment information: billing address and payment method details, processed by our payment provider. We do not store raw card numbers.

2. How We Use Your Information

  • To operate and deliver the WebHound scanning service.
  • To generate security reports and remediation recommendations for your submitted targets.
  • To send transactional emails: scan completion notifications, alert feeds, and certificate expiry warnings.
  • To improve our detection accuracy, scan engine, and threat intelligence feeds.
  • To process payments and manage your subscription.
  • To comply with legal obligations and enforce our Terms of Service.

3. Scanning and Target Data

  • WebHound only scans domains and URLs you explicitly submit and authorize. We do not initiate scans against third-party targets without your instruction.
  • Scan results, findings, and reports are stored on your behalf and are private to your account.
  • We may use anonymized, aggregated scan statistics (e.g., "percentage of sites with TLS 1.0 enabled") to improve our product and publish research. No individual scan results are shared.

4. Data Sharing and Third Parties

  • We do not sell your personal data.
  • We share data with service providers who help us operate WebHound: cloud infrastructure (AWS), payment processing (Stripe), and analytics (privacy-preserving, no cross-site tracking).
  • We may disclose data if required by law, court order, or to protect the rights and safety of our users or the public.
  • If WebHound is acquired, your data may be transferred to the acquirer, subject to the same privacy commitments.

5. Data Retention

  • Account data is retained for the lifetime of your account and for up to 90 days after deletion.
  • Scan results and reports are retained per your subscription plan. Free tier: 30 days. Pro tier: 12 months. Enterprise: custom.
  • You may request deletion of your data at any time by contacting us at privacy@webhoundsecurity.com.

6. Your Rights

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may update inaccurate data through your account settings or by contacting us.
  • Deletion: You may request deletion of your account and associated data.
  • Portability: You may export your scan reports in PDF, CSV, or JSON format at any time.
  • Objection: You may opt out of non-essential communications at any time via account settings.
  • If you are in the EU or UK, you have additional rights under GDPR including the right to lodge a complaint with your supervisory authority.

7. Security

  • All data is encrypted in transit using TLS 1.3 and at rest using AES-256.
  • Access to production systems is restricted to authorized personnel and requires multi-factor authentication.
  • We conduct regular security audits and penetration tests of our own infrastructure.
  • To report a security vulnerability in WebHound, please contact security@webhoundsecurity.com.

8. Cookies

  • We use strictly necessary cookies for authentication and session management.
  • We use functional cookies to remember your preferences.
  • We do not use third-party advertising cookies or cross-site tracking.
  • You can manage cookie preferences in your browser settings.

9. Changes to This Policy

  • We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice in the dashboard at least 14 days before the change takes effect.
  • Continued use of WebHound after changes constitutes acceptance of the updated policy.

10. Contact

  • For privacy questions, data requests, or complaints, contact us at privacy@webhoundsecurity.com.
  • WebHound Security · privacy@webhoundsecurity.com

This document is provided for informational purposes. For enterprise data processing agreements or GDPR Data Processing Addendums, contact privacy@webhoundsecurity.com.