Privacy Policy

Effective Date: July 19, 2025
Contact Email: privacy@elittros.com

At Elittros, your privacy and data protection are not just priorities — they are foundational to our mission. As a cybersecurity company, we understand the responsibility that comes with handling sensitive information and are committed to safeguarding it with the highest standards of security and integrity.

1. Information We Collect

We may collect and process the following types of information:

• Client-provided data: Information, files, system logs, or credentials shared with us for security testing, audits, or analysis.
• Sensitive data (unintentional exposure): During penetration testing or vulnerability assessments, we may come across sensitive or unauthorized data unintentionally.
• Usage and technical information: Metadata, server logs, and related technical data for security monitoring and performance improvement.
• Contact and communication data: Emails, support requests, or partnership inquiries submitted to us.

2. How We Use the Information

• To perform the security services requested by clients.
• To identify, analyze, and report security vulnerabilities.
• To ensure service integrity, compliance, and risk mitigation.
• To improve the functionality, security, and user experience of our services.

We do not sell, trade, or rent your data to any third party.

3. Handling of Sensitive & Unauthorized Data

In the course of our work, we may unintentionally access sensitive or unauthorized data. When such access occurs:

• We immediately report the exposure to the client or responsible entity.
• We do not store, share, or use the data for any purpose other than to notify or demonstrate the exposure (as per agreed scope).
• We follow industry-standard ethical guidelines and strict confidentiality protocols.

4. Data Security

We implement a combination of technical, administrative, and physical controls to ensure your data is protected, including:

• End-to-end encryption
• Role-based access control
• Secure storage and disposal practices
• Regular internal security audits
• Adherence to OWASP, ISO/IEC 27001, and NIST best practices

5. Data Retention

We retain data only as long as necessary to fulfill the purpose for which it was collected or as required by law. After the engagement ends, client data is securely deleted or returned based on the agreement.

6. Third-Party Disclosure

We may engage with verified and trusted third-party service providers under strict confidentiality agreements and only when necessary to provide our services.

7. Your Rights

You have the right to:

• Access the personal or project data we hold about you.
• Request corrections or deletion of your data.
• Withdraw consent (where applicable).
• Report a privacy concern via privacy@elittros.com

8. Policy Updates

We may update this Privacy Policy to reflect changes in our practices or legal requirements. The latest version will always be available on our website.

Contact Us

If you have questions or concerns about this policy or how we handle data, please reach out to:

privacy@elittros.com