Privacy Policy

Last updated: April 2026

ASMMonitor ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our external attack surface management platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address
• Company name
• Name (optional)
• Password (encrypted)

1.2 Domain and Security Data

To provide our services, we collect and analyze:

• Domain names you register for monitoring
• Subdomain information discovered through scanning
• SSL certificate details
• DNS records
• Technology fingerprints
• Security vulnerabilities detected
• Email security configurations (SPF, DKIM, DMARC)

1.3 Usage Data

We automatically collect:

• IP address
• Browser type and version
• Pages visited and features used
• Time and date of visits
• Time spent on pages

1.4 Payment Information

Payment processing is handled by Paddle, our merchant of record. We do not store credit card numbers or bank account details. Paddle's privacy policy applies to payment data.

2. How We Use Your Information

We use collected information to:

• Provide and maintain our Service
• Perform security scans on your registered domains
• Send security alerts and reports
• Process payments and manage subscriptions
• Respond to customer support requests
• Improve our Service and develop new features
• Send important updates about the Service
• Detect and prevent fraud or abuse

3. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on:

Processing Activity	Legal Basis
Providing the Service	Contract performance
Security scanning of your domains	Contract performance
Sending security alerts	Legitimate interest
Marketing communications	Consent
Fraud prevention	Legitimate interest

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

• Service Providers: Third parties that help us operate our Service (hosting, email delivery, payment processing)
• Paddle: Our payment processor and merchant of record
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. After account deletion:

• Account data is deleted within 30 days
• Scan results and security data are deleted within 90 days
• Aggregated, anonymized data may be retained for analytics
• Data required for legal compliance may be retained longer

6. Data Security

We implement appropriate security measures including:

• Encryption in transit (TLS/SSL) and at rest
• Access controls and authentication
• Regular security assessments
• Secure data centers in the European Union

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

7. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to certain processing activities
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at privacy@asmmonitor.com.

8. International Data Transfers

Your data is primarily stored and processed in the European Union. If we transfer data outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

9. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies. You can control cookies through your browser settings.

10. Children's Privacy

ASMMonitor is not intended for use by individuals under 18 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

12. Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@asmmonitor.com
Data Protection Officer: dpo@asmmonitor.com

13. Supervisory Authority

If you are in the EU and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.