Dashboard

Privacy Policy

Last updated: March 22, 2026

This Privacy Policy describes how SyX-RAY ("we," "us," or "our") collects, uses, and protects information when you use our cyber security platform, including all offensive and defensive security tools, EDR agents, threat intelligence services, and related applications (collectively, the "Platform").

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name, email address, and password (hashed)
  • Organization name and billing information (if applicable)
  • IP address and browser user-agent at time of registration

1.2 Targets and Assets

When you use the Platform, you may provide:

  • Domain names, IP addresses, and CIDR ranges you add for monitoring
  • URLs and web application endpoints for scanning
  • Infrastructure configuration details relevant to security assessments

1.3 EDR Agent Telemetry

Our Endpoint Detection and Response (EDR) agents collect the following data from enrolled endpoints for security monitoring purposes only:

  • Process names, process IDs (PIDs), and parent process relationships
  • Network connections (source/destination IP, port, protocol)
  • File hashes (MD5, SHA-1, SHA-256) — we do NOT collect file contents
  • System information (OS version, hostname, installed software)
  • Registry/configuration changes relevant to security
  • User login events and privilege escalation attempts

1.4 Threat Intelligence Data

We aggregate threat intelligence from publicly available sources including but not limited to OSINT feeds, Telegram channels, dark web forums, and CVE databases. This data is processed to provide actionable security insights.

2. How We Use Your Information

2.1 Platform Operations

  • Performing passive reconnaissance and attack surface monitoring on your designated targets
  • Processing EDR telemetry to detect and respond to threats in real time
  • Generating security reports, alerts, and threat assessments
  • Matching your infrastructure against known vulnerabilities (CVEs)

2.2 Service Improvement

  • Improving detection algorithms and threat models
  • Analyzing platform performance and reliability
  • Developing new security features and capabilities

3. Data Sharing and Third Parties

3.1 We Do NOT Sell Your Data

SyX-RAY does not sell, rent, or trade your personal information or security data to any third party, under any circumstances.

3.2 Limited Third-Party Sharing

We may share limited data with third-party services strictly as necessary for threat intelligence enrichment:

  • File hashes may be submitted to VirusTotal for malware analysis
  • IP addresses and domains may be checked against public threat intelligence APIs
  • Indicators of compromise (IOCs) may be cross-referenced with industry threat feeds

In all cases, only the minimum data necessary is shared, and no personally identifiable information is transmitted.

3.3 Legal Requirements

We may disclose information if required by law, court order, or governmental regulation, or if disclosure is necessary to protect our rights, safety, or the rights of others.

4. Scanning and Reconnaissance

All scans performed by the Platform are passive reconnaissance only. We do not perform active exploitation, brute-force attacks, or any actions that could disrupt target services. Our scanning methodology includes DNS enumeration, TLS certificate analysis, HTTP header inspection, and publicly available data aggregation.

5. Data Retention

5.1 Log Data

Security logs, scan results, EDR telemetry, and threat intelligence data are retained for 62 days from the date of collection, after which they are automatically purged.

5.2 Account Data

Account information is retained for as long as your account is active. Upon account deletion, all associated data is permanently removed within 30 days.

6. User Responsibilities

You are solely responsible for ensuring that you have proper authorization to scan, monitor, or perform security assessments on any targets you add to the Platform. You must have written permission from the asset owner before initiating any scanning or monitoring activities.

7. Cookies and Tracking

SyX-RAY uses cookies exclusively for authentication session management. We do not use tracking cookies, advertising cookies, or any third-party analytics that track individual users across websites.

8. GDPR and Data Subject Rights

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: You may request a copy of all personal data we hold about you.
  • Right to Rectification: You may request correction of inaccurate personal data.
  • Right to Erasure: You may request deletion of your personal data ("right to be forgotten").
  • Right to Data Portability: You may request an export of your data in a machine-readable format.
  • Right to Restrict Processing: You may request that we limit how we process your data.
  • Right to Object: You may object to data processing based on legitimate interests.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Security Measures

We implement industry-standard security measures to protect your data, including encryption at rest and in transit (TLS 1.3), access controls, audit logging, and regular security assessments of our own infrastructure.

10. Disclaimer of Liability

The Platform is provided "as is" and "as available" without warranties of any kind, whether express or implied. SyX-RAY disclaims all liability for any damages, losses, or claims arising from the use of the Platform, including but not limited to data breaches, service interruptions, false positives or negatives in threat detection, or any actions taken based on information provided by the Platform.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the Platform after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

Email: [email protected]