Information We Collect

We collect account and commercial information such as email address, organization name, and subscription data. We do not collect or store source code content.

How We Process Data

PENSO processes file hashes using SHA-256 and related evidence metadata needed for assessment workflows. Source content is never transmitted or processed by PENSO.

Data Storage

Service data is stored on Google Cloud Platform and protected with encryption at rest and encryption in transit.

Data Retention

Assessment results are retained for the certification validity period of 180 days and may be deleted earlier upon request, subject to legitimate operational or legal retention requirements.

Your Rights

Where applicable, you may request access, correction, deletion, and data portability consistent with GDPR Articles 15 through 20 and other applicable laws.

Cookies

PENSO uses minimal cookies required for Stripe checkout sessions and does not use tracking cookies for advertising or behavioral profiling.

Third Parties

We use Stripe for payment processing and Anthropic for certain LLM-assisted evaluation workflows. Only metadata required for evaluation is shared, and no source code content is transmitted.

Children

The service is not intended for individuals under the age of 16, and we do not knowingly provide the service directly to children.

Changes

We may update this Privacy Policy from time to time and will provide at least 30 days' notice by email before material changes become effective.

Contact

Privacy requests or questions may be sent to [email protected] or [email protected].