Privacy Policy - ZOFixer Penetration Testing Tool

We value your privacy and are dedicated to preserving it by adhering to our privacy policy (“Policy”). This Policy describes the types of information we may collect or that you may provide (“Personal Information”) on the zofixer.com website (“Website” or “Service”) and any of its related products and services (collectively, “Services”), as well as our practices for collecting, using, maintaining, protecting, and disclosing that Personal Information. It also explains your options for how we use your Personal Information and how you may view and amend it.

This Policy is a legally binding contract between you (“User,” “you,” or “your”) and ZOFixer (“ZOFixer” “we,” “us,” or “our”). If you are engaging in this agreement on behalf of a company or other legal entity, you indicate that you have the ability to bind that entity to this agreement, in which case the terms “User,” “you,” or “your” shall relate to such entity. If you do not have such power or do not agree with the provisions of this agreement, you must not accept it and may not access or use the Website or Services. You acknowledge that you have read, understood, and agree to be governed by the terms of this Policy by accessing and using the Website and Services. This Policy does not cover the practices of firms we do not own or control, or persons we do not employ or manage.

Automatic collection of information

When you visit the Website, our servers automatically record the information sent by your browser. This data may include your device’s IP address, browser type, and version, operating system type and version, language preferences or the webpage you were visiting before coming to the Website and Services, pages of the Website and Services you visit, the time spent on those pages, the information you search for on the Website, access times and dates, and other statistics.

The information gathered automatically is exclusively used to identify possible incidents of abuse and to compile statistical data on the use and traffic of the Website and Services. This statistical data is not otherwise combined in such a way that any individual User of the system may be identified.

Collection of personal information

You may access and use the Website and Services without telling us who you are or disclosing any information that could be used to identify you as a specific, identifiable individual. However, if you desire to utilize certain of the Website’s services, you may be required to give some Personal Information (for example, your name and e-mail address).

When you register an account, make a purchase, or fill out any online forms on the Website, we collect and keep whatever information you willingly supply to us. This information may comprise, if necessary, the following:

Account details (such as user name, unique user ID, password, etc.)
Contact information (such as email address, phone number, etc.)
Basic personal information (such as name, country of residence, etc.)

Some of the information we gather comes from you directly through the Website and Services. We may, however, get Personal Information about you from other sources, such as public databases and collaborative marketing partners.

You can opt not to supply us with your Personal Information, but you may be unable to use certain of the Website’s services as a result. Users who are unsure about what information is required are encouraged to contact us.

Privacy of children

We do not collect Personal Information from minors under the age of 18. Please do not submit any Personal Information through the Website or Services if you are under the age of 18. If you have reason to suspect that a child under the age of 18 has supplied us with Personal Information via the Website and Services, please contact us to request that we erase that child’s Personal Information from our Services.

We urge parents and legal guardians to monitor their children’s Internet activity and to assist in the enforcement of this Policy by educating their children not to disclose Personal Information through the Website and Services without their consent. We also ask that all parents and legal guardians in charge of children’s caretake the appropriate safeguards to ensure that their children are taught not to give out Personal Information online without their permission.

Use and processing of collected information

When dealing with Personal Information, we function as both a data controller and a data processor in accordance with the GDPR, unless we have entered into a data processing agreement with you, in which case you would be the data controller and we would be the data processor.

Depending on the individual circumstances involving Personal Information, our involvement may also change. When we ask you to provide Personal Information that is required to ensure your access and use of the Website and Services, we operate as a data controller. In such cases, we are a data controller since we decide the objectives and means of processing Personal Information and comply with the GDPR’s data controller responsibilities.

In circumstances when you provide Personal Information via the Website and Services, we function as a data processor. We do not own, control, or make judgments regarding the Personal Information you provide, and it is solely processed in compliance with your instructions. In such cases, the User submitting Personal Information serves as a data controller in accordance with the GDPR.

We may need to collect and use some Personal Information in order to provide the Website and Services to you or to comply with a legal requirement. If you do not give the necessary information, we may be unable to provide you with the desired products or services. We may use any information we gather from you for the following purposes:

Create and manage user accounts
Fulfil and manage orders
Deliver products or services
Improve products and services
Send administrative information
Send product and service updates
Respond to inquiries and offer support
Request user feedback
Improve user experience
Respond to legal requests and prevent harm
Run and operate the Website and Services

We collect and treat your Personal Information using the following legal basis, as outlined by the GDPR:

User’s consent
Performance of a contract
Our own legitimate interests

It should be noted that under some laws, we may be permitted to handle information until you object to it by opting out, without relying on permission or any of the other legal reasons listed above. In any event, we would be delighted to clarify the exact legal basis that applies to the processing, including whether the submission of Personal Information is a statutory or contractual necessity or a prerequisite to engaging in a contract.

Risk Reward Program

We offer a Risk Reward Program to users who purchase our Starter Plus Package. This program allows you to earn money back on your purchase by reporting low, medium, or high-risk vulnerabilities that you discover using our scanner and report to any of the popular bug bounty platforms.

To be eligible for the program, the hunter must mention the use of ZOFixer scanner in the proof of concept (PoC) of the identified vulnerability on any recognized bug bounty program. The PoC should clearly demonstrate how ZOFixer scanner was used to identify the vulnerability.

If you find one risk, we’ll offer you a 20% refund of your purchase price. If you find two risks, we’ll refund 50% of the amount you paid for the Starter Plus package, and if you find three or more risks, we’ll refund 100% of the amount.

We hope that this program will encourage you to not only improve your security skills but also earn back your investment in our scanner.

The hunter discovers a low, medium, or high-risk vulnerability using ZOFixer scanner and reports it to any of the popular bug bounty platforms.
In the proof of concept (PoC) of the vulnerability report, the hunter clearly demonstrates how ZOFixer scanner was used to identify the vulnerability.
The bug bounty platform verifies and accepts the vulnerability report.
The hunter sends the verified vulnerability report to ZOFixer for review.
ZOFixer reviews the report and determines if the hunter is eligible for a refund.
If the hunter is eligible, ZOFixer will issue a refund at the end of the next month.
The refund will be sent to the payment method used for the original purchase of the Starter Plus Package.

Please note that the verification of the vulnerability report is done by the bug bounty platform and not by ZOFixer. Once the report is verified and accepted, the hunter can then send the report to ZOFixer for review. If the report is eligible for a refund, ZOFixer will issue the refund at the end of the next month.

Payment processing

In the event of Services that require payment, you may be required to enter your credit card information or other payment account information, which will be used purely for payment processing. We employ third-party payment processors (“Payment Processors”) to help us securely handle your payment information.

Payment processors follow the most recent security requirements as administered by the PCI Security Standards Council, a collaboration of companies such as Visa, MasterCard, American Express, and Discover. Sensitive and private data exchange occurs through an SSL secured communication channel that is encrypted and protected with digital signatures, and the Website and Services are also in accordance with stringent vulnerability standards in order to provide Users with the safest environment possible. We will only share payment data with Payment Processors to the extent necessary for processing your payments, refunding such payments, and dealing with complaints and inquiries regarding such payments and refunds.

Please be aware that the Payment Processors may collect Personal Information from you in order to process your payments (for example, your email address, address, credit card details, and bank account number) and handle all steps in the payment process through their systems, including data collection and data processing. The Payment Processors’ use of your Personal Information is regulated by their separate privacy policies, which may or may not include privacy safeguards as stringent as those in this Policy. We recommend that you read their privacy policies.

Managing information

You have the option to erase specific Personal Information that we have on file for you through Zofixer support team. As the Website and Services evolve, the Personal Information you can erase may change. When you delete Personal Information, we may keep a copy of the unrevised Personal Information in our systems for the time necessary to meet our commitments to our affiliates and partners, as well as for the purposes stated below.

Disclosure of information

We may share your information with our affiliates, contracted companies, and service providers (collectively, “Service Providers”) we rely on to assist in the operation of the Website and Services available to you and whose privacy policies are consistent with ours or who agree to abide by our policies with respect to Personal Information, depending on the requested Services or as necessary to complete any transaction or provide any Service you have requested. We shall not disclose any personally identifiable information with third parties or information with unaffiliated third parties.

Service Providers are not permitted to use or disclose your information unless it is required to execute services on our behalf or to comply with legal obligations. We only supply Service Providers with the information they need to execute their assigned responsibilities, and we do not permit them to use or disclose any of the provided information for their own marketing or other reasons.

We may also disclose any Personal Information we collect, use, or receive if required or permitted by law, such as to comply with a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your or others’ safety, investigate fraud, or respond to a government request.

Retention of information

We will keep and use your Personal Information for as long as your user account is active, in order to enforce our agreements, settle disputes, and unless a longer retention term is needed or authorized by law, up to a maximum of 36 months. We may use aggregated data generated from or including your Personal Information after you update or remove it, but not in a way that would uniquely identify you. Personal Information will be removed after the retention term has expired. As a result, when the retention term has expired, the right to access, the right to erasure, the right to rectification, and the right to data transfer cannot be enforced.

Transfer of information

Data transfers may require sending and keeping your information in a nation other than your own, depending on your location. This, however, will not apply to nations outside of the European Union and the European Economic Area. If such a transfer occurs, you may learn more by reviewing the relevant parts of this Policy or contacting us using the details given in the contact section.

Data protection rights under the GDPR

If you are a resident of the European Economic Area (“EEA”), you have specific data protection rights, and we will make every effort to rectify, amend, delete, or restrict the use of your Personal Information. Please contact us if you want to know what Personal Information we have on file for you and if you want it deleted from our systems. You have the following data protection rights in certain circumstances:

(I) If you previously consented to the processing of your Personal Information, you have the right to withdraw your permission. You have the right to withdraw your consent at any time if the legal basis for our processing of your Personal Information is consent. The withdrawal has no effect on the legality of the processing that occurred before the withdrawal.

(ii) You have the right to discover if we are processing your Personal Information, to get disclosure about certain elements of the processing, and to seek a copy of your Personal Information that is being processed.

(iii) You have the right to double-check the correctness of your information and request that it be updated or amended. You also have the right to request that we complete any Personal Information that you feel is missing.

(iv) You have the right to object to the processing of your personal information if it is done on a legal basis other than permission. If we process Personal Information in the public interest, in the exercise of an official authority vested in us, or for the sake of our legitimate interests, you may object to such processing by giving a reason linked to your specific circumstances to explain the objection.

(v) Under some conditions, you have the right to restrict the processing of your Personal Information. These circumstances include: you contest the accuracy of your Personal Information, and we must verify its accuracy; the processing is unlawful, but you oppose the erasure of your Personal Information and instead request the restriction of its use; we no longer need your Personal Information for the purposes of the processing, but you require it to establish, exercise, or defend your legal claims; You have objected to processing while we investigate whether our valid grounds outweigh your legitimate grounds. Where processing has been restricted, such Personal Information will be marked as such and, with the exception of storage, will be processed only with your consent or for the establishment, exercise, or defense of legal claims, the protection of another natural or legal person’s rights, or for reasons of significant public interest.

(vi) Under some conditions, you have the right to request that we delete your Personal Information. These circumstances include: the Personal Information is no longer required for the purposes for which it was collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data was unlawfully processed. However, there are some exceptions to the right to erasure, such as where processing is required to exercise the right to free expression and information, to comply with a legal duty, or to establish, exercise, or defend legal claims.

(vii) You have the right to receive the Personal Information you have provided to us in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted to another controller without hindrance from us, provided that such transmission does not infringe on the rights and freedoms of others.

(viii) You have the right to lodge a complaint with a data protection authority over the acquisition and use of your Personal Information by us. If you are dissatisfied with the outcome of your complaint, you have the right to file a complaint with your local data protection authority. Please contact your local data protection authority in the EEA for additional information. This provision applies if your Personal Information is processed using automated methods and the processing is based on your permission, a contract in which you are a party, or pre-contractual requirements.

California privacy rights

Under the California Consumer Privacy Act (“CCPA”), residents of California have some extra rights with regard to their Personal Information. This section pertains to you if you live in California.

In addition to the rights outlined in this Policy, California residents who provide Personal Information as defined by the statute in order to obtain Services for personal, family, or household use have the right to request and obtain from us, once a calendar year, information about the categories and specific pieces of Personal Information we have collected and disclosed.

Furthermore, California residents have the right to request that their Personal Information be deleted or to opt-out of the sale of their Personal Information, which may include selling, disclosing, or transferring Personal Information to another business or a third party for monetary or other valuable consideration. Simply email us to do so. We shall not discriminate against you if you exercise your CCPA rights.

How to exercise your rights

Any requests to exercise your rights should be sent to us using the contact information provided in this page. Please keep in mind that we may request that you prove your identity before responding to such inquiries. Your request must include enough information for us to verify that you are the person you claim to be or that you are the authorized representative of that person. If we receive your request from an authorized representative, we may ask for proof that you have granted such an authorized representative power of attorney or that the authorized representative has other appropriate written permission to submit requests on your behalf.

You must give enough information for us to fully comprehend and reply to your request. We will not be able to react to your request or furnish you with Personal Information unless we first validate your identity or authorisation to make such a request and confirm that the Personal Information pertains to you.

Cookies

Cookies are used on our website and services to help tailor your online experience. A cookie is a text file that a web page server places on your hard drive. Cookies cannot launch programs or transmit viruses to your computer. Cookies are allocated to you uniquely and can only be read by a web server on the domain that provided the cookie to you. You will be unable to enjoy and experience the features of the Website and Services if you opt to refuse cookies. You may learn more about cookies and how they function by clicking here.

Cookies may be used to collect, store, and track information for the purposes of security and customization, as well as to run the Website and Services and for statistical reasons. Please keep in mind that you have the option to accept or deny cookies. Although most web browsers allow cookies by default, you can change your browser settings to deny cookies if you prefer.

Data analytics

Our Website and Services may make use of third-party analytics tools that collect normal internet activity and use data via cookies, web beacons, or other similar information-gathering technology. The information acquired is used to produce statistical reports on User activity, such as how frequently users visit our Website and Services, what pages they visit and how long they stay on each page, and so on. We use the information gathered by these analytics technologies to monitor and enhance the operation of our Website and Services. We do not employ third-party analytics tools to track or collect personally identifiable information about our users, and we do not link any information acquired through statistics reports to any specific User.

Do Not Track signals

Some browsers have a Do Not Track capability, which indicates to websites that you do not want your online activities recorded. Tracking is not the same as utilizing or collecting information from a website. Tracking refers to the collection of personally identifiable information from customers who use or visit a website or online service as they move around multiple websites overtime for these objectives. The method by which browsers convey the Do Not Track signal is not yet standard. As a result, the Website and Services are not currently configured to read or respond to Do Not Track signals sent by your browser. Nonetheless, as discussed in further detail elsewhere in this Policy, we limit the use and collecting of your Personal Information.

Social media features

Our Website and Services may contain social media elements such as Facebook and Twitter buttons, Share This buttons, and so on (collectively, “Social Media Features”). These Social Media Features may gather your IP address, the page you are viewing on our Website and Services, and may establish a cookie in order for Social Media Features to work effectively. Social Media Features are hosted by their respective suppliers or on our Website and Services. The privacy policies of the providers of these Social Media Features control your interactions with them.

Email marketing

We provide electronic newsletters, to which you may subscribe voluntarily at any time. We are dedicated to maintaining the confidentiality of your email address and will not disclose it to any third parties except as permitted in the information usage and processing section or for the purposes of using a third-party provider to send such emails. We will keep the email information in compliance with applicable laws and regulations.

All e-mails sent from us will explicitly disclose who the communication is from and include clear information on how to contact the sender in accordance with the CAN-SPAM Act. You can unsubscribe from our newsletter or marketing communications by following the unsubscribe instructions included in these emails or by contacting us. You will, however, continue to receive critical transactional emails.

Links to other resources

The Website and Services contain links to resources that we do not own or control. Please keep in mind that we are not responsible for the privacy policies of other resources or third parties. We advise you to be cautious when leaving the Website and Services and to read the privacy policies of any and all resources that may collect Personal Information.

Information security

We protect the information you supply by storing it on computer servers in a controlled, secure environment that is free of unauthorized access, use, or disclosure. We maintain appropriate administrative, technological, and physical precautions to secure Personal Information within our control and custody against unauthorized access, use, alteration, or disclosure. Data transmission through the Internet or a wireless network, on the other hand, cannot be assured.

Therefore, while we strive to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and the Website and Services cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third party, despite best efforts.

Because the security of Personal Information is partly dependent on the security of the device you use to connect with us and the security you employ to secure your credentials, please take reasonable precautions to safeguard this information.

Data breach

If we become aware that the security of the Website and Services has been compromised or Users’ Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. We shall make reasonable efforts to inform affected persons in the event of a data breach if we believe there is a real risk of damage to the User as a consequence of the breach or if the disclosure is otherwise required by law. When we do, we will notify you through email and post a notice on the Website.

Changes and amendments

We retain the right, at our sole discretion, to amend this Policy or its conditions relating to the Website and Services at any time. When we do, we will update the date at the bottom of this page and send you an email to let you know. At our discretion, we may also communicate notice to you in other ways, such as through the contact information you have supplied.

Unless otherwise noted, an updated version of this Policy shall be effective immediately upon publishing of the amended Policy. Your continuing use of the Website and Services after the effective date of the amended Policy (or such other act stated at the time) will represent your acceptance of those changes. However, without your approval, we will not use your Personal Information in a way that is significantly different from what was disclosed at the time your Personal Information was obtained.

Acceptance of this policy

You indicate that you have read and agree to all of the terms and conditions of this Policy. You agree to be governed by this Policy by accessing and using the Website and Services and submitting your information. You are not permitted to access or use the Website or Services if you do not agree to the terms of this Policy.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.