Legal
Privacy Policy
How Automated Assessment collects, uses, stores, and protects information across our website and platform.
Effective June 30, 2026
1. Introduction
Automated Assessment ("Automated Assessment", "we", "us", or "our") provides automated security assessment software for enterprise infrastructure, including a web platform (collectively, the "Services"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights and choices available to you. It applies to visitors of automatedassessment.com and customers of the Automated Assessment platform.
2. Information We Collect
We collect only the information needed to operate the Services and respond to your requests.
- Account and authentication data: credentials and session identifiers for users of the Automated Assessment platform.
- Assessment data: configuration, telemetry, and findings collected from systems you authorize Automated Assessment to scan (for example, VMware vCenter inventory, identity directory configuration, hardening settings, and vulnerability data). This data describes the security posture of your infrastructure, not the personal communications of your end users.
- Usage and log data: IP address, browser type, pages or screens viewed, timestamps, and referring URLs, collected through standard server logs and limited first-party analytics.
- Cookies and similar technologies: strictly necessary cookies for site functionality and security (including rate limiting and abuse prevention).
3. How We Use Information
- To deliver, operate, secure, and improve the Services.
- To perform the security assessments you have authorized and to generate findings, reports, and risk scoring.
- To detect, prevent, and respond to fraud, abuse, and security incidents (including rate limiting and bot protection).
- To comply with legal obligations and enforce our agreements.
4. Tracking and Advertising
Automated Assessment does not use third-party advertising networks and does not track you across apps or websites owned by other companies.
5. How We Share Information
We share information only in the limited circumstances below:
- Service providers: infrastructure, hosting, transactional email delivery, and error monitoring providers acting on our behalf under written agreements that restrict their use of the data.
- Your organization: if you use the Services as part of an enterprise customer, we share your usage and assessment data with administrators of that account.
- Legal and safety: when required by law, valid legal process, or to protect the rights, property, or safety of Automated Assessment, our customers, or others.
- Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.
6. Data Retention
We retain personal information for as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Assessment data is retained for the duration of your engagement and deleted or returned in accordance with your customer agreement.
7. Security
We use administrative, technical, and physical safeguards designed to protect information, including encryption in transit, access controls, isolated execution environments for assessment workloads, and least-privilege design. No method of transmission or storage is perfectly secure, but we work continuously to maintain protections appropriate to the sensitivity of the data we handle.
8. International Data Transfers
If you access the Services from outside the jurisdiction in which we operate, your information may be processed in jurisdictions where we or our service providers operate. We rely on appropriate safeguards for cross-border transfers where required by law.
9. Your Rights and Choices
Subject to applicable law, you may have the right to:
- Access, correct, or delete the personal information we hold about you.
- Object to or restrict certain processing of your personal information.
- Request a copy of your personal information in a portable format.
- Withdraw consent where processing is based on consent.
10. Account and Data Deletion
You may request deletion of your account and associated personal information at any time through your account administrator. We will confirm and process your request within a reasonable period, subject to legal retention requirements.
11. Third-Party Services
Our Services may link to or interoperate with third-party systems that you choose to connect (for example, VMware vCenter or identity providers). Those systems are operated by third parties under their own terms and privacy practices, and Automated Assessment is not responsible for their content or practices.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Effective" date above and, where appropriate, provide additional notice. Your continued use of the Services after an update constitutes acceptance of the revised policy.