Privacy Policy

Effective date: October 23, 2025 — Secure Pwn (Credential Monitoring)

This Privacy Policy describes how Secure Pwn (“we”, “our”, or “us”) collects, uses, discloses, and protects information when you use our credential monitoring and alerting services (the “Service”).

By accessing or using our Service, you acknowledge that you have read and understood this Privacy Policy and agree to the practices described herein.

1. Information We Collect

Secure Pwn collects the following categories of information:

Account Data: Email addresses or usernames you provide for monitoring against known or suspected breaches.
Contact Information: When you register or request access, we may collect your name, company, and email address.
Log and Technical Data: IP address, browser type, device information, timestamps, and usage metrics automatically generated by your interaction with the Service.
Breach Data: Publicly available or third-party breach data that may contain identifiers matching your submitted Account Data. Secure Pwn does not store passwords or leaked content in plaintext.

2. How We Use Information

We process information to:

Provide and maintain the Service, including breach monitoring and alerting functions.
Authenticate user access and restrict usage to authorized work accounts.
Analyze and improve service reliability, user experience, and threat detection accuracy.
Communicate with you about your account, alerts, or updates to our terms and policies.
Comply with legal obligations and protect against misuse or security threats.

3. Data Sources

Secure Pwn aggregates data from publicly available breach disclosures, open web leak repositories, responsible vulnerability researchers, and licensed breach intelligence providers. We do not engage in or encourage unauthorized data collection or system compromise.

4. Legal Basis for Processing

Under the Nigeria Data Protection Regulation (NDPR), we process your information based on:

Your consent (when submitting an email for monitoring).
Legitimate interest (protecting your organization from credential exposure).
Compliance with legal or regulatory obligations.

5. Data Retention

We retain Account Data for as long as necessary to provide the Service or comply with legal requirements. Trial accounts are typically deleted within 14 days of expiration. Users may request deletion at any time (see “Your Rights”).

6. Data Sharing and Disclosure

We do not sell or rent your data. We may share information with:

Service Providers: Trusted vendors who assist with hosting, analytics, or email delivery under strict confidentiality agreements.
Law Enforcement: When required by law or in response to valid legal requests.
Business Transfers: In connection with a merger, acquisition, or reorganization, consistent with this Policy.

7. Data Security

We implement administrative, technical, and physical safeguards to protect data from unauthorized access, alteration, or destruction. These include encryption in transit and at rest, restricted access controls, and regular security reviews. However, no online system is fully immune to risk.

8. International Transfers

Secure Pwn’s servers may be hosted in data centers located outside Nigeria. Where data is transferred internationally, we ensure that adequate data protection safeguards consistent with NDPR requirements are in place.

9. Your Rights

Under NDPR and other applicable laws, you have the right to:

Request access to the personal data we hold about you.
Request correction or deletion of inaccurate or outdated data.
Withdraw consent at any time, without affecting prior lawful processing.
Request restriction or object to certain forms of processing.
Request data portability, where applicable.

Requests can be sent to privacy@securepwn.com.

10. Cookies and Tracking

Secure Pwn uses limited cookies and local storage for session management and security. We do not use advertising trackers or third-party analytics that profile individual behavior. You may disable cookies in your browser, but some functions may be limited.

11. Children’s Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected such data, we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect legal, technical, or operational changes. The updated version will be posted on this page with a revised effective date. Continued use of the Service constitutes acceptance of the updated Policy.

13. Contact Us

For privacy-related inquiries, requests, or complaints, please contact:

Data Protection Officer
Secure Pwn
Email: privacy@securepwn.com
Address: (replace with your business address)