back
SecureTom

Privacy Policy

Last Updated: May 27, 2026

This Privacy Policy describes Our policies and procedures regarding the collection, use, storage, and disclosure of Your information when You use SecureTom and related services.

SecureTom is an AI and application security scanning platform operated by BeyondScale Technologies Pvt Ltd. BeyondScale is ISO 27001 certified.

By using SecureTom, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Definitions

For the purposes of this Privacy Policy:

  • Company refers to BeyondScale Technologies Pvt Ltd ("We", "Us", "Our").
  • SecureTom refers to the AI security scanning platform accessible via securetom.com.
  • Service refers to all scanning, assessment, monitoring, reporting, and related features offered by SecureTom.
  • Personal Data means any information that identifies or relates to an individual.
  • Scan Data refers to application metadata, URLs, headers, responses, configurations, prompts, logs, uploaded files, or security findings collected during scans.
  • Credentials refers to usernames, passwords, API keys, tokens, session cookies, OAuth tokens, or other authentication data voluntarily provided by You for authenticated security testing.
  • User means the individual or organization using the Service.

Information We Collect

Personal Information

We may collect:

  • Name
  • Email address
  • Company name
  • Phone number
  • Billing information
  • Account and authentication details

Security Scan Data

When You use SecureTom, We may collect and process:

  • Target URLs and endpoints
  • Application headers and responses
  • AI prompts and responses submitted for testing
  • Uploaded documents or datasets for security analysis
  • API schemas and configurations
  • Security findings and vulnerability reports
  • Logs generated during scans

This information is used solely for performing security analysis, generating reports, improving scan accuracy, and maintaining platform security. We do not use customer prompts, code, datasets, or credentials to train any AI model.

Authenticated Scans and Credential Handling

Some SecureTom scan modes, including authenticated Deep Scans, may require application login credentials or authentication tokens.

Important Security Commitments

  • Credentials are used only for the duration necessary to perform the requested scan.
  • We do not use credentials for any purpose other than authorized security testing.
  • Credentials are encrypted during transmission and storage.
  • Wherever technically feasible, credentials are processed temporarily in memory and are not permanently retained.
  • SecureTom does not sell, share, or reuse credentials.
  • Users are encouraged to create dedicated test accounts with limited permissions for scanning purposes.

For enhanced security, We recommend using:

  • Temporary passwords
  • Restricted privilege accounts
  • OAuth or token-based authentication where supported

How We Use Your Information

We may use collected information to:

  • Provide and maintain the Service
  • Perform security scans and assessments
  • Generate vulnerability reports
  • Improve scan detection and platform accuracy
  • Monitor system health and abuse prevention
  • Respond to support requests
  • Communicate important updates and security notices
  • Comply with legal obligations

AI and Security Research

SecureTom may analyze anonymized and aggregated scan patterns to improve detection capabilities, AI security models, and platform effectiveness.

We do not use customer proprietary code, prompts, datasets, or credentials for AI model training.

Data Retention

We retain information for the following default periods:

  • Account profile: lifetime of account, plus thirty days after closure
  • Scan Data and reports: twelve months after the scan
  • AI prompts and uploaded test data: ninety days after the scan
  • Credentials for on-demand scans: scan session only; destroyed at scan completion
  • Credentials for scheduled scans: until You revoke or delete them
  • Audit logs: one year
  • Billing records: seven years (as required by Indian tax law)

Users may request earlier deletion of stored data by emailing privacy@securetom.com. We will respond within thirty days.

Cookies

SecureTom uses cookies for:

  • Authentication and session management (strictly necessary)
  • User preferences such as dashboard layout (functional)
  • Aggregated usage analytics (with consent in the EU)
  • Abuse and bot detection (security)

We do not use cross-site advertising cookies. You may manage non-essential cookies through the cookie banner or Your browser settings.

Data Sharing

We do not sell Your Personal Data.

We may share information only in the following situations:

  • With infrastructure, hosting, and payment providers necessary to operate the Service
  • With subprocessors bound by confidentiality and security obligations (current list at securetom.com/subprocessors)
  • To comply with legal obligations
  • To protect the rights, safety, and security of Users or the Company
  • During mergers, acquisitions, or business transfers

Security Measures

BeyondScale is ISO 27001 certified. We implement administrative, technical, and organizational safeguards to protect information processed by SecureTom, including:

  • Encryption in transit (TLS 1.2 or higher) and at rest (AES-256)
  • Access controls and multi-factor authentication
  • Role-based internal access restrictions
  • Secure infrastructure monitoring
  • Audit logging and access reviews

No method of transmission or storage is completely secure, and We cannot guarantee absolute security.

Data Breach Notification

In the event of a Personal Data breach affecting Your data, We will notify the relevant supervisory authority and affected customers without undue delay and, where feasible, within seventy-two hours of becoming aware, consistent with GDPR Article 33 and the Indian DPDP Act.

Your Rights

Depending on Your jurisdiction (including the EU GDPR and the Indian Digital Personal Data Protection Act, 2023), You may have rights to:

  • Access Your data
  • Correct inaccurate information
  • Request deletion
  • Restrict or object to processing
  • Export Your data
  • Withdraw consent
  • Lodge a complaint with Your local supervisory authority

Requests may be submitted to privacy@securetom.com. We will respond within thirty days.

Third-Party Services

SecureTom may integrate with third-party providers for authentication, cloud hosting, analytics, or notifications. These providers may process limited information necessary to support the Service.

Users should review the privacy policies of any integrated third-party services they choose to connect.

Children's Privacy

SecureTom is a business-to-business platform and is not intended for individuals under the age of eighteen in India, sixteen in the European Economic Area, or thirteen in the United States. We do not knowingly collect Personal Data from minors.

Governing Law

This Privacy Policy is governed by the laws of India, with non-exclusive jurisdiction in the courts of Hyderabad, Telangana. It is interpreted consistently with the GDPR for EU/EEA users and the DPDP Act, 2023 for Indian users.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be notified by email and by notice on the SecureTom dashboard. The current version is always available at securetom.com/privacy.

Contact Us

For questions about this Privacy Policy or SecureTom data handling practices:

  • Privacy: privacy@securetom.com
  • Security and vulnerability reports: security@securetom.com
  • Website: https://securetom.com
  • Company: BeyondScale Technologies Pvt Ltd, Hyderabad, India