Skip to main content

Pentrova is launching soon. Join the waitlist for early access.Join the waitlist

Last updated:

Privacy Policy

This Privacy Policy explains what personal data PENTROVA TECHNOLOGIES PRIVATE LIMITED (“Pentrova”, “we”) collects, the purposes for which we process it, the lawful bases we rely on, how long we retain it, and the rights you have over it under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Data categories we collect

  • Identity data. Full name provided on account creation or the contact form.
  • Contact data. Work email address, company name, professional role.
  • Usage analytics. Anonymous page-view events, feature interactions, and free-tool submissions, recorded only after consent where required.
  • Tool inputs. URLs, hostnames, and specs you enter into the free tools are processed in your browser to produce results; the current free tools do not transmit these inputs to Pentrova servers. If a tool later performs a server-side scan, this policy and the tool’s on-page notice will say so before any input leaves your browser.
  • Support correspondence. The contents of emails and form messages you send to our support, sales, or security teams.

2. Purposes of processing

  • Deliver the Pentrova platform and the free tools exposed on this website.
  • Respond to sales, support, and partnership enquiries submitted through forms or direct email.
  • Understand aggregate usage of the marketing site to improve content (consent-gated).
  • Comply with legal, tax, audit, and contractual obligations owed to customers.
  • Detect and defend against abuse or security incidents affecting our infrastructure.

3. Lawful bases (GDPR)

  • Performance of a contract — to deliver the services you or your employer have signed up for.
  • Legitimate interests — to secure our services, respond to prospect enquiries, and maintain aggregate analytics where consent is not required.
  • Consent — for analytics, marketing cookies, and any other processing subject to Article 6(1)(a) where your jurisdiction requires an opt-in.
  • Legal obligation — to meet tax, audit, and regulatory requirements.

4. Retention

  • Analytics event data: retained for the period configured with our analytics processor (PostHog), described in Service providers and subprocessors. Analytics run only after consent where required.
  • Contact form messages: retained until deletion is requested or the contact relationship lapses, whichever comes first.
  • Customer workspace data: retained for the term of the subscription plus any contractual retention window agreed in the order form; see the Data Processing Addendum for details.
  • Audit logs: retained for the contractual window defined in the order form.

5. Service providers and subprocessors

We share personal data with vetted third parties that help us run the website and deliver the Services. Each is bound by a contract that limits its use of the data to providing its service to us. We engage providers in the following categories:

  • Hosting, CDN, and edge security — to serve the website, mitigate attacks, and store form and waitlist submissions.
  • Transactional email — to send waitlist confirmations and account notifications.
  • Website chat and support — to answer questions, loaded only after consent.
  • Analytics and error monitoring — consent-gated product and website analytics and client-side error reporting.
  • Content management and identity — to store and publish website content.
  • LLM providers — to power in-product AI features, engaged under contracts that prohibit training on customer data.

For customers, the Data Processing Addendum governs our use of subprocessors: we notify customers of new subprocessors before they are engaged, and the current named list, with locations and data categories, is provided to customers and prospects under the DPA and on request to support@pentrova.ai.

6. Cookies and tracking

We use cookies in three categories: Essential cookies keep the site running, Analytics cookies help us understand which content is working, and Marketing cookies would support attribution if we ever run paid campaigns. Essential cookies are always on; Analytics and Marketing are opt-in where your jurisdiction requires consent.

Preferences are stored in a single first-party cookie (pntr_consent_v2) for twelve months. Clearing site data resets them to defaults (Essential on, Analytics and Marketing off). You can change any non-essential toggle below at any time; the change applies on your next page view.

  • Required

    Required for the site to function: navigation, form submission, and consent persistence. Always on.

  • Aggregate, privacy-respecting usage metrics that help us understand which pages help visitors most. We never sell or share this data.

  • Attribution for campaigns and ads. Pentrova does not use third-party advertising cookies today. This toggle controls any future marketing-class cookies.

7. Your rights under GDPR

  • Right of access — request a copy of your personal data.
  • Right to rectification — correct inaccurate or incomplete data.
  • Right to erasure — request deletion of your personal data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests, including direct marketing.
  • Right to restrict processing — limit processing while your request is assessed.

To exercise any of these rights, email support@pentrova.ai. You can also lodge a complaint with your supervisory authority.

8. Your rights under CCPA

  • Right to know. Request the categories and specific pieces of personal information we have collected about you in the preceding twelve months.
  • Right to delete. Request deletion of personal information, subject to statutory exceptions.
  • Right to correct. Request correction of inaccurate personal information.
  • Right to opt out of sale. Pentrova does not sell personal information, and has not sold personal information in the preceding twelve months. This right therefore exists as a statutory safeguard but has no practical impact on our processing.
  • Right to non-discrimination. We will not treat you differently for exercising any of the rights above.

9. US state privacy rights

Pentrova recognises the rights granted by an emerging set of US state privacy laws. Where you reside in one of these states, the rights below apply in addition to any other rights described in this policy. To exercise any right listed here, email support@pentrova.ai with the subject line "US state privacy rights". We will verify your request (which may require additional information) and respond within the statutory window.

California (CCPA / CPRA)

California residents have the rights to know, delete, correct, access, opt out of sale or sharing, limit the use of sensitive personal information, and non-discrimination. CPRA also establishes a right to data portability and extends the right to know to data older than twelve months. Submit requests through the email above.

Colorado (CPA)

Colorado residents have the rights to access, correct, delete, and opt out of (a) targeted advertising, (b) sales, and (c) profiling with legal or similarly significant effects. To opt out, email the address above or use the toggles in the Cookies and tracking section.

Virginia (VCDPA)

Virginia residents have the rights to access, correct, delete, port, and opt out of targeted advertising, sales, and profiling used for decisions producing legal or similarly significant effects. Pentrova does not engage in such automated profiling; the right is preserved as a statutory safeguard.

Connecticut (CTDPA)

Connecticut residents have the rights to access, correct, delete, port, and opt out of sales, targeted advertising, and profiling used for significant decisions. To exercise these rights, email the address above; we honour Global Privacy Control signals on the marketing site as that mechanism is added to our consent stack.

Utah (UCPA)

Utah residents have the rights to access, delete, port, and opt out of targeted advertising and sales. UCPA does not create a correction right; Pentrova still offers correction on request to every US resident as a matter of policy.

How to opt out

  • Email support@pentrova.ai with the subject "Opt out" and the state you reside in.
  • Use the cookie toggles in the Cookies and tracking section to disable analytics and marketing categories.
  • Submit the request through an authorized agent; we require written authorization and identity verification.

10. Your rights under the India DPDPA

Pentrova is incorporated in India and acts as a Data Fiduciary for personal data of Indian residents under the Digital Personal Data Protection Act 2023 (DPDPA). Indian residents have the following rights:

  • Right to access information about personal data. Confirm whether Pentrova processes your personal data and request a summary of processing activities.
  • Right to correction and erasure. Request correction of inaccurate data or erasure of personal data no longer necessary for the purpose collected.
  • Right to grievance redressal. Raise a grievance about Pentrova's processing of your personal data; we will respond within statutory timelines.
  • Right to nominate. Nominate another individual to exercise these rights on your behalf in the event of death or incapacity.

To exercise any of these rights, email support@pentrova.ai with the subject "DPDPA request". You may also lodge a complaint with the Data Protection Board of India once constituted.

11. Data Protection Officer contact

For any privacy-related question or request, contact our Data Protection Officer at support@pentrova.ai. We respond within thirty days.

Site search

↑↓ navigateEnter openEsc close