Privacy Policy

NetLaabs ("we," "us," or "our") is committed to safeguarding your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you visit our website at netlaabs.com or engage with our offensive security services. We believe in full transparency — the same honesty we bring to our security assessments applies to how we handle your data.

By accessing our website or using our services, you acknowledge that you have read and understood this policy. If you do not agree with any part of this policy, please refrain from using our website or services.

Information You Provide Directly

• Contact details — name, email address, organization name, and any information you include in inquiry forms or emails to us.
• Engagement data — project scopes, target information, credentials, and documentation shared during active penetration testing engagements. This data is handled under strict NDA and destroyed upon project completion unless a retention period is mutually agreed upon.
• Communication records — correspondence via email, contact forms, or messaging platforms used for project coordination.

Information Collected Automatically

• Usage data — pages visited, time spent on pages, referral source, browser type, device type, and operating system. This helps us improve our website experience.
• Log data — IP addresses, request timestamps, and HTTP headers. These are stored in server logs for security monitoring and are purged on a rolling 90-day basis.

We use your information for the following purposes:

• To respond to your inquiries and provide quotes for our services.
• To deliver, manage, and execute penetration testing, red team, or security assessment engagements.
• To generate and deliver security reports and remediation guidance.
• To improve our website, user experience, and service offerings.
• To comply with legal obligations and enforce our terms of service.
• To detect and prevent unauthorized access to our own systems.

We do not sell, rent, or trade your personal data to third parties. Ever.

Our website uses minimal cookies strictly necessary for functionality. We do not use invasive tracking pixels or third-party ad trackers. The cookies we may use include:

• Essential cookies — required for basic site functionality such as form submissions and session management.
• Analytics cookies — we may use privacy-respecting analytics (no personal data collection) to understand aggregate traffic patterns.

You can control cookie settings through your browser. Disabling cookies may affect certain features of our website.

Security isn't just our business — it's our obligation. We implement appropriate technical and organizational measures to protect your data, including:

• End-to-end encryption for all engagement-related communications.
• Secure, access-controlled storage for engagement data and reports.
• Mandatory data destruction protocols at the conclusion of each engagement.
• Regular internal security audits and access reviews.
• All team members operate under binding NDAs and strict data handling policies.

While no system is 100% secure, we apply the same rigor to protecting your data that we apply to testing our clients' systems.

We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy. Specific retention periods:

• Contact form submissions — retained for up to 12 months unless a business relationship is established.
• Engagement data — destroyed within 30 days after project completion and final report delivery, unless otherwise agreed in writing.
• Server logs — purged on a rolling 90-day cycle.
• Invoicing records — retained as required by applicable tax and accounting laws.

We may use a limited number of third-party services to operate our website and business. These include:

• Hosting and infrastructure providers.
• Email delivery services for transactional communications.
• Payment processors for billing (we never store credit card details directly).

Each third-party provider is vetted for their security practices and is contractually obligated to handle your data in accordance with applicable privacy regulations.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• The right to access the personal data we hold about you.
• The right to request correction of inaccurate data.
• The right to request deletion of your data (subject to legal obligations).
• The right to withdraw consent for data processing at any time.
• The right to data portability where technically feasible.
• The right to lodge a complaint with a relevant data protection authority.

To exercise any of these rights, contact us at contact@netlaabs.com. We will respond within 30 days.

Our website and services are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected data from a minor, we will promptly delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out: