Privacy Policy

1. Who we are

Corvus Security, based in Germany, operates this website and the CIS Auditor platform. For questions about your data, reach us at info@corvus-security.net. We are the controller of your personal data under Art. 4(7) GDPR. See our Impressum for full contact details.

2. What we collect and why

We keep data collection to what is actually necessary to run the service.

• Account data — email address, password (stored as a bcrypt hash), company name. Used to authenticate you and identify your organisation.
• Agent telemetry — hostname, OS version, and the results of CIS benchmark scans run on machines you enrol. This data sits in your own tenant — we never aggregate it across customers or use it for anything other than displaying your compliance results.
• Support messages — whatever you include in a support ticket. We keep these to resolve your issue and for a reasonable period afterwards.
• Billing data — if you subscribe to a paid plan, payment is processed by Stripe. We store only a Stripe customer reference; your card details never touch our servers.

We do not run analytics, ad trackers, or third-party marketing scripts on any page.

3. Where data is stored

Your data is stored on Cloudflare's infrastructure within the EU. All connections use HTTPS. Agent credentials are encrypted on-device using Windows DPAPI before being stored locally.

4. Cookies

No tracking cookies, no cookie banner. We set a single session cookie (HttpOnly, Secure, SameSite=Strict) when you log in to the dashboard. That is it.

5. Your rights under GDPR

You have the right to access, correct, delete, or export your data at any time. Most of it is directly accessible from the dashboard. To request full deletion, email info@corvus-security.net — we will complete it within 30 days.