PRIVACY POLICY
Last updated: January 2026 · Effective: January 1, 2026
Summary: PM::OFFSEC collects only what is necessary to provide security scanning services. We do not sell your data. Scan results belong to you. We use industry-standard encryption for all data in transit and at rest.
1. WHO WE ARE
PM::OFFSEC Security Dashboard ("we", "us", "our") is operated by Prakash Mijar, a cybersecurity professional originally from Nepal, currently based in the United States. Our platform is accessible at erprakashmijar.com.
Contact: contact@erprakashmijar.com
2. INFORMATION WE COLLECT
Account Information
- Name and email address (required for account creation)
- Hashed password (we never store plain-text passwords)
- Company name and phone number (optional)
- IP address at time of registration
Scan Data
- IP addresses and hostnames you choose to scan
- SSH credentials you provide (used only during the scan, never stored)
- Scan results, vulnerability findings and security scores
- Device metadata (OS version, open ports, services)
Usage Data
- Pages visited and features used (for product improvement)
- Login timestamps and session data
- API requests and rate limit counters
What We Do NOT Collect
- Payment card numbers (handled by Stripe/Lemon Squeezy directly)
- SSH private keys or credentials after scan completion
- Personal health information
- Location data beyond IP-based country
3. HOW WE USE YOUR DATA
- Provide and operate the security scanning service
- Send email alerts for critical vulnerability findings
- Process subscription payments through our payment providers
- Improve platform features and fix bugs
- Comply with legal obligations
- Respond to support requests
We do not sell, rent or trade your personal information to any third party.
4. DATA STORAGE AND SECURITY
All data is stored on Railway-hosted PostgreSQL databases located in the United States. We implement:
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption for data at rest
- bcrypt hashing for all passwords
- Regular security assessments of our own infrastructure
- Access controls limiting who can access production data
In the event of a data breach affecting your account, we will notify you within 72 hours via the email address on your account.
5. DATA RETENTION
- Account data: Retained while your account is active, deleted within 30 days of account closure
- Scan results: Retained for 90 days (Free plan), 1 year (Starter/Pro), or as long as account is active (Enterprise)
- Email logs: Retained for 30 days for deliverability purposes
- Audit logs: Retained for 1 year for legal compliance
6. THIRD-PARTY SERVICES
We use the following third-party services which have their own privacy policies:
7. YOUR RIGHTS
You have the right to:
- Access — Request a copy of all data we hold about you
- Correction — Update inaccurate information via your profile settings
- Deletion — Request deletion of your account and all associated data
- Portability — Export your scan data as JSON at any time
- Opt-out — Unsubscribe from marketing emails at any time
To exercise any of these rights, email contact@erprakashmijar.com. We will respond within 30 days.
8. COOKIES
PM::OFFSEC uses only essential session cookies necessary for authentication. We do not use tracking cookies, advertising cookies, or analytics cookies. No third-party tracking scripts are loaded on our platform.
9. SECURITY SCANNING DATA
By using our scanning services, you confirm that you have explicit authorization to scan the systems and networks you submit. Scan results are stored securely and are only accessible to your account. We do not share your infrastructure details with any third party.
SSH credentials you provide for remote scanning are used only during the active scan session and are never written to disk or logged. They exist in memory only and are discarded immediately after the scan completes.
10. CHANGES TO THIS POLICY
We will notify registered users by email at least 14 days before any material changes to this privacy policy. Continued use of the platform after changes constitutes acceptance of the updated policy.
11. CONTACT
For privacy questions, data requests, or concerns: