Privacy Policy

1. Introduction

CivSec Arena ("we", "our", or "us") is operated by CivSec Group B.V., registered in the Netherlands. This Privacy Policy explains how we collect, use, and protect your personal data when you use our AI-powered website analysis platform.

We are committed to GDPR compliance and protecting your privacy rights.

2. Data We Collect

Account Information

• Email address
• Name (optional)
• Profile picture (if signing in with Google)

Usage Data

• Website URLs you submit for analysis
• Battle history and results
• Payment information (processed by Stripe)

Technical Data

• IP address
• Browser type and version
• Device information
• Cookies and session data

3. How We Use Your Data

We use your data to:

• Provide and improve our website analysis services
• Process payments and manage subscriptions
• Send service-related communications
• Analyze usage patterns to improve our AI agents
• Prevent fraud and abuse

Legal basis: Contract performance, legitimate interests, and consent where required.

4. Website Analysis

When you submit a URL for analysis, our AI agents access publicly available information on that website. We do not:

• Access password-protected areas
• Perform actual security attacks
• Store website content long-term
• Share analyzed website data with third parties

Analysis results are stored in association with your account for your reference in battle history.

5. Data Sharing

We share data with:

• Stripe: Payment processing
• Vercel: Website hosting
• Railway/Upstash: Database and caching
• OpenAI/Anthropic: AI model providers (anonymized prompts only)

We do not sell your personal data to third parties.

6. Data Retention

• Account data: Until you delete your account
• Battle history: 2 years
• Payment records: 7 years (legal requirement)
• Technical logs: 90 days

7. Your Rights (GDPR)

As an EU resident, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data
• Portability: Receive your data in a portable format
• Object: Object to certain processing
• Withdraw consent: Where processing is based on consent

To exercise these rights, contact us at privacy@civsecarena.com

8. Cookies

We use:

• Essential cookies: For authentication and security
• Preference cookies: To remember your settings
• Analytics cookies: To understand usage (opt-out available)

You can manage cookie preferences in your browser settings.

9. Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (TLS/HTTPS)
• Encryption at rest
• Access controls and authentication
• Regular security audits

10. Contact

For privacy-related inquiries: