Privacy Policy

Last updated: June 13, 2026

Admiresty, Inc. ("Admiresty," "we," "us," or "our") operates TLINK PRO, an attack-surface monitoring and threat-intelligence platform. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have over it. By creating an account or using TLINK PRO in any way, you agree to the practices described here.

We designed TLINK PRO with privacy in mind. We collect only the data we genuinely need to deliver the service, and we do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes — full stop.

1. Information We Collect

We collect information in three broad categories: data you provide directly, data generated automatically as you use the platform, and data submitted as part of your monitoring configuration.

Account information. When you register for TLINK PRO, we collect your name, email address, and a hashed copy of your password (we never store plaintext passwords). If you sign up via an OAuth provider such as Google or GitHub, we receive only the fields that provider shares with us (typically name, email, and profile picture). If you belong to a team or organization on the platform, we also store your role and the organization's name and billing contact details.

Usage and analytics data. We collect information about how you interact with TLINK PRO — pages visited, features used, button clicks, search queries within the app, and session duration. This data is tied to your account and is used to improve the product, debug issues, and understand which capabilities are most valuable. We do not use third-party analytics trackers such as Google Analytics; all telemetry is processed on our own infrastructure.

Monitoring targets you submit. Core to the service is the data you configure as monitoring targets: domain names, IP addresses and CIDR ranges, email addresses (for breach and dark-web monitoring), SSL/TLS certificate subjects, and similar identifiers. We store these targets, together with the scan results we produce for them (open ports, exposed services, DNS records, certificate details, threat-intelligence findings, etc.). This data is processed on your behalf and remains your property — see Section 8 (Data Ownership).

Billing information. Payment processing is handled entirely by Stripe, Inc. We do not receive or store your full card number, CVV, or bank-account details. Stripe shares with us a tokenized payment method reference, the last four digits of the card, card brand, expiry date, and billing address for fraud-prevention and invoicing purposes. We store plan details, billing history, and subscription status on our side.

Communications. If you contact us via email or our support channels, we retain the contents of those conversations to help resolve your issue and improve our support processes. If you subscribe to product update emails or security advisories, we store your email address and subscription preferences.

2. How We Use Your Information

We use your data only for the following purposes, all of which are necessary to operate TLINK PRO or are in our legitimate business interest:

  • Providing, maintaining, and improving the platform, including running scans against your configured targets and surfacing findings in your dashboard.
  • Sending security alerts, scan-completion notifications, and threshold breach alerts via email or webhook, based on your notification settings.
  • Processing payments, issuing invoices, and managing your subscription lifecycle (upgrades, downgrades, cancellations, renewals).
  • Authenticating your identity and protecting your account against unauthorized access.
  • Responding to support requests and resolving technical issues.
  • Detecting and preventing abuse, fraud, and violations of our Terms of Service and Acceptable Use Policy.
  • Complying with legal obligations, including responding to valid law-enforcement requests, court orders, or regulatory inquiries.
  • Analyzing aggregated, anonymized usage patterns to guide product development. This analysis uses de-identified data and cannot be linked back to you.

We will not use your monitoring targets or scan results to build threat-intelligence products that are sold or shared externally. Your security data is yours alone.

3. Data Retention

We retain your account data, monitoring configurations, and scan results for as long as your account is active. When you delete your account, we begin a 30-day grace period during which your data remains recoverable in case of accidental deletion. After that 30-day window, your account data, configurations, and associated scan results are permanently purged from our production systems.

Application and infrastructure logs (server access logs, API request logs, and security-event logs) are retained for 90 days and then automatically deleted. We retain billing records and invoices for seven years to comply with financial regulations and tax obligations, even after account deletion.

Backup snapshots may retain data for up to an additional 30 days beyond these windows while backup rotation cycles complete. These backups are encrypted and access-controlled, and they are not used for any purpose other than disaster recovery.

4. Third-Party Services

We rely on a small number of carefully selected sub-processors to operate the platform. Each is bound by a Data Processing Agreement (DPA) and is required to handle your data only as directed by us:

  • Stripe, Inc. — Payment processing. Stripe receives your billing details when you purchase or upgrade a subscription. Stripe is PCI DSS Level 1 certified. See Stripe's privacy policy at stripe.com/privacy.
  • Amazon Web Services (AWS) — Cloud infrastructure, compute, storage (S3), and managed databases (RDS). All TLINK PRO data at rest is stored within AWS data centers. We use AWS regions in the United States by default; Enterprise customers may request data residency in specific regions.
  • Resend / SMTP relay — Transactional email delivery (alerts, verification emails, invoices). We pass your email address and the content of notifications to our email provider solely for the purpose of delivery. We do not permit our email provider to use your address for its own marketing.

We do not use advertising networks, social-media tracking pixels, or data-broker services.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data. We will respond to all verified requests within 30 days.

GDPR rights (European Economic Area, UK, and Switzerland). You have the right to access a copy of the personal data we hold about you; to correct inaccurate data (rectification); to request deletion of your data (erasure / right to be forgotten), subject to our retention obligations for billing records; to receive your data in a portable, machine-readable format (data portability); to restrict or object to certain processing activities; and to withdraw consent where processing is based on consent.

CCPA rights (California residents). You have the right to know what personal information we collect and how we use it; the right to request deletion of your personal information; and the right to opt out of the sale of your personal information. We do not sell personal information, so the opt-out right has no practical effect, but it is yours regardless. We will not discriminate against you for exercising any CCPA rights.

To exercise any of these rights, email us at privacy@admiresty.co. Please include enough information for us to verify your identity (typically your account email address and the nature of your request).

6. Security Measures

Security is the core of what we do, so we apply it rigorously to our own infrastructure. All data in transit is encrypted using TLS 1.2 or higher. Data at rest — including database contents, file storage, and backups — is encrypted with AES-256. API keys and integration secrets are stored as SHA-256 hashes; we cannot recover plaintext secrets once created.

Access to production systems is restricted to authorized Admiresty engineers on a need-to-know basis, requires multi-factor authentication, and is fully audit-logged. We conduct regular dependency-vulnerability scans and apply security patches on an expedited schedule. For more detail, see our Security page.

7. Cookies

TLINK PRO's use of cookies is minimal. We use a CSRF-protection cookie during OAuth login flows, and Stripe may set cookies during the checkout process. We do not use advertising or cross-site tracking cookies. For full details, see our Cookie Policy.

8. Children's Privacy

TLINK PRO is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us at privacy@admiresty.co and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email at least 14 days before the change takes effect and update the "Last updated" date at the top of this page. Continued use of TLINK PRO after the effective date constitutes acceptance of the revised policy.

10. Contact

If you have questions, concerns, or requests related to this Privacy Policy or how we handle your personal data, please contact our privacy team:

Admiresty, Inc.
Email: privacy@admiresty.co