Privacy Policy

TRX Security ("TRX Security", "we", "us", or "our") operates the platform available at trxsecurity.in — an AI-powered, autonomous offensive and defensive cybersecurity platform.

Our registered email for privacy matters: [email protected]

Account Information: When you register, we collect your name, email address, and a securely hashed password (Argon2id). OAuth sign-in (Google, GitHub) shares only your public profile and email.

Platform Activity: We log scan targets, scan results, AI queries, reports, and settings you configure. This data belongs to you and is used solely to provide the service.

Technical Data: IP address, browser type, OS, and session identifiers collected automatically for security, rate-limiting, and abuse prevention.

Communications: If you contact us via email or the contact form, we retain your message to resolve your inquiry.

• To provide, maintain, and improve the TRX Security platform
• To authenticate you and manage your account securely
• To generate security reports, scan results, and AI-assisted analysis you request
• To detect, investigate, and prevent fraud, abuse, or security threats
• To send transactional emails (password resets, security alerts) — no marketing without consent
• To comply with applicable laws and legal obligations

All data is stored on servers located in the UAE. We use industry-standard encryption (TLS 1.3 in transit, AES-256 at rest), Argon2id password hashing, JWT authentication with HTTP-only cookies, and 4-tier RBAC access controls.

We conduct regular security audits and penetration tests on our own infrastructure. Your scan data and credentials are never shared with third parties except as required to operate the service (e.g., database hosting).

We use strictly necessary cookies for authentication (session tokens, CSRF protection) and functional preferences (theme, UI state). We do not use advertising or cross-site tracking cookies.

Please see our Cookie Policy for full details.

TRX Security integrates with the following third-party services to deliver its functionality:

• Cloudflare: CDN, DDoS protection, and tunnel — processes request metadata
• OpenAI: AI analysis features send anonymised security data for processing
• Google / GitHub OAuth: Optional sign-in only; we receive minimal profile data
• Hostinger: Email hosting for support communications

We do not sell your data to any third party, ever.

We retain account data for as long as your account is active. Scan results and reports are retained for 12 months by default and can be deleted by you at any time from Settings. If you delete your account, all personal data is purged within 30 days.

You have the right to: access the personal data we hold about you; correct inaccurate data; delete your data ("right to be forgotten"); export your data in machine-readable format; withdraw consent for any processing based on consent.

To exercise any of these rights, email [email protected] with subject "Privacy Request".

TRX Security is a professional cybersecurity platform intended for users aged 18 and above. We do not knowingly collect data from children under 18. If you believe we have inadvertently collected such data, please contact us immediately.

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify registered users via email at least 14 days before any material change takes effect. Continued use of the platform after changes constitutes acceptance.

For any privacy-related questions or requests:

📧 [email protected]

🌐 trxsecurity.in/contact