Privacy Policy

Pentalpina is an independent penetration testing practice based in Switzerland, operated as a sole proprietorship. The practitioner responsible for all data processing is the single named individual behind every engagement.

Contact: contact@pentalpina.ch

This website does not use cookies for tracking or advertising. We do not collect personally identifiable information during passive visits.

If analytics are enabled in the future, only anonymised metrics will be used (pages visited, device type, general geography, performance data). No data is sold or shared with third parties.

When you submit the scoping form, you voluntarily provide:

— Name and company — Email address — Target / scope description — Driver, timeline, and prior engagement context

This data is used solely to respond to your inquiry and assess whether an engagement is appropriate. It is never shared with third parties. You may request deletion at any time by emailing contact@pentalpina.ch.

Penetration testing engagements involve the deliberate collection of technical information about your systems. This includes but is not limited to:

— Network topology, open ports, and service versions — Application structure, endpoints, and authentication mechanisms — Credentials, tokens, and secrets discovered during the assessment — User account data encountered during exploitation chains — Screenshots and proof-of-concept artefacts

All engagement data is:

— Collected only within the agreed scope, as defined in the signed rules of engagement — Stored encrypted at rest and in transit — Retained solely for the purpose of producing the final report and supporting the retest window (30 days) — Permanently deleted after the engagement is closed and confirmed in writing — Never used for any purpose other than the engagement for which it was collected

No engagement data is stored in cloud environments outside Switzerland unless explicitly agreed in writing. All processing is governed by Swiss law.

A mutual non-disclosure agreement is signed before any recon begins. All findings, scope details, and client identity are treated as strictly confidential. Pentalpina will never disclose the existence of an engagement, the identity of a client, or any technical findings to any third party without written consent.

You will not be added to any mailing list or receive promotional content unless explicitly requested. Communication is limited to the engagement or inquiry in progress.

Personal and technical data is stored with industry-standard security controls. Engagement artefacts are encrypted. Access is limited to the single practitioner. No subcontractors process your data.

Under the Swiss Federal Data Protection Act (nFADP) and the EU General Data Protection Regulation (GDPR), you have the right to:

— Access the personal data held about you — Correct inaccurate information — Request deletion of your data — Object to processing — Receive your data in a portable format

To exercise any of these rights, contact: contact@pentalpina.ch

Data processing is carried out under the following legal bases:

— Contractual necessity (engagement execution) — Legitimate interest (responding to scoping inquiries) — Explicit consent (contact form submission)

Governing law: Swiss Federal Data Protection Act (nFADP), EU GDPR where applicable.

This policy may be updated to reflect changes in practice or law. The date of last revision is shown below. Continued use of this website or engagement with Pentalpina constitutes acceptance of the current version.