Privacy policy.

What we collect

• Identity data you provide on forms (name, email, company, role, message).
• Technical data (IP, user agent, referrer) only when strictly necessary for security.
• Cookies and similar technologies — see our cookie policy.
• For customers under contract: engagement artifacts are handled per the signed SOW/DPA.

How we use it

• To respond to your inquiry.
• To deliver contracted services.
• To meet legal and regulatory obligations.
• To secure our services (abuse detection, fraud prevention).

Your rights

Subject to applicable law (GDPR, UK GDPR, DPDP, CCPA), you may access, correct, delete, port, or object to processing of your personal data. Contact privacy@pentstark.com.

Retention

Contact submissions are retained for 24 months unless a customer relationship is formed, in which case the terms of the engagement apply. Security logs are retained for 13 months.

International transfers

Data may be processed in the United States, European Union, and India. We use Standard Contractual Clauses for transfers out of the EEA/UK.

Contact

PentStark LLP · Data Protection Officer · privacy@pentstark.com