Privacy Policy

Effective 22 April 2026. This policy describes how Gorgon Cyber Pty. Ltd. ("we", "us") handles personal information in connection with the Gorgon Scout application and the gorgoncyber.com website.

Summary

Gorgon Scout is a local-first security testing tool. Scan data, captured traffic, discovered endpoints, and findings never leave the tester's computer. The only personal information we hold is what is strictly necessary to authenticate your account and bill your subscription.

Information We Collect

When you create a Gorgon Scout account we store the following:

• Your email address, collected through Firebase Authentication. If you sign in with Google or GitHub, only your email address and your provider's opaque user identifier are recorded.
• A Firebase user identifier assigned to your account.
• A one-way SHA-256 hash derived from three hardware identifiers on the computer you sign in from (Windows MachineGuid, motherboard serial, primary disk serial). The raw identifiers never leave your machine. The hash is used exclusively to enforce the one-trial-per-machine policy and to detect fraudulent trial abuse.
• Your subscription status and a Stripe customer identifier, both required to run the subscription. Payment card details are handled directly by Stripe and never pass through our servers.
• Timestamps for account creation, last sign-in, and the number of active scan targets you have configured (the number only, not the targets themselves).

Information We Do Not Collect

We do not receive, store, or otherwise process any of the following:

• The URLs, hostnames, or IP addresses of applications you scan.
• HTTP traffic Gorgon Scout captures during a scan, including request bodies, response bodies, cookies, tokens, or session data.
• Credentials you enter into target applications during authentication capture.
• Vulnerability findings, reports, or any derived analysis produced by Scout.
• Your computer's raw hardware identifiers, IP address, or geolocation beyond what is incidentally observable by Google Cloud when your client connects to our Firebase Authentication and API servers.

How We Use Your Information

Account information is used to:

• Authenticate you on sign-in.
• Enforce your subscription entitlements and trial eligibility.
• Provide billing statements and manage your subscription through Stripe.
• Respond to support requests you send to us.

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except the subprocessors listed below.

Subprocessors

• Google Cloud Platform and Firebase (Google LLC) - hosts our API servers, Firestore database, and Firebase Authentication service.
• Stripe, Inc. - processes subscription payments. Stripe's privacy policy governs its handling of payment card data.

Data Retention

Account information is retained for as long as your Gorgon Scout account is active. If you delete your account from within Scout, your Firebase identity and our server-side record of your account are removed immediately. Stripe retains billing records separately in accordance with its own policies and applicable tax law.

Your Rights

You can delete your account at any time from the Account screen inside Gorgon Scout. You can also contact us at support@gorgoncyber.com to request a copy of the account data we hold about you, correct inaccurate data, or ask us to delete it.

Security

Account data is transmitted over TLS and stored in encrypted Google Cloud services. Your Firebase authentication tokens on your computer are held in the Windows Credential Manager, encrypted at rest with your Windows user profile's DPAPI key.

Changes to This Policy

We may update this policy as Gorgon Scout evolves. Material changes will be announced in the application itself before they take effect.

Contact

Questions about this policy or your data can be directed to support@gorgoncyber.com.