Back to home

Privacy Policy

Last updated: April 2, 2026

1. Introduction

CyberArsenal Pro ("the Platform", "we", "us", or "our") is operated by IAMUVIN, owned and managed by Uvin Vindula. Our website is located at uvin.lk. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use CyberArsenal Pro.

By accessing or using the Platform, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Platform.

2. Information We Collect

2.1 Account Information

When you create an account through our authentication provider (Clerk), we collect your name and email address. This information is necessary to provide you with a personalized experience and to manage your account.

2.2 Scan History

When you use our scanning tools, we store the URLs you scan and the resulting scan data. This allows you to review past scan results and track security posture over time.

2.3 Usage Analytics

We collect anonymized usage data such as pages visited, features used, and general interaction patterns. This data helps us improve the Platform and prioritize feature development.

3. Information We Do Not Collect

3.1 Passwords

Our Password Auditor tool operates entirely within your browser. Passwords you enter for strength checking or breach detection never leave your device and are never transmitted to our servers. Only a partial hash prefix (the first 5 characters of a SHA-1 hash) is sent to the HaveIBeenPwned API to check for breaches, in accordance with the k-Anonymity model.

3.2 Payment Data

All payment processing is handled by Stripe. We do not store, process, or have access to your full credit card numbers or banking details. Please refer to Stripe's Privacy Policy for details on how they handle payment data.

4. Cookies

We use essential cookies provided by Clerk for authentication session management. These cookies are required for the login functionality to work correctly. We do not use advertising cookies, tracking cookies, or any third-party marketing cookies. For more details, please see our Cookies Policy.

5. Data Retention

Scan history for logged-in users is stored indefinitely to allow ongoing access to past results. You may request deletion of your scan history at any time by contacting us. Rate-limiting data (such as daily scan counts) is ephemeral and is not permanently stored.

6. Third-Party Services

We use the following third-party services to operate the Platform:

  • Clerk -- Authentication and user management. Clerk processes your name, email, and session data.
  • Neon -- Database hosting. Scan history and user data are stored in a Neon PostgreSQL database, encrypted at rest.
  • Vercel -- Application hosting and deployment. Vercel processes request logs and provides privacy-focused analytics.
  • HaveIBeenPwned API -- Password breach checking. Only a partial SHA-1 hash prefix (first 5 characters) is transmitted; your full password is never sent.

Each third-party service has its own privacy policy governing their handling of data. We encourage you to review those policies.

7. Your Rights

In accordance with applicable data protection laws, including the GDPR, you have the following rights:

  • Right of Access -- You may request a copy of the personal data we hold about you.
  • Right to Deletion -- You may request that we delete your account and all associated data.
  • Right to Data Portability -- You may request your data in a structured, commonly used, machine-readable format.
  • Right to Rectification -- You may request corrections to inaccurate personal data.
  • Right to Restriction -- You may request that we restrict processing of your data under certain circumstances.

To exercise any of these rights, please contact us at info@cyberarsenal.app. We will respond to your request within 30 days.

8. Security

We take the security of your data seriously. All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security). Data at rest is encrypted within our database provider (Neon). We follow industry best practices to protect against unauthorized access, alteration, disclosure, or destruction of your personal information.

9. Children's Privacy

CyberArsenal Pro is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

IAMUVIN

Uvin Vindula

Email: info@cyberarsenal.app

Website: uvin.lk