Privacy Policy

Last Updated: June 3, 2026.

1. Scope of Agreement

TrustLayerLabs is committed to protecting the confidentiality, integrity, and privacy of startup client environments, configurations, source code, and assets. We sign mutual Non-Disclosure Agreements (NDAs) prior to accessing any database keys or environment nodes.

2. Data Security & Storage

All technical report files, scan artifacts, threat models, and vulnerability reproduction details are stored in end-to-end encrypted storage vaults. We enforce strong multi-factor authentication (MFA) and least-privilege security permissions across our analysis workflows.

3. Retention Policies

Following the conclusion of a VAPT assessment and final attestation certificate issue, all client environment credentials, configurations, and connection channels are purged from our analysis machines. Technical logs are archived for 30 days to facilitate re-scans and then deleted securely.

4. GDPR and Regulatory Compliance

If your startup operates globally or is subject to Indian DPDP act, GDPR, or HIPAA rules, we guarantee that all data handling matches compliance criteria. No client source code or details will be exposed, shared, or referenced in our public portfolio without written permissions.