Privacy Policy, Terms of Service & Refund Policy
Last Updated: 24 March 2026 · Effective Date: 23 March 2026
This page contains the complete legal framework governing your use of Protevix Infosec and its suite of cybersecurity products including KScan, accessible at protevixinfosec.com. It includes our Privacy Policy, Terms of Service, and Refund & Cancellation Policy. Please read all sections carefully before using our services.
1. Introduction & Scope
Protevix Infosec ("we", "us", "our") is a cybersecurity services firm operating as a proprietary business registered in India under the Shop and Establishment Act. We operate Protevix Infosec and its suite of cybersecurity products including KScan, accessible at protevixinfosec.com and its subdomains (collectively "the Platform").
This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Platform. It applies to all users of protevixinfosec.com, including visitors, registered users, and paying customers.
By using our Platform, you consent to the collection and use of information as described in this policy. If you do not agree, please discontinue use of the Platform immediately.
2. Information We Collect
We collect the following categories of information:
| Category | What We Collect | Why |
|---|---|---|
| Identity Data | Name, email address | Account creation, report delivery, communication |
| Payment Data | Transaction ID, amount, payment status | Payment verification and invoicing |
| Technical Data | IP address, browser type, device information | Security, fraud prevention, service improvement |
| Usage Data | Pages visited, features used, scan history, timestamps | Service delivery, analytics, product improvement |
| Scan Target Data | URLs and domains submitted for scanning | Execution of the security assessment service |
| Communication Data | Emails and messages sent to us | Support and correspondence |
3. How We Use Your Information
We use your information for the following purposes:
- To provide, operate, and maintain the Platform and its cybersecurity products
- To process your payments and deliver your security assessment reports
- To send you your purchased report via email
- To respond to your enquiries and provide customer support
- To detect, prevent, and address technical issues, fraud, and abuse
- To improve our services based on usage patterns
- To comply with applicable laws including the DPDP Act 2023 and IT Act 2000
- To send service-related communications (not marketing without consent)
We do not use your personal data for automated decision-making that produces legal or similarly significant effects without human review.
4. Data Storage & Security
Your data is stored on secure cloud infrastructure. We implement the following technical safeguards:
- Encryption of data in transit using TLS 1.2 or higher
- Encryption of sensitive data at rest using AES-256
- Access controls limiting data access to authorised personnel only
- Regular security assessments of our own infrastructure
- Secure deletion of scan credentials within 24 hours of scan completion
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 3 years after deletion |
| Purchase records and invoices | 7 years (required by Indian tax law) |
| Security assessment reports | 90 days from generation, then permanently deleted |
| Scan credentials (Grey Box) | Deleted within 24 hours of scan completion |
| Server logs | 30 days rolling |
| Communication records | 2 years from last communication |
5. Data Sharing
We do not sell, trade, or rent your personal information to any third party for commercial purposes. We share data only in the following limited circumstances:
- Payment processing: Razorpay receives transaction data necessary to process payments.
- Cloud infrastructure: Our hosting providers process data on our behalf under data processing agreements.
- Legal compliance: We may disclose information if required by law, court order, or government authority.
- Business transfer: In the event of a merger or acquisition, your data may be transferred with appropriate notice.
6. Scan Target Data — Important Notice
Raw scan data is used solely to generate your security assessment report. It is not shared with security databases or threat intelligence platforms, and is permanently deleted along with your report after the retention period.
7. Cookies
We use cookies for the following purposes:
- Essential cookies: Required for the Platform to function — session management, login state, security tokens. Cannot be disabled.
- Analytics cookies: Help us understand how users interact with the Platform. Collected in aggregate, anonymised form.
- Payment cookies: Set by Razorpay during payment processing.
8. Your Rights
As a user you have the following rights regarding your personal data:
- Right to Access: Request a copy of the personal data we hold about you
- Right to Correction: Request correction of inaccurate or incomplete data
- Right to Deletion: Request deletion of your personal data (subject to legal retention obligations)
- Right to Portability: Request your data in a machine-readable format
- Right to Object: Object to processing of your data for specific purposes
- Right to Withdraw Consent: Withdraw consent for optional data processing at any time
To exercise any of these rights, email connect@protevixinfosec.com with the subject line "Data Rights Request". We will respond within 30 days.
9. Digital Personal Data Protection Act 2023 (India)
Protevix Infosec complies with the DPDP Act 2023. Under the DPDP Act:
- We collect and process personal data only for lawful purposes with your consent
- We implement reasonable security safeguards to protect personal data
- Our point of contact for DPDP Act grievances is connect@protevixinfosec.com
- In the event of a personal data breach, we will notify affected Data Principals as required
- We do not transfer personal data outside India except to jurisdictions with adequate data protection standards
10. Privacy Contact
For all privacy-related queries, data rights requests, or concerns, contact:
Privacy Officer, Protevix Infosec
Email: connect@protevixinfosec.com
Website: protevixinfosec.com
11. Acceptance of Terms
By accessing or using Protevix Infosec and its suite of cybersecurity products including KScan ("Services"), you ("User", "you") agree to be bound by these Terms of Service. If you are using the Services on behalf of an organisation, you represent that you have the authority to bind that organisation to these Terms.
These Terms constitute a legally binding agreement between you and Protevix Infosec. If you do not agree, you must not use our Services.
We reserve the right to update these Terms at any time. Continued use of the Services after changes constitutes acceptance of the revised Terms.
12. Description of Services
Protevix Infosec provides the following security assessment services through its cybersecurity product suite including KScan:
- Quick Scan (₹499): Automated black-box web application security assessment covering publicly accessible attack surfaces, security headers, SSL/TLS, port scanning, subdomain enumeration, and AI-generated vulnerability report.
- OSINT Scan (₹1,999): Passive open-source intelligence reconnaissance covering DNS records, subdomain exposure, breach data, internet-exposed infrastructure, and threat intelligence report.
- Grey Box Scan (₹4,999): Authenticated web application penetration testing covering all Quick Scan checks plus authenticated pages, IDOR testing, privilege escalation assessment, and session management review.
All services produce a professional security assessment report in PDF format delivered digitally upon payment confirmation. Reports are not a substitute for a full manual penetration test conducted by a human security professional.
13. Eligibility & Account Requirements
To use our paid services you must be at least 18 years of age, have the legal capacity to enter into a binding contract, provide accurate and complete information, and not be prohibited from receiving our services under applicable laws.
You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.
14. Authorisation Requirement — Critical Obligation
Scanning systems without explicit permission is illegal under the Information Technology Act 2000 (India) and equivalent laws in other jurisdictions. Protevix Infosec maintains logs of all scan requests and will cooperate fully with law enforcement authorities if a scan is found to have been conducted without authorisation.
Any user found to have submitted a target for scanning without authorisation will have their account permanently terminated and their details may be reported to the appropriate authorities.
15. Prohibited Use
You must not use the Platform to:
- Scan systems you do not own or have not received explicit written permission to scan
- Conduct denial of service attacks, brute force attacks, or any intentionally disruptive testing
- Attempt to extract or exfiltrate data from third-party systems
- Use our reports or findings to conduct, plan, or facilitate any cyberattack
- Resell, sublicence, or redistribute our reports without explicit written permission
- Attempt to reverse engineer or extract the underlying methodology of our scanning engine
- Submit false ownership confirmations
- Use the platform for any unlawful purpose
16. Intellectual Property
All intellectual property in Protevix Infosec and its suite of cybersecurity products including KScan — including software, algorithms, AI models, report templates, methodologies, branding, and documentation — is owned by or licenced to Protevix Infosec.
Upon payment, Protevix Infosec grants you a non-exclusive, non-transferable licence to use the report for your own internal security and compliance purposes only. This does not permit commercial redistribution, removal of branding, or use as a template for competing services.
17. Disclaimer of Warranties
The Platform and all reports are provided on an "as is" and "as available" basis. Protevix Infosec makes no warranties that:
- The service will be uninterrupted or completely accurate
- The assessment will identify all vulnerabilities present in the assessed system
- A clean scan result means the system is fully secure or free from all vulnerabilities
- The report constitutes a complete substitute for a full manual penetration test
18. Limitation of Liability
To the maximum extent permitted by Indian law, Protevix Infosec shall not be liable for any indirect, incidental, special, or consequential damages, loss of data, revenue, or profits arising from use of the Services. In all cases, Protevix Infosec's total cumulative liability shall not exceed the amount paid by you for the specific service that gave rise to the claim.
19. Governing Law & Dispute Resolution
These Terms are governed by the laws of India. Any disputes shall be subject to the exclusive jurisdiction of the courts located in Maharashtra, India. Before initiating formal proceedings, both parties agree to attempt resolution through good faith negotiation for 30 days. Contact us at connect@protevixinfosec.com to initiate a resolution process.
20. Refund & Cancellation Policy
This policy is established on the following grounds which you acknowledge and accept by making a purchase:
- Compliance documentation value: Every KScan report — including reports that return a clean result — constitutes documented evidence that your organisation has proactively conducted a security assessment. This has direct compliance value under the DPDP Act 2023 (Section 8), IT Act 2000 (Section 43A), ISO 27001:2022 (Annex A.8.8), and PCI DSS 4.0 (Requirement 11.3).
- A clean report is not a failure: A report showing zero or low vulnerabilities is a positive security outcome and a valuable compliance artefact. It is not evidence of a service failure — it is evidence of a secure system.
- Instant digital delivery: Security assessment reports are digital goods delivered immediately upon payment confirmation. The service is fully performed and the deliverable is fully delivered at the moment of download.
- Irreversible service consumption: The computation, scanning infrastructure, AI analysis, and report generation are performed and consumed at the time of the scan. These resources cannot be recovered or reversed once the service has been executed.
- Time-stamped evidence: Your report carries a specific date, time, and report ID that gives it legal and audit standing. This dated evidence of assessment cannot be "un-created" and its value cannot be returned.
21. Specific Scenarios — Refund Position
| Scenario | Refund Position | Reason |
|---|---|---|
| Clean report / no vulnerabilities found | No Refund | Clean report has compliance documentation value |
| Low risk score received | No Refund | Low risk is a positive outcome — service fully delivered |
| Disagree with findings | No Refund | Manual review available — contact us within 48 hours |
| Change of mind after purchase | No Refund | Digital service fully delivered — all sales final |
| Cancellation before scan starts | No Refund | Payment processes at time of order — scan queued immediately |
| Duplicate payment due to technical error | Refund Issued | Genuine duplicate charges refunded within 7 working days |
| Unauthorised transaction on your account | Investigated | Report within 24 hours — investigated within 48 hours |
22. Finding Dispute Process
If you believe a specific finding in your report is a false positive or technically incorrect, we offer a finding review process:
- Email connect@protevixinfosec.com within 48 hours of receiving your report
- Include your Report ID and the specific finding number you wish to dispute
- Provide your technical reasoning for why you believe the finding is incorrect
- Our team will review the finding within 5 working days
- If confirmed as a false positive, we will issue a corrected report at no additional charge
This review process does not constitute a refund pathway. No monetary refund will be issued regardless of the outcome of the review.
23. Pricing
| Service | Price (Incl. GST) | Deliverable |
|---|---|---|
| Quick Scan | ₹499 per URL | Black-box security assessment PDF report |
| OSINT Scan | ₹1,999 per domain | Passive reconnaissance and threat intelligence PDF report |
| Grey Box Scan | ₹4,999 per URL | Authenticated penetration test PDF report |
All prices are in Indian Rupees (INR). GST at applicable rates is included. Prices are subject to change with notice posted on the Platform.
24. Payment Terms
All payments are processed securely by Razorpay, a PCI DSS compliant payment gateway licensed by the Reserve Bank of India. We accept UPI, net banking, credit cards, debit cards (Visa, Mastercard, RuPay), and Razorpay wallet.
Payment is collected at the time of report download. Your report is released immediately upon successful payment confirmation. A payment receipt and GST invoice will be emailed within 24 hours of successful payment.