Privacy Policy

Last Updated: October 30, 2025

1. Introduction

Keybloc Pte Ltd ("we," "us," or "our"), UEN 202506039C, operating ScoutBloc, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application security testing service ("Service").

We are based in Singapore and comply with the Singapore Personal Data Protection Act 2012 ("PDPA") and other applicable data protection regulations including GDPR where relevant.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide when you:

  • Register for an account (name, email address, company name)
  • Subscribe to our Service (billing information, payment details)
  • Contact us for support (name, email, communication content)
  • Fill out contact forms on our website

2.2 Application Data

When you use our Service, we collect:

  • URLs and domains of applications you scan
  • Scan results and vulnerability reports
  • Application responses and headers during scanning
  • Configuration settings and scan parameters

2.3 Automatically Collected Information

We automatically collect certain information when you access our Service:

  • IP address and device information
  • Browser type and version
  • Usage data and analytics (pages visited, time spent, features used)
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Provision

  • Perform security scans on your web applications
  • Generate and deliver vulnerability reports
  • Send alerts and notifications about scan results
  • Provide customer support and respond to inquiries

3.2 Business Operations

  • Process payments and manage subscriptions
  • Maintain and improve the Service
  • Monitor Service performance and usage patterns
  • Detect, prevent, and address technical issues or security threats

3.3 Communication

  • Send service-related announcements and updates
  • Respond to support requests
  • Send marketing communications (with your consent, opt-out available)

3.4 Legal and Compliance

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect our rights and interests

4. Legal Basis for Processing (GDPR)

For users in the EU/EEA, we process your personal data based on:

  • Contract Performance: Processing necessary to provide the Service you subscribed to
  • Legitimate Interests: Improving our Service, fraud prevention, and security
  • Legal Obligation: Compliance with applicable laws and regulations
  • Consent: Marketing communications and optional features (you may withdraw consent at any time)

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

5.1 Service Providers

We work with third-party service providers who assist us in operating our Service:

  • Cloud hosting providers (data storage and processing)
  • Payment processors (billing and subscription management)
  • Email service providers (notifications and communications)
  • Analytics providers (service improvement)

These providers are contractually obligated to protect your information and use it only for specified purposes.

5.2 Legal Requirements

We may disclose your information if required by law or in response to:

  • Valid legal processes (court orders, subpoenas)
  • Government or regulatory requests
  • Protection of our rights, property, or safety
  • Prevention of fraud or security threats

5.3 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice and ensure continued protection of your data.

6. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Secure data centers with physical security controls
  • Employee training on data protection

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service and maintain your account
  • Comply with legal obligations (e.g., tax, accounting requirements)
  • Resolve disputes and enforce our agreements

Specific retention periods:

  • Account data: Until account deletion plus 30 days for backup retention
  • Scan results: 12 months after scan completion (unless deleted earlier by user)
  • Payment records: 7 years for tax and accounting compliance
  • Support communications: 2 years after last interaction

8. Your Rights and Choices

You have the following rights regarding your personal information:

8.1 Access and Portability

  • Request a copy of your personal information
  • Export your scan results and reports

8.2 Correction and Updates

  • Update your account information through your dashboard
  • Request correction of inaccurate information

8.3 Deletion

  • Delete your account and associated data
  • Request deletion of specific information (subject to retention requirements)

8.4 Objection and Restriction

  • Opt out of marketing communications
  • Object to processing based on legitimate interests
  • Request restriction of processing in certain circumstances

8.5 Withdrawal of Consent

  • Withdraw consent for optional features at any time
  • Note: Withdrawal does not affect lawfulness of prior processing

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days (or as required by applicable law).

9. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Authentication and session management
  • Security and fraud prevention
  • Analytics and performance monitoring
  • Preference storage

You can control cookies through your browser settings. However, disabling cookies may affect Service functionality.

10. International Data Transfers

Our Service is operated from Singapore. If you access the Service from outside Singapore, your information may be transferred to, stored, and processed in Singapore.

For EU/EEA users, we ensure appropriate safeguards are in place for international transfers, including:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Other legally approved transfer mechanisms

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending email notification to registered users
  • Displaying a prominent notice in the Service

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

Data Protection Officer

Keybloc Pte Ltd (ScoutBloc)

Email: [email protected]

UEN: 202506039C

Singapore

For Singapore residents (PDPA): If you are not satisfied with our response, you may contact the Personal Data Protection Commission (PDPC) of Singapore.

For EU/EEA residents (GDPR): You have the right to lodge a complaint with your local supervisory authority.