![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 392 84" xmlns="http://www.w3.org/2000/svg"><defs ><linearGradient id="KHdlBVDzM-2037857189-linear-gradient" x1="0.49751243781094523" x2="0.5024875621890548" y1="0" y2="1"><stop offset="0" stop-color="rgb(139, 174, 255)"/><stop offset="1" stop-color="rgba(243, 45, 45, 0.2)"/></linearGradient><linearGradient id="cDxFcS0Gh-2037857189-linear-gradient" x1="1.6831485946812565" x2="-0.5845528784578186" y1="-0.7000000000000001" y2="1.6"><stop offset="0" stop-color="rgb(140, 175, 255)"/><stop offset="0.30434782608695654" stop-color="rgb(109, 144, 227)"/><stop offset="1" stop-color="rgb(44, 63, 158)"/></linearGradient><linearGradient id="ntDRMiwH_-2037857189-linear-gradient" x1="0.9929785811171902" x2="0.007021418882809827" y1="0" y2="1"><stop offset="0" stop-color="rgb(140, 175, 255)"/><stop offset="0" stop-color="rgb(109, 144, 227)"/><stop offset="1" stop-color="rgb(44, 63, 158)"/></linearGradient></defs><path d="M 0 0 L 15.663 0 L 15.663 74.348 L 0 74.348 Z M 59.875 0 L 75.438 0 L 75.438 74.348 L 59.875 74.348 Z M 8.525 29.937 L 66.814 29.937 L 66.814 43.617 L 8.525 43.617 Z" fill="rgb(0, 0, 0)" height="74.34776746386652px" id="R6fGi3jY7" transform="translate(74.657 5.953)" width="75.43826082312543px"/><path d="M 34.398 59.28 C 27.789 59.28 21.875 58.025 16.654 55.513 C 11.499 53.001 7.435 49.532 4.461 45.104 C 1.487 40.61 0 35.423 0 29.541 C 0 23.659 1.388 18.537 4.163 14.176 C 7.005 9.748 10.904 6.278 15.861 3.767 C 20.817 1.256 26.5 0 32.911 0 C 39.322 0 44.84 1.454 49.466 4.362 C 54.158 7.203 57.76 11.202 60.271 16.357 C 62.849 21.511 64.137 27.591 64.137 34.597 L 12.193 34.597 L 12.193 23.99 L 56.108 23.99 L 49.565 27.856 C 49.367 24.419 48.541 21.511 47.087 19.132 C 45.633 16.687 43.717 14.804 41.337 13.482 C 38.958 12.16 36.116 11.499 32.812 11.499 C 29.309 11.499 26.27 12.226 23.692 13.68 C 21.115 15.068 19.099 17.017 17.645 19.529 C 16.257 22.04 15.563 25.014 15.563 28.45 C 15.563 32.416 16.456 35.852 18.24 38.76 C 20.024 41.602 22.568 43.782 25.873 45.303 C 29.243 46.823 33.275 47.583 37.967 47.583 C 42.262 47.583 46.591 46.954 50.953 45.699 C 55.315 44.377 59.213 42.593 62.65 40.346 L 62.65 50.854 C 59.015 53.497 54.72 55.579 49.763 57.099 C 44.873 58.553 39.751 59.28 34.398 59.28 Z" fill="rgb(0, 0, 0)" height="59.27993478260868px" id="Qti8hp6m5" transform="translate(162.503 22.508)" width="64.1373913043478px"/><path d="M 1.983 22.602 L 9.616 23.99 L 17.348 22.602 L 17.348 79.403 L 1.983 79.403 Z M 9.616 16.357 C 6.774 16.357 4.461 15.63 2.677 14.176 C 0.892 12.656 0 10.64 0 8.129 C 0 5.683 0.892 3.734 2.677 2.28 C 4.461 0.76 6.774 0 9.616 0 C 12.458 0 14.738 0.76 16.456 2.28 C 18.24 3.734 19.132 5.683 19.132 8.129 C 19.132 10.64 18.24 12.656 16.456 14.176 C 14.738 15.63 12.458 16.357 9.616 16.357 Z" fill="rgb(0, 0, 0)" height="79.40341570381497px" id="atqgKejC9" transform="translate(236.629 0.898)" width="19.132173913043488px"/><path d="M 64.237 40.247 C 64.237 44.212 63.08 47.616 60.767 50.457 C 58.52 53.299 55.149 55.48 50.656 57 C 46.162 58.52 40.61 59.28 34.002 59.28 C 27.194 59.28 21.247 58.421 16.158 56.703 C 11.135 54.984 7.237 52.605 4.461 49.565 C 1.685 46.459 0.198 42.89 0 38.859 L 15.663 38.859 C 16.059 40.776 17.05 42.461 18.637 43.915 C 20.288 45.303 22.436 46.393 25.08 47.186 C 27.723 47.913 30.796 48.276 34.299 48.276 C 39.256 48.276 42.956 47.715 45.402 46.591 C 47.913 45.468 49.169 43.782 49.169 41.536 C 49.169 39.884 48.309 38.661 46.591 37.868 C 44.873 37.009 41.701 36.381 37.075 35.984 L 26.369 35.092 C 20.156 34.563 15.233 33.506 11.598 31.92 C 8.03 30.334 5.485 28.351 3.965 25.972 C 2.445 23.527 1.685 20.917 1.685 18.141 C 1.685 14.11 2.907 10.772 5.353 8.129 C 7.864 5.485 11.301 3.47 15.663 2.082 C 20.09 0.694 25.245 0 31.127 0 C 37.141 0 42.494 0.826 47.186 2.478 C 51.878 4.13 55.612 6.41 58.388 9.318 C 61.229 12.16 62.849 15.497 63.245 19.33 L 47.583 19.33 C 47.318 17.943 46.558 16.621 45.303 15.365 C 44.113 14.043 42.295 12.953 39.85 12.094 C 37.471 11.235 34.299 10.805 30.334 10.805 C 26.038 10.805 22.701 11.334 20.322 12.391 C 18.008 13.449 16.852 14.969 16.852 16.951 C 16.852 18.339 17.546 19.496 18.934 20.421 C 20.388 21.28 23.097 21.875 27.063 22.205 L 40.842 23.395 C 46.855 23.923 51.548 24.948 54.918 26.468 C 58.289 27.922 60.668 29.838 62.056 32.217 C 63.509 34.53 64.237 37.207 64.237 40.247 Z" fill="rgb(0, 0, 0)" height="59.27993478260868px" id="hawlOmO0I" transform="translate(265.098 22.508)" width="64.23652173913041px"/><path d="M 0 26.468 L 0 19.628 L 11.896 16.059 L 18.339 0 L 27.261 0 L 27.261 14.87 L 52.539 14.87 L 52.539 26.468 L 27.261 26.468 L 27.261 48.277 C 27.261 52.77 28.186 55.91 30.037 57.694 C 31.953 59.478 35.158 60.37 39.652 60.37 C 42.494 60.37 45.005 60.106 47.186 59.577 C 49.433 58.983 51.548 58.156 53.53 57.099 L 53.53 69.193 C 51.68 70.052 49.169 70.845 45.997 71.572 C 42.824 72.299 39.586 72.663 36.282 72.663 C 30.532 72.663 25.84 71.737 22.205 69.887 C 18.637 68.037 16.026 65.459 14.374 62.155 C 12.722 58.784 11.896 54.885 11.896 50.457 L 11.896 26.468 Z" fill="rgb(0, 0, 0)" height="72.66254347826086px" id="zoUpiAa2F" transform="translate(334.598 9.126)" width="53.53043478260872px"/><path d="M 0 74.348 L 0 47.609 L 47.609 0 L 74.348 0 Z" fill="url(%23KHdlBVDzM-2037857189-linear-gradient)" height="74.34776086956523px" id="KHdlBVDzM" transform="translate(-0.348 5.953)" width="74.34782611028008px"/><path d="M 31.304 0 L 31.304 31.304 L 0 31.304 Z" fill="rgb(0, 0, 0)" height="31.304282608695672px" id="T30T86M87" transform="translate(30.304 36.605)" width="31.304347826086953px"/><path d="M 31.304 31.304 L 31.304 0 L 0 31.304 Z" fill="rgb(26, 26, 26)" height="31.304282608695672px" id="apAet4OjV" transform="translate(30.304 36.605)" width="31.304347826086953px"/><path d="M 31.304 31.304 L 31.304 0 L 0 31.304 Z" fill="url(%23cDxFcS0Gh-2037857189-linear-gradient)" height="31.304282608695672px" id="cDxFcS0Gh" transform="translate(30.304 36.605)" width="31.304347826086953px"/><path d="M 47.609 0 L 74.348 0 L 0 74.348 L 0 47.609 Z" fill="url(%23ntDRMiwH_-2037857189-linear-gradient)" height="74.34776086956523px" id="ntDRMiwH_" transform="translate(-0.348 5.953)" width="74.34782611028008px"/></svg>)
Updated on June 13, 2025
Updated on June 13, 2025
Privacy policy
At Heist, your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal information when you use our penetration testing platform and security services.
At Heist, your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal information when you use our penetration testing platform and security services.
Information we collect
We collect the following information when you use Heist:
Basic account details like name and email address for authentication
Workspace information to organize your penetration testing projects
Company metadata necessary to deliver pentests and operate the platform
Pen test data including subdomains, routes, cookies, tokens, and network events generated during security assessments
Usage information to improve our platform and services
We collect the following information when you use Heist:
Basic account details like name and email address for authentication
Workspace information to organize your penetration testing projects
Company metadata necessary to deliver pentests and operate the platform
Pen test data including subdomains, routes, cookies, tokens, and network events generated during security assessments
Usage information to improve our platform and services
How we use your information
We use your information to:
Deliver penetration testing services and operate our platform
Provide security insights and vulnerability assessments
Improve the accuracy and effectiveness of our security testing tools
Offer customer support and platform improvements
Send you relevant security updates and platform features
Maintain compliance with industry security standards (SOC 2 Type II and ISO 27001)
We use your information to:
Deliver penetration testing services and operate our platform
Provide security insights and vulnerability assessments
Improve the accuracy and effectiveness of our security testing tools
Offer customer support and platform improvements
Send you relevant security updates and platform features
Maintain compliance with industry security standards (SOC 2 Type II and ISO 27001)
How we share your information
We do not sell your data. We only share it with:
Trusted third-party services that help us operate our platform (e.g., cloud infrastructure providers with strict security policies)
Law enforcement if legally required
Security partners when necessary to deliver comprehensive penetration testing services
We do not sell your data. We only share it with:
Trusted third-party services that help us operate our platform (e.g., cloud infrastructure providers with strict security policies)
Law enforcement if legally required
Security partners when necessary to deliver comprehensive penetration testing services
Data security
We use industry-leading security practices to protect your information:
End-to-end encryption with TLS (v1.2+) for all data in transit
AES-256 encryption for all data at rest
Access control following the principle of least privilege managed through IAM
Secure infrastructure hosted on GCP and Supabase with world-class protections
Read-only access to your systems during pentests - we never access or move your money or sensitive business data
Automated scaling and redundancy to ensure high availability
Continuous monitoring with logs kept for audit and forensic use
Daily backups with 30-day retention
Physical security through our cloud providers' certified data centers
Your connected systems remain secure throughout our testing process. We use grey box testing and emulate attackers with controlled access to your platform, but never access your actual codebase.
We use industry-leading security practices to protect your information:
End-to-end encryption with TLS (v1.2+) for all data in transit
AES-256 encryption for all data at rest
Access control following the principle of least privilege managed through IAM
Secure infrastructure hosted on GCP and Supabase with world-class protections
Read-only access to your systems during pentests - we never access or move your money or sensitive business data
Automated scaling and redundancy to ensure high availability
Continuous monitoring with logs kept for audit and forensic use
Daily backups with 30-day retention
Physical security through our cloud providers' certified data centers
Your connected systems remain secure throughout our testing process. We use grey box testing and emulate attackers with controlled access to your platform, but never access your actual codebase.
Your rights
You may:
Request access to your data stored on our platform
Correct or delete your information
Withdraw your consent to data processing
Export your data from our platform
You may:
Request access to your data stored on our platform
Correct or delete your information
Withdraw your consent to data processing
Export your data from our platform
Changes to this policy
We may update this policy to reflect changes in our services or legal requirements.
We may update this policy to reflect changes in our services or legal requirements.
Contact us
If you have questions or concerns about this privacy policy or our data practices, please contact us at: legal[at]heisthq.com
If you have questions or concerns about this privacy policy or our data practices, please contact us at: legal[at]heisthq.com