![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 392 84" xmlns="http://www.w3.org/2000/svg"><defs ><linearGradient id="KHdlBVDzM-2037857189-linear-gradient" x1="0.49751243781094523" x2="0.5024875621890548" y1="0" y2="1"><stop offset="0" stop-color="rgb(139, 174, 255)"/><stop offset="1" stop-color="rgba(243, 45, 45, 0.2)"/></linearGradient><linearGradient id="cDxFcS0Gh-2037857189-linear-gradient" x1="1.6831485946812565" x2="-0.5845528784578186" y1="-0.7000000000000001" y2="1.6"><stop offset="0" stop-color="rgb(140, 175, 255)"/><stop offset="0.30434782608695654" stop-color="rgb(109, 144, 227)"/><stop offset="1" stop-color="rgb(44, 63, 158)"/></linearGradient><linearGradient id="ntDRMiwH_-2037857189-linear-gradient" x1="0.9929785811171902" x2="0.007021418882809827" y1="0" y2="1"><stop offset="0" stop-color="rgb(140, 175, 255)"/><stop offset="0" stop-color="rgb(109, 144, 227)"/><stop offset="1" stop-color="rgb(44, 63, 158)"/></linearGradient></defs><path d="M 0 0 L 15.663 0 L 15.663 74.348 L 0 74.348 Z M 59.875 0 L 75.438 0 L 75.438 74.348 L 59.875 74.348 Z M 8.525 29.937 L 66.814 29.937 L 66.814 43.617 L 8.525 43.617 Z" fill="rgb(0, 0, 0)" height="74.34776746386652px" id="R6fGi3jY7" transform="translate(74.657 5.953)" width="75.43826082312543px"/><path d="M 34.398 59.28 C 27.789 59.28 21.875 58.025 16.654 55.513 C 11.499 53.001 7.435 49.532 4.461 45.104 C 1.487 40.61 0 35.423 0 29.541 C 0 23.659 1.388 18.537 4.163 14.176 C 7.005 9.748 10.904 6.278 15.861 3.767 C 20.817 1.256 26.5 0 32.911 0 C 39.322 0 44.84 1.454 49.466 4.362 C 54.158 7.203 57.76 11.202 60.271 16.357 C 62.849 21.511 64.137 27.591 64.137 34.597 L 12.193 34.597 L 12.193 23.99 L 56.108 23.99 L 49.565 27.856 C 49.367 24.419 48.541 21.511 47.087 19.132 C 45.633 16.687 43.717 14.804 41.337 13.482 C 38.958 12.16 36.116 11.499 32.812 11.499 C 29.309 11.499 26.27 12.226 23.692 13.68 C 21.115 15.068 19.099 17.017 17.645 19.529 C 16.257 22.04 15.563 25.014 15.563 28.45 C 15.563 32.416 16.456 35.852 18.24 38.76 C 20.024 41.602 22.568 43.782 25.873 45.303 C 29.243 46.823 33.275 47.583 37.967 47.583 C 42.262 47.583 46.591 46.954 50.953 45.699 C 55.315 44.377 59.213 42.593 62.65 40.346 L 62.65 50.854 C 59.015 53.497 54.72 55.579 49.763 57.099 C 44.873 58.553 39.751 59.28 34.398 59.28 Z" fill="rgb(0, 0, 0)" height="59.27993478260868px" id="Qti8hp6m5" transform="translate(162.503 22.508)" width="64.1373913043478px"/><path d="M 1.983 22.602 L 9.616 23.99 L 17.348 22.602 L 17.348 79.403 L 1.983 79.403 Z M 9.616 16.357 C 6.774 16.357 4.461 15.63 2.677 14.176 C 0.892 12.656 0 10.64 0 8.129 C 0 5.683 0.892 3.734 2.677 2.28 C 4.461 0.76 6.774 0 9.616 0 C 12.458 0 14.738 0.76 16.456 2.28 C 18.24 3.734 19.132 5.683 19.132 8.129 C 19.132 10.64 18.24 12.656 16.456 14.176 C 14.738 15.63 12.458 16.357 9.616 16.357 Z" fill="rgb(0, 0, 0)" height="79.40341570381497px" id="atqgKejC9" transform="translate(236.629 0.898)" width="19.132173913043488px"/><path d="M 64.237 40.247 C 64.237 44.212 63.08 47.616 60.767 50.457 C 58.52 53.299 55.149 55.48 50.656 57 C 46.162 58.52 40.61 59.28 34.002 59.28 C 27.194 59.28 21.247 58.421 16.158 56.703 C 11.135 54.984 7.237 52.605 4.461 49.565 C 1.685 46.459 0.198 42.89 0 38.859 L 15.663 38.859 C 16.059 40.776 17.05 42.461 18.637 43.915 C 20.288 45.303 22.436 46.393 25.08 47.186 C 27.723 47.913 30.796 48.276 34.299 48.276 C 39.256 48.276 42.956 47.715 45.402 46.591 C 47.913 45.468 49.169 43.782 49.169 41.536 C 49.169 39.884 48.309 38.661 46.591 37.868 C 44.873 37.009 41.701 36.381 37.075 35.984 L 26.369 35.092 C 20.156 34.563 15.233 33.506 11.598 31.92 C 8.03 30.334 5.485 28.351 3.965 25.972 C 2.445 23.527 1.685 20.917 1.685 18.141 C 1.685 14.11 2.907 10.772 5.353 8.129 C 7.864 5.485 11.301 3.47 15.663 2.082 C 20.09 0.694 25.245 0 31.127 0 C 37.141 0 42.494 0.826 47.186 2.478 C 51.878 4.13 55.612 6.41 58.388 9.318 C 61.229 12.16 62.849 15.497 63.245 19.33 L 47.583 19.33 C 47.318 17.943 46.558 16.621 45.303 15.365 C 44.113 14.043 42.295 12.953 39.85 12.094 C 37.471 11.235 34.299 10.805 30.334 10.805 C 26.038 10.805 22.701 11.334 20.322 12.391 C 18.008 13.449 16.852 14.969 16.852 16.951 C 16.852 18.339 17.546 19.496 18.934 20.421 C 20.388 21.28 23.097 21.875 27.063 22.205 L 40.842 23.395 C 46.855 23.923 51.548 24.948 54.918 26.468 C 58.289 27.922 60.668 29.838 62.056 32.217 C 63.509 34.53 64.237 37.207 64.237 40.247 Z" fill="rgb(0, 0, 0)" height="59.27993478260868px" id="hawlOmO0I" transform="translate(265.098 22.508)" width="64.23652173913041px"/><path d="M 0 26.468 L 0 19.628 L 11.896 16.059 L 18.339 0 L 27.261 0 L 27.261 14.87 L 52.539 14.87 L 52.539 26.468 L 27.261 26.468 L 27.261 48.277 C 27.261 52.77 28.186 55.91 30.037 57.694 C 31.953 59.478 35.158 60.37 39.652 60.37 C 42.494 60.37 45.005 60.106 47.186 59.577 C 49.433 58.983 51.548 58.156 53.53 57.099 L 53.53 69.193 C 51.68 70.052 49.169 70.845 45.997 71.572 C 42.824 72.299 39.586 72.663 36.282 72.663 C 30.532 72.663 25.84 71.737 22.205 69.887 C 18.637 68.037 16.026 65.459 14.374 62.155 C 12.722 58.784 11.896 54.885 11.896 50.457 L 11.896 26.468 Z" fill="rgb(0, 0, 0)" height="72.66254347826086px" id="zoUpiAa2F" transform="translate(334.598 9.126)" width="53.53043478260872px"/><path d="M 0 74.348 L 0 47.609 L 47.609 0 L 74.348 0 Z" fill="url(%23KHdlBVDzM-2037857189-linear-gradient)" height="74.34776086956523px" id="KHdlBVDzM" transform="translate(-0.348 5.953)" width="74.34782611028008px"/><path d="M 31.304 0 L 31.304 31.304 L 0 31.304 Z" fill="rgb(0, 0, 0)" height="31.304282608695672px" id="T30T86M87" transform="translate(30.304 36.605)" width="31.304347826086953px"/><path d="M 31.304 31.304 L 31.304 0 L 0 31.304 Z" fill="rgb(26, 26, 26)" height="31.304282608695672px" id="apAet4OjV" transform="translate(30.304 36.605)" width="31.304347826086953px"/><path d="M 31.304 31.304 L 31.304 0 L 0 31.304 Z" fill="url(%23cDxFcS0Gh-2037857189-linear-gradient)" height="31.304282608695672px" id="cDxFcS0Gh" transform="translate(30.304 36.605)" width="31.304347826086953px"/><path d="M 47.609 0 L 74.348 0 L 0 74.348 L 0 47.609 Z" fill="url(%23ntDRMiwH_-2037857189-linear-gradient)" height="74.34776086956523px" id="ntDRMiwH_" transform="translate(-0.348 5.953)" width="74.34782611028008px"/></svg>)
Updated on June 13, 2025
Updated on June 13, 2025
Privacy policy
At Heist, your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal information when you use our penetration testing platform and security services.
At Heist, your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal information when you use our penetration testing platform and security services.
Definitions
Heist AS (“Heist”, “we”, “us”, “our”) provides an autonomous penetration testing platform enabling customers to run continuous application security tests (the “Service”). The Service is only available to authorised users under our Terms of Use. An authorised user will be referred to as “user” or “you”.
In order to provide the Service, Heist processes certain personal data. This Privacy Policy provides information about Heist’s processing of your personal data.
Heist AS (“Heist”, “we”, “us”, “our”) provides an autonomous penetration testing platform enabling customers to run continuous application security tests (the “Service”). The Service is only available to authorised users under our Terms of Use. An authorised user will be referred to as “user” or “you”.
In order to provide the Service, Heist processes certain personal data. This Privacy Policy provides information about Heist’s processing of your personal data.
The information we collect
In order to provide the Service, Heist may process certain information about users, such as:
Information about users: name, work email, phone number, role, company, and other relevant contact details.
Information about use of the Service: account activity, support enquiries, communications with us, and configuration information needed to deliver the Service.
Information about your computer and access: IP address, device and browser information, and log/telemetry data processed for system administration, reliability, and security.
Cookies: Heist uses cookies and similar technologies to enhance user experience and optimise the Service. Our website is built on Framer and uses minimal, primarily anonymous analytics and essential cookies. You can detect and delete cookies by changing browser settings. If you choose not to accept cookies, some functionality may be limited.
Heist may also process Customer Data that customers submit to the Service for testing. Customers typically provide target domains, test-user credentials, API schemas, and any additional context needed to run tests. Heist does not intentionally collect end‑user PII. However, tests may incidentally access personal data that exists in the target application. Any such data is only processed to perform the tests under customer instructions and is not used for any other purpose. Customers are controllers of Customer Data and Heist acts as processor of such data under the customer contract.
In order to provide the Service, Heist may process certain information about users, such as:
Information about users: name, work email, phone number, role, company, and other relevant contact details.
Information about use of the Service: account activity, support enquiries, communications with us, and configuration information needed to deliver the Service.
Information about your computer and access: IP address, device and browser information, and log/telemetry data processed for system administration, reliability, and security.
Cookies: Heist uses cookies and similar technologies to enhance user experience and optimise the Service. Our website is built on Framer and uses minimal, primarily anonymous analytics and essential cookies. You can detect and delete cookies by changing browser settings. If you choose not to accept cookies, some functionality may be limited.
Heist may also process Customer Data that customers submit to the Service for testing. Customers typically provide target domains, test-user credentials, API schemas, and any additional context needed to run tests. Heist does not intentionally collect end‑user PII. However, tests may incidentally access personal data that exists in the target application. Any such data is only processed to perform the tests under customer instructions and is not used for any other purpose. Customers are controllers of Customer Data and Heist acts as processor of such data under the customer contract.
Purpose and legal basis for the processing
Heist will only process personal data for the purposes stipulated in this Privacy Policy. The processing is based on the following legal bases and purposes:
Processing to fulfil the agreement for use of the Service
to enable the use of the Service, including creating and maintaining user accounts and granting access;
to respond to questions or inquiries relating to the Service, our Terms of Use, or this Privacy Policy; and
to notify users of changes to the Service, the Terms of Use, or this Privacy Policy.
Processing to pursue Heist’s legitimate interests
Provided that the interests of the data subjects do not override such interests:
to improve the Service, its content, and user experience;
to maintain, monitor, and strengthen security, prevent fraud, abuse, or loss, and protect Heist, our customers, users, and third parties; and
to communicate with business users about the Service, including marketing to existing and prospective business customers. We use Loops.so to manage business marketing and lifecycle emails.
Processing necessary for compliance with legal obligations
continued storage due to statutory rules of storage for accounting, compliance, or lawful requests.
Heist will only process personal data for the purposes stipulated in this Privacy Policy. The processing is based on the following legal bases and purposes:
Processing to fulfil the agreement for use of the Service
to enable the use of the Service, including creating and maintaining user accounts and granting access;
to respond to questions or inquiries relating to the Service, our Terms of Use, or this Privacy Policy; and
to notify users of changes to the Service, the Terms of Use, or this Privacy Policy.
Processing to pursue Heist’s legitimate interests
Provided that the interests of the data subjects do not override such interests:
to improve the Service, its content, and user experience;
to maintain, monitor, and strengthen security, prevent fraud, abuse, or loss, and protect Heist, our customers, users, and third parties; and
to communicate with business users about the Service, including marketing to existing and prospective business customers. We use Loops.so to manage business marketing and lifecycle emails.
Processing necessary for compliance with legal obligations
continued storage due to statutory rules of storage for accounting, compliance, or lawful requests.
Your rights
Users have the right to cancel their registration with the Service at any time. Upon such cancellation, personal data will be deleted unless statutory obligations or legitimate interests require or allow continued storage. Anonymised information that cannot be linked to you may be subject to continued storage.
To exercise the right to (i) obtain information about which of your personal data we process, (ii) change, update or correct personal data, (iii) request deletion, (iv) request restriction or object to processing under certain circumstances, or (v) request data portability, you can contact Heist via the contact details in the Contact section below.
If your request relates to Customer Data processed on behalf of a customer, please contact that customer. We will assist customers in responding to such requests where required.
Users have the right to cancel their registration with the Service at any time. Upon such cancellation, personal data will be deleted unless statutory obligations or legitimate interests require or allow continued storage. Anonymised information that cannot be linked to you may be subject to continued storage.
To exercise the right to (i) obtain information about which of your personal data we process, (ii) change, update or correct personal data, (iii) request deletion, (iv) request restriction or object to processing under certain circumstances, or (v) request data portability, you can contact Heist via the contact details in the Contact section below.
If your request relates to Customer Data processed on behalf of a customer, please contact that customer. We will assist customers in responding to such requests where required.
Retention period
Heist retains personal data for as long as necessary to fulfil the purposes defined above, and as a main rule deletes personal data upon cancellation of the registration with the Service or at your request. Legal obligations (e.g., accounting rules) may make it necessary to store personal data after cancellation. Continued storage may also occur where necessary for legitimate interests pursued by Heist, including establishing, exercising, or defending legal claims.
Pentest reports and related Customer Data are stored until the customer requests deletion, unless continued storage is required by law. Customer Data is deleted or returned upon request, unless we must retain it for legal reasons.
Heist retains personal data for as long as necessary to fulfil the purposes defined above, and as a main rule deletes personal data upon cancellation of the registration with the Service or at your request. Legal obligations (e.g., accounting rules) may make it necessary to store personal data after cancellation. Continued storage may also occur where necessary for legitimate interests pursued by Heist, including establishing, exercising, or defending legal claims.
Pentest reports and related Customer Data are stored until the customer requests deletion, unless continued storage is required by law. Customer Data is deleted or returned upon request, unless we must retain it for legal reasons.
Disclosure to third parties
Heist may disclose personal data to third‑party vendors and hosting partners who perform services for Heist in order to deliver the Service (such as cloud hosting, monitoring, analytics, and support tooling). These vendors will only use personal data for the purposes it was collected and to perform services for Heist. The relationship with such vendors is governed by a data processing agreement.
A current list of subprocessors is maintained on our subprocessor page.
If we transfer personal data to recipients outside the EU/EEA or the UK, we will take necessary precautions to ensure processing in accordance with applicable laws, including entering into agreements securing a proper level of protection.
Except as described in this Privacy Policy, we will not transfer, sell, rent, or exchange users’ personal data with any third party without obtaining your consent, unless required by law, binding court order, or necessary in a business transaction.
Heist may disclose personal data to third‑party vendors and hosting partners who perform services for Heist in order to deliver the Service (such as cloud hosting, monitoring, analytics, and support tooling). These vendors will only use personal data for the purposes it was collected and to perform services for Heist. The relationship with such vendors is governed by a data processing agreement.
A current list of subprocessors is maintained on our subprocessor page.
If we transfer personal data to recipients outside the EU/EEA or the UK, we will take necessary precautions to ensure processing in accordance with applicable laws, including entering into agreements securing a proper level of protection.
Except as described in this Privacy Policy, we will not transfer, sell, rent, or exchange users’ personal data with any third party without obtaining your consent, unless required by law, binding court order, or necessary in a business transaction.
Modifications to the Privacy Policy
Heist reserves the right to modify this Privacy Policy from time to time. The most recent revision supersedes earlier versions. The current version will be available on our website or in the Service. We advise that you check the Privacy Policy periodically. We will notify you of changes that require your consent.
Heist reserves the right to modify this Privacy Policy from time to time. The most recent revision supersedes earlier versions. The current version will be available on our website or in the Service. We advise that you check the Privacy Policy periodically. We will notify you of changes that require your consent.
Contact us
If you have questions or concerns about this privacy policy or our data practices, please contact us at: privacy[at]heisthq.com
If you have questions or concerns about this privacy policy or our data practices, please contact us at: privacy[at]heisthq.com