Privacy Policy

This policy explains what data Ferrum Sentinel collects, why, and what control you have over it. Ferrum Sentinel is operated by Funway Interactive SRL ("we", "us"), through its FerrumSec division. We aim to collect the minimum needed to run a safe posture scanner.

1. Who we are

The data controller is Funway Interactive SRL, a company registered in the Republic of Moldova. For any privacy question or request, contact us at funwayinteractive.com/contact.

2. What we collect

• Account data — your name and email address, and a one-way hash of your password (we never store your password in plain text).
• Domains you add — the domain names you choose to scan, and the verification records you publish to prove ownership.
• Scan results — findings, scores, and the technical evidence produced by the safe public checks (e.g. DNS records, response headers, certificate metadata). We store metadata and headers, not full page contents or secrets.
• Usage & security logs — basic request and rate-limit data needed to operate the service and prevent abuse.
• Cookies — a single session cookie that keeps you signed in (see §9).

3. How we use your data

• To provide the service: run scans, compute scores, generate reports, and show your results.
• To send the alerts and digests you opt into (e.g. notification of critical or high findings).
• To secure the service, enforce rate limits, and prevent misuse.
• To communicate essential service messages (account, security, billing).

We do not sell your data, and we do not use it for third-party advertising.

4. Legal bases

We process personal data under the data-protection law of the Republic of Moldova (Law No. 133/2011 on the protection of personal data). Where we offer services to, or process the data of, individuals in the European Union, the EU GDPR also applies. In either case our bases are performance of a contract (to provide the service you signed up for), legitimate interests (security, abuse-prevention, and improving the product), and consent (for optional communications), which you may withdraw at any time.

5. Scanning and third parties

Ferrum Sentinel runs safe, public checks. To do so it makes ordinary, passive requests to public sources about the domains you scan — for example DNS, certificate-transparency logs, mail blocklists, and cloud providers' public storage endpoints. These are the same public look-ups a browser or mail server performs; we never attempt intrusion, exploitation, or access to private systems.

We use a small number of processors strictly to run the service — notably an email delivery provider to send your alerts and account messages, and infrastructure hosting. Processors handle data only on our instructions.

6. Data retention

We keep account and scan data for as long as your account is active. Generated reports are retained for a limited, configurable period and then expire. You can delete domains, reports, and your account; on account closure we delete or anonymise your personal data except where we must retain limited records to meet legal obligations.

7. Sharing

We share data only with the processors described above, or where required by law. If you use the product as part of a managed-service (MSP) organisation, members of that organisation may see the scan results for domains within it, subject to their role.

8. Your rights

Subject to applicable law, you have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise any of these, contact us at funwayinteractive.com/contact. You also have the right to lodge a complaint with the National Center for Personal Data Protection of the Republic of Moldova, or with your local supervisory authority.

9. Cookies

We use a single, strictly-necessary session cookie to keep you signed in (and a matching CSRF token to protect form submissions). It is host-scoped, HTTP-only, and marked Secure in production. We do not use third-party tracking, analytics, or advertising cookies.

10. How we protect your data

Passwords are hashed with PBKDF2-HMAC-SHA256. Every customer's data is isolated at the database level (row-level security), so one organisation cannot see another's. Connections use TLS. We follow the principle of least privilege and store evidence as structured metadata rather than raw, sensitive response bodies.

11. International transfers

We are based in the Republic of Moldova and may use processors located in Moldova, the European Union, or elsewhere. Where personal data is transferred across borders, we put appropriate safeguards in place (such as standard contractual clauses) consistent with applicable data-protection law.

12. Changes & contact

We may update this policy; we will revise the "last updated" date above and, for material changes, notify you. Questions or requests: funwayinteractive.com/contact.

This policy is provided in good faith and describes how the product works today. It is a general notice, not legal advice. See also our User Agreement and Help.