Last updated: April 4, 2026
Yappo Security LLC ("Yappo", "we", "us", or "our") provides this Privacy Policy to explain how we collect, use, and disclose information in connection with our website, reporting platform, and related professional services. We collect and use information primarily to operate our business, deliver our services, maintain our platform, respond to inquiries, and improve our offerings.
We may update this Privacy Policy from time to time. If we make material changes, we may post a notice on our website or update the "Last updated" date above. We encourage you to review this policy periodically.
We collect information that you provide directly to us, including contact details such as first name, last name, company name, email address, and other information submitted through our website, communications, or onboarding process. If access to our reporting platform is provided, we may also collect account-related information necessary to create and manage user access.
Our platform offers a self-service registration process. When you create a free account, we collect your first name, last name, company name, and corporate email address. We require a corporate email domain to verify your affiliation — accounts using free email providers (such as Gmail, Hotmail, or Yahoo) are not accepted. We may also send a verification email to confirm your address before activating your account.
In connection with our professional services, we may collect information reasonably necessary to perform the agreed engagement, such as scoped URLs, domains, IP addresses, technical environment details, test accounts, user credentials, and related security or infrastructure information. We may also collect IP addresses, access logs, and similar technical information for security, platform administration, audit, and fraud prevention purposes.
When you use our Domain Checkup service, we collect the domain you submit along with the results generated by our analysis, including discovered subdomains, IP addresses, open ports, services, versions, SSL/TLS status, and known CVEs. This data is stored in your platform account and retained until you request deletion of your account.
When you request an AI Pentest, we collect the information you provide through the request form, such as target URLs, application type, technology stack, and related technical details. This information is used solely for the purpose of performing the requested security assessment and is retained in your platform account as part of the engagement record.
We do not sell personal information.
To update account information, request deletion of certain data, or make a privacy-related request, you may contact us at [email protected].
We use the information we collect to provide and administer our website, reporting platform, and professional services; conduct security assessments; communicate with you about engagements, findings, and service-related matters; maintain records; protect our systems and users; and improve our services. Where permitted by applicable law, we may also use contact information to send occasional updates about our services, and you may opt out of non-essential communications at any time.
We may share information with our employees, contractors, service providers, infrastructure providers, and professional advisors who need access to support our website, platform, or services and who are subject to appropriate confidentiality obligations. We may also disclose information where required by applicable law, legal process, or governmental request, or where reasonably necessary to protect our rights, users, or operations.
Certain features of our platform, such as the AI Pentest service, use third-party artificial intelligence and machine learning services to assist in the analysis of your environment. When you use these features, technical information you provide — such as target URLs, domains, application details, and related technical data — may be sent to third-party AI service providers for processing.
This data is used solely to perform the security analysis you requested. We do not share personal information (such as your name or email) with AI providers as part of this process. We configure our AI tools and accounts so that customer data is not used for model training. By using AI-powered features on our platform, you acknowledge and consent to this processing.
We retain information for as long as reasonably necessary to provide our services, maintain our platform and business records, comply with legal, tax, accounting, or contractual obligations, resolve disputes, and enforce our agreements.
We use reasonable administrative, technical, and organizational measures designed to protect the information we process. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Our website, platform, and services are not directed to children under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at [email protected].
Our website uses Google Analytics, a web analytics service provided by Google LLC, to help us understand how visitors interact with our site. Google Analytics uses cookies — small text files stored on your device — to collect information such as your IP address, browser type, pages visited, time spent on pages, and referral source. This data is transmitted to and processed by Google. You can learn more about how Google uses this data at google.com/policies/privacy/partners, and you can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
When you visit our website, we may automatically collect certain information such as your IP address, browser type, browser version, pages visited, date and time of access, time spent on pages, and similar usage data.
Our platform uses Google reCAPTCHA to protect against automated abuse during login and account registration. When you interact with reCAPTCHA, Google may collect hardware and software information — such as device and application data, IP address, and browser cookies — to evaluate whether you are a human user. This data is processed by Google in accordance with its Privacy Policy and Terms of Service.
If you have any questions or concerns regarding this Privacy Policy, please contact us at [email protected].
