Privacy Policy

Last Updated: May 21, 2026

1. Introduction

Welcome to XYSEC LABS PTE. LTD. (“Company”, “we”, “our”, or “us”).

We are committed to protecting your privacy and handling your information transparently and securely. This Privacy Policy explains how we collect, use, process, store, and protect personal data when you use our website, platform, services, or communicate with us.

We designed our services with privacy and security in mind and processed personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Who We Are

XYSEC LABS PTE. LTD. is the data controller responsible for the processing of personal data described in this Privacy Policy.

Contact Information

Company Name: XYSEC LABS PTE. LTD.
Registered Address: 200 Jalan Sultan #11-01, Textile Centre, Singapore 199018 ('Processor' / 'Appknox')
Email: privacy@appknox.com
Website: appknox.com

If you have any questions regarding this Privacy Policy or your personal data, you may contact us using the details above.

3. What Information We Collect

We collect only the information necessary to provide and improve our services.

A. Information You Provide Through Contact Forms

When you contact us through our website, we may collect:

• Name
• Company name
• Email address
• Message details

The email address collected through the contact form may also be used to create and manage your application login account if you proceed to use our services.

B. Application Binaries and Test Data

As part of our security testing and analysis services, users may upload:

• Mobile application binaries (such as .apk, .ipa, or similar files)
• Test or non-production data associated with the application

We request and expect that uploaded data contains test data only and does not include real customer personal information, production credentials, or sensitive production records unless explicitly agreed otherwise in writing.

We do not intentionally collect or process special categories of personal data through uploaded binaries.

C. Technical and Usage Information

When you access our website or platform, we may automatically collect:

• IP address
• Browser type and version
• Device information
• Operating system
• Access timestamps
• Pages visited
• Security and audit logs

This information helps us maintain platform security, monitor performance, and improve user experience.

4. How We Use Your Information

We use collected information for the following purposes:

• To provide and maintain our services
• To create and manage user accounts
• To communicate with users and respond to enquiries
• To perform security testing and analysis
• To improve platform functionality and security
• To detect, prevent, and investigate misuse or unauthorized access
• To comply with legal and regulatory obligations

We do not sell personal data to third parties.

5. Legal Basis for Processing

Under GDPR, we process personal data based on one or more of the following legal grounds:

• Contractual Necessity — to provide requested services
• Legitimate Interests — to maintain platform security and business operations
• Consent — where legally required, such as optional marketing communications or cookies
• Legal Obligations — to comply with applicable laws and regulations

6. Data Storage and Processing Location

All personal data and uploaded files are stored and processed exclusively within the European Union (EU) region.

We do not transfer personal data outside the EU for storage or processing purposes.

Our infrastructure providers and hosting environments are configured to ensure EU-only data residency.

7. Data Sharing

We may share information with carefully selected service providers that support our operations, including:

• Cloud hosting providers
• Infrastructure and security monitoring providers
• Authentication and access management providers
• Professional advisors or auditors where legally necessary

All third-party providers are contractually obligated to maintain appropriate confidentiality and security measures.

We do not sell, rent, or trade personal information.

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy.

Typical retention periods may include:

When data is no longer required, it is securely deleted or anonymized.

9. Security Measures

We implement appropriate technical and organizational security measures to protect personal data, including:

• Encryption in transit and at rest
• Access controls and role-based permissions
• Multi-factor authentication (MFA)
• Security monitoring and logging
• Regular vulnerability assessments and security reviews
• Secure EU-hosted infrastructure

While we take reasonable steps to protect information, no system can guarantee absolute security.

10. Cookies and Tracking Technologies

Our website may use cookies and similar technologies to improve functionality and user experience.

Cookies may include:

• Essential cookies
• Security cookies
• Analytics cookies
• Preference cookies

Where legally required, we obtain consent before placing non-essential cookies.

Users may manage cookie preferences through browser settings

11. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or where GDPR applies, you may have the right to:

• Access your personal data
• Correct inaccurate information
• Request deletion of your data
• Restrict or object to processing
• Request data portability
• Withdraw consent where applicable
• Lodge a complaint with a supervisory authority

To exercise your rights, contact us at:

privacy@appknox.com

We may request verification of identity before processing certain requests.

12. Third-Party Links

Our website may contain links to external websites or services not operated by us.

We are not responsible for the privacy practices or content of third-party websites and encourage users to review their privacy policies separately.

13. Children's Privacy

Our services are not directed toward individuals under the age of 18.

We do not knowingly collect personal information from children.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect operational, legal, or regulatory changes.

Updated versions will be published on this page with a revised “Last Updated” date.

15. Contact Us

If you have any questions regarding this Privacy Policy or your personal data, please contact:

Privacy Team
XYSEC LABS PTE. LTD.
Email: privacy@appknox.com
Website: appknox.com