Cookie Policy
Effective date: 04.11.2022
1. Introduction
This Cookie Policy explains how PentestPad ("we", "us", or "our"), operated by the company behind www.pentestpad.com and headquartered in Croatia (Secure Block d.o.o. - LLC), European Union, uses cookies and similar tracking technologies when you visit our website or use our cloud platform.
We are subject to Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and the Croatian implementation of Directive 2002/58/EC (the ePrivacy Directive) as transposed into Croatian law. Where we rely on your consent to place non-essential cookies, that consent is obtained through our cookie-consent banner before any such cookies are set.
2. What Are Cookies?
Cookies are small text files stored on your device (computer, tablet, or smartphone) by your web browser when you visit a website. They allow the site to recognize your device on subsequent visits and to collect certain information about your interaction with the site.
We also use related technologies such as web beacons, pixels, and local storage objects, which function in a similar way and are collectively referred to as "cookies" in this policy.
3. Cookies We Use
The table below lists every cookie or tracking technology currently deployed on pentestpad.com and cloud.pentestpad.com, together with its purpose and retention period.
| Cookie/Tool | Type | Duration | Purpose |
|---|---|---|---|
| _sentry_session | Strictly Necessary | Session | Sentry – captures error events and performance traces to enable application monitoring and bug |
| __posthog | Analytics | 1 year | PostHog – identifies returning visitors, records product usage events, and powers funnel and retention |
| ph_* | Analytics | 1 year | PostHog – stores anonymous session data and feature-flag assignments. |
| _ahrefs_* | Analytics | 1 year | Ahrefs – measures organic search traffic and keyword performance on the public marketing website. |
3.1. Strictly Necessary Cookies (Functional Cookies)
Strictly necessary cookies are essential for the operation of our platform. They enable core
functions such as error monitoring and security. These cookies do not require your consent
under Article 5(3) of the ePrivacy Directive because they are strictly necessary for a
service you have explicitly requested.
Sentry (sentry.io) is our application-monitoring provider. It collects error reports, stack traces,
and performance metrics in order to allow us to identify and fix software defects. Sentry processes
data as a data processor on our behalf under a Data Processing Agreement. Data may be transferred
outside the EEA; where such transfers occur, they are subject to Standard Contractual Clauses
adopted by the European Commission. For details, see https://sentry.io/privacy/.
3.2 Analytics Cookies
We use analytics cookies only with your prior, informed, and freely given consent. You may
withdraw consent at any time via the cookie-settings link in the footer of our website.
PostHog (posthog.com) is our product-analytics platform. It records anonymised event data (page
views, feature interactions, session recordings where enabled) to help us understand how users
navigate the product and where we can improve. PostHog acts as a data processor under a Data Processing
Agreement. Data is stored in the EU. See https://posthog.com/privacy for further details.
Ahrefs (ahrefs.com) tracking is used exclusively on our public marketing website (www.pentestpad.com)
to measure inbound organic-search traffic, keyword rankings, and referral sources. It does not
track authenticated application sessions. Ahrefs acts as an independent data controller for its
own analytics product. See https://ahrefs.com/privacy for further details.
4. Legal Basis for Processing
We process personal data collected via cookies on the following legal bases under the GDPR:
• Strictly necessary cookies: Article 6(1)(b) GDPR (processing necessary for the performance of
our contract with you) and/or Article 6(1)(f) GDPR (our legitimate interest in maintaining a secure,
functioning service).
• Analytics cookies: Article 6(1)(a) GDPR (your consent), given through our cookie-consent banner.
5. Your Rights and Choices
You have the following rights in relation to your personal data processed via cookies,
exercisable free of charge:
• Right of access – request a copy of the personal data we hold about you.
• Right to rectification – ask us to correct inaccurate data.
• Right to erasure – ask us to delete your data where there is no legitimate ground for its continued
processing.
• Right to restriction of processing – ask us to pause processing in certain circumstances.
• Right to data portability – receive your data in a structured, commonly used, machine-readable
format.
• Right to object – object to processing based on legitimate interests.
• Right to withdraw consent – where processing is based on consent, withdraw it at any time without
affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at the address in Section 8. You also have the
right to lodge a complaint with the Croatian Personal Data Protection Agency (Agencija za zaštitu
osobnih podataka, AZOP) at www.azop.hr, or with the supervisory authority in your EU Member State
of habitual residence or place of work.
6. Managing Cookies in Your Browser
In addition to our consent banner, you can control or delete cookies directly through your
browser settings. Links to instructions for the most common browsers are provided below:
• Right of access – request a copy of the personal data we hold about you.
• Google Chrome: https://support.google.com/chrome/answer/95647
• Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
• Apple Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
• Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge
Please note that restricting cookies may affect the functionality of our platform. Strictly necessary
cookies cannot be disabled without impairing core services.
7. Updates to This Policy
We may update this Cookie Policy from time to time to reflect changes in the cookies we use, changes in applicable law, or for other operational or legal reasons. We will notify you of material changes by posting the revised policy on this page with an updated effective date, and – where required by law – by seeking fresh consent. We encourage you to review this page periodically.
8. Contact Us
If you have any questions about this Cookie Policy or our privacy practices, please contact us:
For matters relating to data protection, you may also contact our Data Protection representative through the contact page above.
Let's get you started
Create your account with PentestPad now, a tool developed by pentesters for pentesters.
