Back to Home

Privacy Policy

Last updated: January 2025

1. Introduction

ServiceNow Platform Security ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our API security scanning service.

2. Information We Collect

We may collect the following types of information:

  • Account Information: Email address, name, and organization details when you create an account.
  • Instance Data: ServiceNow instance URLs and OAuth credentials you provide for scanning.
  • Scan Results: API security audit results generated by our service.
  • Usage Data: Browser type, IP address, pages visited, and interaction patterns.
  • Cookies: Session cookies and analytics cookies to improve our service.

3. How We Use Your Information

  • To provide and maintain our API security scanning service.
  • To generate security audit reports for your ServiceNow instances.
  • To communicate with you about your account, scans, and service updates.
  • To improve and optimize our scanning algorithms and user experience.
  • To detect, prevent, and address technical issues or abuse.

4. Data Retention

We retain your scan results and account data for as long as your account is active or as needed to provide our services. OAuth credentials are encrypted at rest and are not stored beyond the duration of a scan session. You may request deletion of your data at any time by contacting us.

5. Cookies and Tracking

We use essential cookies to maintain your session and optional analytics cookies (via Vercel Analytics) to understand how our service is used. You can control cookie preferences through your browser settings.

6. Third-Party Services

We may share data with third-party service providers that assist us in operating our platform, including hosting providers and analytics services. These providers are contractually obligated to protect your data and use it only for the purposes we specify.

7. Data Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security audits. However, no method of transmission over the internet is 100% secure.

8. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Object to or restrict processing of your data.
  • Data portability.
  • Withdraw consent at any time.

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at contact@nowisor.com.