← Back to Home

Privacy Policy

Last updated: 18 February 2026

Who We Are

Probe Six is operated by djinnsix Limited, a company registered in England and Wales. Our registered address is 86-90 Paul Street, London, England, EC2A 4NE.

djinnsix Limited is the data controller for personal data processed through the Probe Six platform. This policy explains what data we collect, why we collect it, how long we keep it, and your rights over it.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where users are based in the European Economic Area (EEA), we also comply with EU GDPR.

Information We Collect

Account information

  • Email address (required to create an account)
  • Name (optional)
  • Password (hashed; never stored in plain text)

Platform usage data

  • LLM endpoint configurations you create (URLs, authentication method — credentials are stored encrypted)
  • Scan results and security assessment reports
  • Platform interactions (e.g. pages visited, features used) — collected in aggregated, anonymised form via essential session data

Technical data

  • IP address and browser information (captured in server logs and error tracking)
  • Device type and operating system (from browser user-agent)
  • Session identifiers (required for authentication)

How We Use Your Information

We use the data we hold for the following purposes:

  • Providing the service — running security assessments against the endpoints you register and generating reports
  • Account management — authentication, account settings, and billing
  • Security — detecting abuse, investigating incidents, and protecting user data
  • Communication — sending service notifications, security alerts, and support responses
  • Legal compliance — meeting our obligations under applicable law

We do not sell your data to third parties, use it for advertising, or share it for any purpose other than those listed above.

Lawful Basis for Processing

  • Contract — processing necessary to deliver the service you have signed up for
  • Legitimate interests — security monitoring, error logging, and abuse prevention
  • Legal obligation — retaining records required by law

Data Storage and Security

Where your data is stored

Your data is stored in AWS data centres in eu-west-2 (Ireland). We do not transfer data outside the UK or EEA unless required to and, if so, we ensure appropriate safeguards are in place.

Security measures

  • All data in transit is encrypted using TLS via AWS CloudFront
  • Data at rest is encrypted using AWS KMS
  • Authentication is handled by Amazon Cognito; passwords are hashed and never accessible to us
  • A Web Application Firewall (AWS WAF) protects our API and front-end
  • Security testing is conducted as part of our development process

For more detail on our technical security measures, see our Security page.

Data Retention

We retain personal data only for as long as necessary. Under UK GDPR, we are required to apply the data minimisation principle — retaining data for the shortest reasonable period.

  • Account data — retained while your account is active. On closure, your account data is deleted within 30 days, unless you request earlier deletion.
  • Scan results and reports — retained while your account is active. You can delete individual scans at any time from within the platform.
  • Application and error logs — retained for a short operational period (typically up to 30 days) and then deleted automatically.

We do not retain data for extended periods unless there is a specific legal basis requiring it. We have no such basis for the data we hold in connection with LLM security assessments.

Your Rights

Under UK GDPR (and EU GDPR where applicable), you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data, subject to any legal retention obligations
  • Restriction — ask us to limit how we process your data in certain circumstances
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interests

To exercise any of these rights, contact us at compliance@djinnsix.com. We will respond within one month.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Third-Party Services

We use the following third-party services to operate the platform:

  • Amazon Web Services (AWS) — cloud infrastructure, hosting, authentication (Cognito), and database. AWS processes data under their standard GDPR Data Processing Addendum, which is incorporated into their service terms.
  • Sentry — error tracking and monitoring. Sentry may receive error context including IP addresses and session data when errors occur.
  • Stripe — payment processing. Payment card data is handled entirely by Stripe and is not stored on our systems. Stripe is PCI DSS certified.

We do not use these services for any purpose other than operating Probe Six.

Cookies

We use cookies for:

  • Authentication — session tokens required for you to stay logged in (essential; cannot be disabled)
  • Preferences — storing UI settings such as sidebar state (essential; cannot be disabled)

We do not use advertising cookies or cross-site tracking cookies.

Minimum Age

Probe Six is a professional service not intended for users under 18. We do not knowingly collect data from minors. If you believe a child has created an account, please contact us and we will delete it promptly.

Changes to This Policy

We will update this policy when our data practices change. Material changes will be communicated by email to registered users before they take effect. The date at the top of this page shows when it was last updated.

Contact

For any questions about this policy or to exercise your data rights:

Email: compliance@djinnsix.com

Company: djinnsix Limited

Registered address: 86-90 Paul Street, London, England, EC2A 4NE