ACCELERYNT SECURITY PLATFORM
PRIVACY STATEMENT
Version 1.0 — May 2026
Last Updated: May 13, 2026
This Privacy Statement describes how Accelerynt Security, Inc. (“Accelerynt,” “we,” “us,” or “our”) collects, uses, stores, and protects information in connection with the Accelerynt Security Platform (the “Platform”). This Privacy Statement is incorporated by reference into the Accelerynt Security Platform End User License Agreement (“EULA”) and the Accelerynt Reseller Agreement.
This Privacy Statement applies to customers who access the Platform directly (“Customers”) and to end customers who access the Platform through an authorized reseller (“End Customers”). References to “you” or “your” include both.
1. PLATFORM ARCHITECTURE AND DATA MODEL
1.1 Managed Dedicated Infrastructure
The Platform is operated by Accelerynt on dedicated per-customer Azure infrastructure. Each customer receives a fully isolated Customer Instance consisting of a dedicated Azure App Service, a dedicated PostgreSQL database, a dedicated Azure Key Vault, and a dedicated Azure resource group. No customer data is stored in shared infrastructure. No customer’s data is accessible to any other customer.
1.2 The Platform Is Not Tenant-Resident
The Platform does not run within your Azure subscription or Microsoft tenant. Accelerynt provisions, manages, and operates all Platform infrastructure on your behalf. When the Platform conducts an assessment, it uses read-only API credentials you provide to read configuration data from your Microsoft 365, Entra ID, Azure DevOps, or GitHub environment. This data is transmitted to and stored within your dedicated Customer Instance on Accelerynt-managed Azure infrastructure.
1.3 Two Categories of Information
The Platform involves two distinct categories of information, described in Sections 2 and 3 below: (a) Assessment Data, which is generated and stored within your dedicated Customer Instance; and (b) Operational Telemetry, which is transmitted to Accelerynt’s management infrastructure.
2. ASSESSMENT DATA
2.1 What Assessment Data Includes
Assessment Data means all information generated by or through the Platform within your Customer Instance, including: security findings, configuration snapshots, posture scores, baseline configurations, drift events, Edge Posture scan results, NHI inventories, attack chain analyses, remediation records, workflow history, compliance reports, and any other data produced by the Platform’s assessment and monitoring operations.
2.2 Where Assessment Data Is Stored
Assessment Data is stored exclusively within your dedicated PostgreSQL database on Accelerynt-managed Azure infrastructure. It is not transmitted to a shared Accelerynt data store, not accessible to any other customer, not used by Accelerynt for cross-customer analytics or benchmarking, and not sold, licensed, or shared with third parties.
2.3 Who Owns Assessment Data
You retain all right, title, and interest in your Assessment Data. Accelerynt claims no ownership interest in it. Accelerynt’s operational access to the infrastructure hosting your Assessment Data (described in Section 4) does not constitute any license, right, or claim to that data.
2.4 Source Data Read from Your Environment
During assessment operations, the Platform reads configuration data from your Microsoft 365, Entra ID, Azure DevOps, and GitHub environments using read-only API credentials you provide. This source data is used to generate Assessment Data within your Customer Instance. The Platform operates exclusively with read-only permissions and does not write to, modify, or delete any data in your environments.
2.5 Data Transmitted for External Reconnaissance
When you use the Edge Posture module, the Platform transmits domain names and IP ranges you specify to passive reconnaissance sources (including Shodan, Certificate Transparency logs, SecurityTrails, VirusTotal, and BGP routing databases) to discover externally visible assets. Only domain names and IP ranges are transmitted — no Assessment Data, credentials, or internal configuration data is shared with these services.
3. OPERATIONAL TELEMETRY
3.1 What Operational Telemetry Includes
The Platform transmits limited operational signals to Accelerynt’s management infrastructure solely for license validation and platform reliability purposes. Operational Telemetry includes:
| Category | Examples |
| Platform health | Service availability, API response times, error rates, resource utilization |
| License validation | Subscription status checks, module entitlement verification, tenant count |
| Deployment status | Software version, deployment timestamps, update status |
3.2 What Operational Telemetry Does NOT Include
Operational Telemetry does not include: Assessment Data, security findings, configuration content, tenant names or identifiers from your Microsoft environment, user identities or email addresses from your environment, Edge Posture scan results, Control Integrity data, or any data read from your Microsoft 365, Entra ID, Azure DevOps, or GitHub environment during assessment operations.
3.3 How Operational Telemetry Is Used
Accelerynt uses Operational Telemetry solely for: (a) verifying that your subscription is active and that licensed modules are correctly entitled; (b) monitoring the health and performance of your Customer Instance; (c) planning capacity and infrastructure scaling; and (d) diagnosing platform-wide issues that affect service reliability. Accelerynt does not use Operational Telemetry for advertising, marketing profiling, behavioral analytics, or sale to third parties.
4. ACCELERYNT’S OPERATIONAL ACCESS
4.1 Why Accelerynt Has Access
Because Accelerynt operates the infrastructure hosting your Customer Instance, Accelerynt personnel have administrative access to the Azure resources comprising your instance. This access is necessary to deliver the managed service and is used for: software deployments, updates, and version management; infrastructure health monitoring and incident response; database maintenance, backup operations, and performance optimization; security hardening and vulnerability remediation; and customer support sessions.
4.2 Support Session Controls
Support access to your Customer Instance requires a time-limited JSON Web Token (JWT) with a default 60-minute expiration. A preflight health check is performed before any session. A temporary support user account is provisioned for the session and automatically removed on expiry. All support actions are logged in the Platform audit trail with actor identity and timestamp. Sessions are revocable by Accelerynt administrators at any time.
4.3 Assessment Data Access Limitations
Accelerynt personnel do not access, read, export, copy, or use your Assessment Data during operational access except where directly necessary to diagnose and resolve a specific support issue you have raised. Any such access is logged in the audit trail.
5. THIRD-PARTY SERVICES
The Platform uses the following third-party services in normal operation:
| Service | Purpose | Data Shared |
| Microsoft Azure | Infrastructure hosting (App Service, PostgreSQL, Key Vault, Front Door, Sentinel, Application Insights) | All Platform data resides on Azure; isolated per customer |
| Microsoft Graph API | Read-only access to your M365/Entra ID environment | Configuration data read via credentials you provide |
| Azure DevOps REST API | Read-only access to your ADO organization | Configuration data read via credentials you provide |
| GitHub REST/GraphQL API | Read-only access to your GitHub org (Cloud only) | Configuration data read via GitHub App installation |
| Shodan InternetDB | Passive CVE correlation for Edge Posture | IP addresses only |
| NVD CPE Dictionary | Vulnerability reference data | None (public reference data) |
| CISA KEV Feed | Known Exploited Vulnerabilities catalog | None (public reference data) |
| FIRST EPSS Feed | Exploit Prediction Scoring | None (public reference data) |
| VirusTotal (optional) | Subdomain discovery | Domain names only |
| SecurityTrails (optional) | Subdomain and DNS history | Domain names only |
| BGPView | ASN and IP prefix enumeration | IP ranges only |
| Stripe | Subscription billing and payment processing | Billing contact and payment method (no card data stored by Accelerynt) |
| Azure Communication Services | Transactional email delivery | Recipient email addresses and notification content |
| Azure Application Insights | Platform performance monitoring | Operational telemetry only (no Assessment Data) |
No third-party service receives your Assessment Data, Control Integrity data, or Edge Posture scan results, except as described above where only domain names or IP ranges are shared for external reconnaissance.
6. DATA RETENTION
6.1 During the Subscription Term
Assessment Data is retained within your dedicated Customer Instance for the duration of your Subscription Term. You may export Assessment Data in JSON or CSV format at any time using the Platform’s built-in export functionality.
6.2 Post-Termination
Upon expiration or termination of your subscription, Accelerynt retains your Assessment Data for thirty (30) days to allow for data export and orderly transition. Following that period, Accelerynt deletes the dedicated infrastructure comprising your Customer Instance, including the database, Key Vault secrets, and application data. Azure infrastructure backups may persist for up to seven (7) days beyond deletion per Azure’s standard backup lifecycle policies.
6.3 Operational Telemetry Retention
Operational Telemetry is retained for up to twelve (12) months for platform health analysis and then deleted or anonymized.
7. SECURITY MEASURES
Accelerynt implements the following security measures to protect the Platform infrastructure and your data:
Encryption: AES-256-GCM encryption for all credentials stored in Azure Key Vault. TLS 1.2+ for all data in transit.
Network protection: Azure Front Door Standard with Web Application Firewall (OWASP 2.1 ruleset). Rate limiting on authentication endpoints (10 requests/minute).
Isolation: Per-customer Azure resource group with RBAC-level isolation. Multi-tenant access verification middleware on all data endpoints.
Application security: Non-root container execution. Security headers enforced (HSTS, CSP, X-Frame-Options, X-Content-Type-Options). SSRF protection on the edge scanner.
Monitoring: Application Insights and Microsoft Sentinel SIEM for platform-level threat detection.
Testing: 1,454 automated tests in the CI/CD pipeline.
8. YOUR RIGHTS
8.1 Access and Export
You may access and export your Assessment Data at any time during the Subscription Term using the Platform’s built-in export functionality (JSON, CSV, PDF, and HTML formats). You may also access Assessment Data programmatically through the Platform’s public API.
8.2 Deletion
You may request deletion of your Assessment Data at any time by contacting privacy@accelerynt.com. Upon verified request, Accelerynt will delete the relevant data within thirty (30) days, subject to any legal retention obligations.
8.3 Correction
Assessment Data is machine-generated from your environment configuration. If you believe any Assessment Data is inaccurate, you may modify finding status and workflow fields directly in the Platform, or contact support to request correction of data that cannot be modified through the Platform interface.
8.4 Data Portability
The Platform’s export functionality produces data in standard, machine-readable formats (JSON, CSV) that can be imported into other systems.
8.5 Objection to Telemetry
If you object to the collection of Operational Telemetry, contact privacy@accelerynt.com. Note that license validation telemetry is required for Platform operation and cannot be disabled without terminating the subscription.
9. INTERNATIONAL DATA CONSIDERATIONS
Platform infrastructure is hosted on Microsoft Azure in the United States. If you are located outside the United States, your use of the Platform involves the transfer of configuration data from your environment to Accelerynt-managed infrastructure in the United States. By using the Platform, you acknowledge this transfer. If you require specific data transfer mechanisms (such as Standard Contractual Clauses under GDPR), contact legal@accelerynt.com to discuss a Data Processing Agreement.
10. CHILDREN’S PRIVACY
The Platform is a business-to-business security assessment tool. It is not directed at individuals under the age of 16, and we do not knowingly collect personal information from children.
11. CHANGES TO THIS PRIVACY STATEMENT
Accelerynt may update this Privacy Statement from time to time. We will provide at least thirty (30) days’ advance notice of any material changes by posting the updated statement and notifying you through the Platform or by email. The “Last Updated” date at the top of this document indicates when the most recent changes were made. Your continued use of the Platform after the notice period constitutes acceptance of the updated Privacy Statement.
12. CONTACT INFORMATION
Privacy inquiries: info@accelerynt.com
Legal inquiries: legal@accelerynt.com
Mailing address: Accelerynt, Inc., 6600 Chase Oaks Blvd, Suite 150, Plano, Texas 75023
Accelerynt, Inc. — Privacy Statement v1.0 — May 2026