Data retention policy

Last updated: Mar 5, 2026

As a company, ensuring the integrity of the services we provide to our users is vitally important. Therefore, when we delete a group on our platform, we retain specific data that contains valuable information about the history of that group, always respecting and guaranteeing the confidentiality of this information. This practice is essential to maintain the integrity of our operations and services. It reinforces our ability to provide quality service. As stated in our data use policy , the information is used only to provide our service.

These are the fields we keep in our database after deleting a group in our platform:

• From the organization and group created:
  • Creation date
  • Language
  • Country
  • State info: active services, modification dates
  • Code languages information
  • Sprint length and start date
• From registered repositories:
  • Creation date
  • Code languages info
  • Type: Git repository, URL, IP
• From the ToE surface (lines, ports):
  • Attack date
  • Attacker email
  • First attack date
  • Whether it has vulnerabilities
  • Discovery date
  • Whether the ToE was present in the Surface section before group deletion
  • Last date the ToE was present in Surface
  • For input ToEs: discoverer email
  • For line ToEs:
    • Lines of code
    • Attacked lines
    • Sorts risk level
• From the vulnerability types  found (aka weaknesses):
  • Title
  • Severity:
    • CVSS v3.1 vector string, base and temporal score
    • CVSS v4.0 vector string, base and temporal score
    • CVSSF
  • Requirements
  • Hacker email
  • Status information
  • Whether Sorts was involved in detection
  • Information on reattacks and verifications
• From the vulnerabilities found (aka locations):
  • Type: input, line, port
  • Severity
    • CVSS v3.1 vector string, base and temporal score
    • CVSS v4.0 vector string, base and temporal score
    • CVSSF
  • Machine method, if applies
  • Information regarding status, treatments and verifications
  • Custom level (aka priority; user defined)
  • Technique used for detection
  • File extension for code vulnerabilities
• From the events in the group:
  • Creation date
  • Creator’s email address
  • Event date
  • Hacker email
  • Solution reason
  • Solving date
  • State info
  • Type

We do not store any information related to:

• Personal info: email, names, phone numbers, etc. In this regard, any external email is deleted if it is present in any other fields mentioned above.
• Repositories
• Credentials
• URLs
• Endpoints

Other privacy measures

• Data privacy policy 
• Data use policy 
• Email obfuscation 
• Employee time tracking 
• Manual for the NDR 
• OTR messaging 
• Polygraph tests 
• Project pseudonymization 
• Sensitive data transmission 
• Unsubscribe email 
• Use of cookies 
• Use of OpenAI as a subprocessor