SilentProof
Updated April 23, 2026
Privacy Notice
How SilentProof handles request and review data.
This notice explains the personal data processed when a company contact requests a SilentProof security check, when we verify authority, and when we deliver a private report.
SilentProof is a product of Nils Solutions GmbH. This notice is written for the current P0 public flow and will be expanded as the one-time authorization and report portal become fully productized.
01
Controller and contact
SilentProof / Nils Solutions GmbH can be contacted at security@silentproof.io. Privacy, opt-out, deletion, and access requests can use the same address.
02
Data collected from the request form
- 01Requester name, work email, job title, company name, primary in-scope domain, optional security or legal contact, optional context note, and whether the requester wants to start directly with Deep Review.
- 02Technical request data needed to protect the form and service, such as IP address, user agent, origin checks, timestamps, rate-limit signals, and request ID.
- 03The authority and boundary confirmations shown in the form. These confirmations do not authorize testing; they only support request intake.
03
Public contact discovery
If the requester relationship or authority is unclear, SilentProof may use public company-domain contact channels such as security, legal, admin, hello, WHOIS-style, or security.txt contacts to confirm that the company wants the review. When we contact those people, we provide a short explanation of why we are contacting them.
04
Purposes and legal basis
- 01Operate the request intake flow, verify the company-domain relationship, and prevent misuse of the form.
- 02Prepare an authorization step before any active testing begins.
- 03Deliver the service, produce private reports, handle opt-out requests, and keep a limited record of authorization and scope.
- 04Protect SilentProof, customer companies, and third parties from unauthorized or unsafe security testing requests.
05
Reports and review evidence
Review evidence is minimized and redacted where practical. Real reports are intended to be delivered through a private magic-link web report plus a downloadable PDF snapshot. Public sample reports use fictionalized and anonymized content.
06
Recipients and subprocessors
Personal data may be processed by hosting, email, logging, storage, and security service providers used to operate SilentProof. SilentProof does not sell request-form data. Customer report content is not published as marketing material without separate permission and sanitization.
07
Retention
- 01Rejected or paused requests are kept only as long as needed for abuse prevention, support, and auditability.
- 02Authorization records and final report records may be retained longer to prove what was authorized and delivered.
- 03Raw evidence should be kept short and minimized unless a customer asks us to preserve it for remediation or legal review.
08
Your rights
Individuals may request access, correction, deletion, restriction, objection, or a copy of their personal data by emailing security@silentproof.io. You may also contact a data protection supervisory authority. For legal provider details, see the Impressum / Legal Notice.