redteamer logo

Legal

Policies

These Policies describe how RedTeamer Ltd (“redteamer”, “we”, “us”) handles privacy, support processing, support service levels, and security reporting for the redteamer software and our sites (including redteamer.io and docs.redteamer.io).

Privacy Policy

RedTeamer Ltd (“we”, “us”). We develop and license the redteamer software to business customers. This policy explains how we handle personal data on our website, in sales/support, and during licensing. It does not cover your systems or targets you assess with our software. RedTeamer Ltd is the controller for the processing described here.

What we collect & why

  • Website & security: our edge/hosting provider (Cloudflare) processes IP addresses, basic device info and request metadata to serve pages, mitigate abuse, and keep the service secure.
  • Sales & billing: business contact details you provide (name, role, email, company, postal/billing details), purchase orders, invoices, payment confirmations (via Wise) and related communications — used to respond to enquiries, issue invoices, and perform the contract.
  • Support: details you submit in our Jira Service Management portal (contact details, ticket content, attachments/logs you choose to upload) — used to triage and resolve requests.
  • Open source: if you interact with our public GitHub repositories, your GitHub handle and content are processed under GitHub’s terms.
  • We do not collect product telemetry or usage data from redteamer.

We rely on contract (e.g., fulfil an order or support ticket), legitimate interests (run, secure and improve our site and business communications), and legal obligation (tax/accounting).

Sharing

We use trusted providers acting on our behalf, including Cloudflare (website security/hosting), Atlassian Jira Service Management (support), Wise (payments), plus our accountants and professional advisers. We do not sell personal data.

International transfers

Where data moves outside the UK (for example to US-based providers), we use an appropriate safeguard such as the UK-US Data Bridge (where the provider is certified) or the UK IDTA/UK Addendum with a transfer risk assessment.

Retention

Support tickets typically up to 24 months after closure; sales and billing records generally up to 6 years for tax/accounting; basic security logs are kept by infrastructure providers for short operational periods unless needed to investigate incidents.

Your rights (UK GDPR)

You may request access, rectification, erasure, restriction, portability, and object to processing where applicable. To exercise rights or ask questions, contact us via our Jira Service Management portal (see Support in the header). You may lodge a complaint with the UK ICO (ico.org.uk).

Cookies

We currently use only strictly necessary cookies/technologies needed to serve content and protect the site (e.g., Cloudflare security/bot-management cookies). We do not use analytics or advertising cookies. Because only necessary cookies are used, a consent banner is not required. Details of essential cookies and their purposes are available on request.

Website Terms of Use

These Website Terms of Use (“Terms”) govern access to and use of websites operated by RedTeamer Ltd, including redteamer.io and docs.redteamer.io (collectively, the “Site”). By using the Site, you agree to these Terms. If you purchase or use our software, the License Agreement applies in addition to these Terms and governs licence scope and product use.

Who we are & Acceptance

This Site is operated by RedTeamer Ltd and is intended for business users. If you do not agree to these Terms, do not use the Site.

Content & IP

All Site content (branding, text, images, videos, and documentation) is owned by redteamer or its licensors. You may view and link to public pages for legitimate business purposes. Our open-source repositories are licensed under their respective OSS licences; these Terms do not alter those licences.

Acceptable Use

Do not circumvent security or access controls, interfere with the Site, scrape at scale, use the Site in breach of law, frame our pages, or imply endorsement. You may link to public pages in a fair and legal manner that does not imply endorsement.

Third-Party Services

The Site may link to or rely on third-party services (e.g., Jira Service Management for support, GitHub for code, documentation hosting/CDN providers). Those services are provided under their own terms and privacy notices; we are not responsible for them.

No Warranties; Limitation of Liability

The Site is provided “as is” and “as available.” To the maximum extent permitted by law, we exclude implied warranties and will not be liable for any loss or damage arising from use of or inability to use the Site. Nothing in these Terms limits liability that cannot be limited under law. Product warranties/limitations are governed by the License Agreement.

Changes, Law & Contact

We may update the Site and these Terms at any time; changes take effect when posted. These Terms are governed by the laws of England and Wales, and the courts of England and Wales have exclusive jurisdiction. For queries, please use our Support portal. Company details appear in Contact & Company Details below.

Support DPA

This Data Processing Addendum applies only to personal data contained in support tickets/attachments that you submit to our Jira Service Management portal (“Support Data”). For all other data (e.g., sales/billing, website security), redteamer acts as an independent Controller as set out in the Privacy & Cookies Notice.

Parties & Roles

For Support Data only, Customer is the Controller and RedTeamer Ltd is the Processor. Each party will comply with applicable data protection laws.

Subject Matter, Duration, Nature & Purpose

  • Subject matter: processing of Support Data in tickets and uploaded files.
  • Duration: for the life of the ticket, plus the retention period below.
  • Nature & purpose: storage, access, triage, communication, analysis, and remediation solely to provide support.

Categories of Data & Data Subjects

  • Data: business contact details (names, roles, emails), ticket content, and technical logs or artifacts you submit (which may incidentally contain personal data).
  • Data subjects: your personnel and end-users as determined by you.

Processor Obligations

redteamer will: (a) process only on documented instructions; (b) ensure confidentiality; (c) implement appropriate technical and organisational measures; (d) assist with data subject requests and security incidents relating to Support Data; (e) delete or return Support Data 90 days after ticket closure unless law requires retention.

Sub-Processors

Authorised for Support Data: Atlassian Jira Service Management (ticketing), Cloudflare (security/edge delivery for portals), and standard infrastructure providers used to host/support the ticketing workflow. We remain responsible for sub-processors’ obligations, keep an up-to-date list on request, and will notify material changes allowing reasonable objection. If unresolved, you may suspend submission of Support Data to the affected service.

International Transfers

Where Support Data is transferred outside the UK, we will use a valid safeguard (e.g., UK Addendum/IDTA or the UK-US Data Bridge where applicable) and conduct transfer risk assessments as required.

Security

We maintain access controls/least-privilege, encryption in transit, vulnerability management, and logging/monitoring appropriate to the support function.

Audit & Information

On reasonable written notice, we will provide information necessary to demonstrate compliance (e.g., policy summaries or independent report excerpts). Any on-site audit is subject to confidentiality, reasonable scope/scheduling, and cost reimbursement.

Incident Notification

We will notify you without undue delay after becoming aware of a personal data breach affecting Support Data and provide information reasonably available to assist your assessment and any required notices.

Liability & Precedence

Liability limits and exclusions in the underlying agreement (including the EULA and Order & Payment Terms) apply. If there is a conflict, this DPA prevails for support-processing only.

Support Policy

redteamer provides ticketed product support for licensed business customers. This section defines what we support, how to contact us, how we prioritise issues, and our first-response targets.

Scope: installation, licensing, updates, and defect reports related to the redteamer binary and official modules.

Not included: consulting, training, custom module development, third-party tools, or operational tradecraft.

How to contact us

  • Channel: Jira Service Management — https://redteamer-io.atlassian.net/servicedesk/customer/portals
  • Language: English
  • Attachments: include logs or screenshots as needed (redact secrets/PII).

We do not offer phone/on-call support.

Hours & Definitions

  • Business hours: Monday–Friday, 09:00–18:00 (UK time), excluding UK public holidays.
  • Business day: a day within the business hours window above.
  • First response: a human acknowledgement with triage outcome and next steps. It is not a resolution guarantee.

Priority Levels

Please select a priority when opening a ticket. We may adjust the priority during triage if needed.

P1 — Critical impact

  • Product is unusable in production or a critical operation is blocked (e.g., installer fails on all supported hosts; severe regression with no workaround).
  • No reasonable workaround available.

P2 — Major impact

  • Important features are impaired or installation issues affect some environments; a workaround exists but is undesirable or risky.

P3 — Minor impact / questions

  • Non-blocking defects, clarifications, documentation issues, enhancement requests.

First-response targets

PriorityFirst response target
P1 – Critical3 business days
P2 – Major5 business days
P3 – Minor/Question10 business days

Targets are measured in business days and represent our typical response goals. They are not service credits or a warranty.

Customer responsibilities

  • Provide the redteamer version, OS/distro/arch, and exact commands used.
  • Share minimal reproduction steps and relevant logs (with secrets/PII redacted).
  • Confirm any workarounds tried and the result.
  • For licensing issues, include the invoice ID or licence reference.

Supported environment

  • Platforms: Kali Linux (AMD64/ARM64), as documented in our installation guide.
  • Deployment model: local-first binary; no cloud components required.

Fixes & updates

  • Fixes ship as product releases/patches.
  • We may request temporary diagnostic output or additional logging to investigate defects.
  • We do not perform on-site work or remote access to your systems.

Out of scope (examples)

  • Penetration-testing advice, adversary simulation planning, or red-team tradecraft.
  • Tuning or troubleshooting third-party tools and community modules not maintained by redteamer.
  • Custom integrations, training, or professional services (available only if separately contracted).

Vulnerability Disclosure Policy

redteamer is a power-users tool intended to control an operator’s own assessment VM with broad access (devices, filesystem, network). Many security controls are expected to be provided by the execution environment (e.g., sandboxed VMs, network isolation). This policy clarifies what we consider a vulnerability, how to report it, and what you can expect from us.

Scope

In scope: redteamer.io and docs.redteamer.io; the redteamer binary/installer and official redteamer-maintained modules; our Jira Service Management portal (non-destructive testing only); and supply-chain integrity (release/signing/module provenance).

Out of scope: expected high-privilege behavior on the operator VM; issues caused solely by insecure environment configuration; volumetric DoS; third-party/community modules; best-practice observations without viable exploit; social engineering; legacy/EoL versions.

Coordinated disclosure & timelines

  • Embargo: please allow up to 90 days before public disclosure.
  • Acknowledgement: within 5 business days.
  • Triage status: within 10 business days.
  • Remediation targets: Critical 30d · Major 60d · Minor 90d.

We do not operate a bug bounty. With permission, we credit researchers after remediation.

How to report

  • Email: security@redteamer.io (preferred)
  • Portal: open a ticket and choose “Security report”
    Include impact, affected version(s), platform/distro/arch, minimal reproduction, and whether the issue is exploitable without operator consent.

Rules of engagement & Safe-harbor

No data exfiltration beyond demonstration; use test data where possible; avoid service disruption; comply with law. If you follow this policy in good faith and limit testing to the scope above, we will consider your testing authorised and will not pursue legal action for your research activity.

Contact & Company Details

RedTeamer Ltd Registered in England & Wales.

  • Company No: 16571703
  • Registered office: 124 City Road, London, England, EC1V 2NX
  • Company status: Active
  • Company type: Private limited company
  • Contact: hello@redteamer.io
  • Support: https://redteamer-io.atlassian.net/servicedesk/customer/portals