Data Protection

GDPRCompliance

How HBM Security protects your data and upholds your rights under the General Data Protection Regulation.

HBM Security is committed to full compliance with the General Data Protection Regulation (GDPR). As a WordPress security platform that processes site data on behalf of our users, we take our responsibilities as both a data controller and data processor seriously.

This page outlines how we comply with GDPR requirements, your rights as a data subject, and the measures we take to protect your personal data.

Your Data Rights

Under GDPR, you have the following rights regarding your personal data

Right of Access

You can request a copy of all personal data we hold about you, including account information, scan data, and usage logs.

Right to Rectification

You can request correction of any inaccurate or incomplete personal data. Update your account details directly from the dashboard.

Right to Erasure

You can request complete deletion of your account and all associated data. We will permanently delete your data within 30 days.

Right to Data Portability

You can export your scan results, threat reports, and site data in machine-readable formats (JSON/CSV) from the dashboard.

Right to Restrict Processing

You can request that we limit the processing of your data in certain circumstances, such as while a dispute is being resolved.

Right to Object

You can object to the processing of your personal data for specific purposes, including marketing and analytics.

Data Processing Activities

A complete overview of the data we process, why, and for how long

Category	Data	Purpose	Legal Basis	Retention
Account Data	Name, email address, encrypted password	Account management and authentication	Contract performance	Duration of account + 30 days
Site Data	Domain names, SSH credentials (encrypted), scan results	Providing security scanning services	Contract performance	Duration of account + 30 days
Threat Data	Detected malware, vulnerabilities, file hashes	Threat detection and remediation	Legitimate interest	12 months
Usage Data	Pages visited, features used, scan configurations	Service improvement and analytics	Legitimate interest	6 months
Payment Data	Billing address, payment method (processed by Stripe)	Subscription billing	Contract performance	Duration of subscription + legal requirements

Technical & Organizational Measures

We implement robust security measures to protect your personal data

TLS 1.3 encryption for all data in transit

AES-256 encryption for SSH credentials at rest

Isolated Docker containers for scan execution

PostgreSQL with encrypted connections

Regular security audits and vulnerability assessments

Role-based access controls for all systems

Automated backup procedures

Incident response procedures in place

Data Processing Agreement

For customers who require a Data Processing Agreement (DPA), we offer a standard DPA that covers our obligations as a data processor under GDPR Article 28.

To request a DPA, please contact us at privacy@homebuildermarketers.com.

Sub-Processors

We use the following sub-processors to deliver our services:

HostingerInfrastructure hosting (VPS, domain management)EU/US

Anthropic (Claude AI)AI-powered threat analysis (scan data not used for training)US

StripePayment processingUS

Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

Exercise Your Data Rights

Contact our Data Protection team to exercise any of your GDPR rights or for any questions about data protection.

Contact DPO