Trust

Trust and compliance.

How Extuno secures the platform and handles your data, summarized in one place.

Last updated 28 June 2026.

Segmented execution

Every dynamic scan runs in an ephemeral, network-segmented micro-VM that is destroyed after the run, so untrusted code never touches the main platform or your environment.

Data handling

We process artifacts and findings, not personal browsing. Data is encrypted in transit and at rest. Retention is configurable on enterprise plans, and data residency options are available.

Access controls

Multi-tenant isolation, role-based access control, full audit logging, and single sign-on with SCIM provisioning keep access scoped and accountable.

Secret handling

Discovered secrets are encrypted at rest. The platform surfaces leaked credential values to the analyst so they can be rotated, and never transmits them to third parties.

Responsible disclosure

We welcome reports from security researchers and publish our policy, contact, and expiry per RFC 9116 at /.well-known/security.txt.

Compliance posture

Extuno is built to GDPR-aligned data-handling practices. Enterprise customers can request a current security overview and data processing terms.

Questions? Use the contact page.