EvidnZ
Pentest reporting, made EZ
Back to home

Privacy and Shared Responsibility

EvidnZ helps penetration testers convert uploaded evidence, tester context, annotations, redactions, and report metadata into structured findings and report deliverables.

Data Users Upload

Users may upload screenshots, report metadata, finding details, tester notes, affected asset information, points of contact, methodology settings, and other content needed to generate reports.

How Uploaded Data Is Used

Uploaded content is used to support the user's own reporting workflow. EvidnZ uses uploaded screenshots, tester context, annotations, and report fields to generate findings, executive summaries, methodology text, conclusions, and report exports.

AI Processing

EvidnZ uses third-party large language model providers to process user-submitted evidence and generate report content. Uploaded content may be sent to the LLM provider for the purpose of generating or improving the user's own report output.

EvidnZ does not use uploaded customer content to train a public model.

Sensitive Information

Penetration testing evidence may contain sensitive information, including hostnames, IP addresses, URLs, account names, tokens, secrets, client names, screenshots of internal systems, or other confidential data.

Users should avoid uploading unnecessary secrets, credentials, regulated personal data, or client data that is not required for report generation.

Shared Responsibility

EvidnZ provides tools to help users identify, redact, and control sensitive evidence before export. These tools include persistent redactions, sensitive data warnings, and redacted-image export safeguards.

The user remains responsible for:

  • Confirming they are authorized to upload client evidence.
  • Reviewing all uploaded screenshots and report content.
  • Redacting sensitive information before export.
  • Verifying that exported reports do not contain unintended sensitive data.
  • Reviewing AI-generated content for accuracy before client delivery.

Redacted Exports

EvidnZ is designed to export redacted screenshots, not original unredacted screenshots. Users should still review exported files before sending them to clients.

Data Retention

During the closed beta, uploaded evidence and report content are stored privately for the user's account until the user deletes the report or evidence. Optional automatic retention controls may be added later.

Account Isolation

EvidnZ uses authentication and account-level isolation so users can access only their own reports, findings, evidence, annotations, and redactions.

Contact

For privacy or security questions, contact the EvidnZ team.