Trust & Security

What we collect.What we don't.

A security assessment tool that operates outside your visibility would be ironic. This page documents exactly what the RedTeamTrust agent collects, how data is handled, how long it is retained, and the authorization requirements that must be met before any agent runs.

Authorization is a hard requirement

The assessment agent will not run without a written authorization from the organization being assessed. This is not optional language — the portal workflow requires a signed scope authorization before an assessment bundle is issued.

✓MSSP operators obtain written authorization before downloading any bundle
✓Each bundle is cryptographically scoped to a single organization — it cannot transmit to a different tenant
✓The authorization record is stored in the platform and linked to every telemetry submission
✓Assessments without a matching authorization record are rejected at ingestion

What the agent collects

The agent is a single-run PowerShell script. It does not persist, does not install services, and does not run again unless explicitly re-executed.

Collected

→OS version, build number, hostname, and domain membership
→Security configuration state: BitLocker, Firewall, Secure Boot, TPM, Windows Update
→Security product registration: AV, EDR, Windows Defender configuration
→Identity hardening: local admin count, password policy, LSASS protection, Credential Guard
→Logging configuration: PowerShell logging, audit policy, Sysmon presence, Event Log sizing
→Network configuration state: LLMNR, NBT-NS, mDNS, SMB signing, WPAD, IPv6 binding
→Presence (not content) of credential file paths: ~/.aws, ~/.azure, ~/.ssh/id_*, .env files
→Active probe results: whether your AV intercepted an EICAR test file, whether your EDR flagged an encoded process launch
→Same-LAN OS scan (optional): hostname and OS fingerprint of /24 peers, initiated only when authorized

Not collected

✕No file contents — only file presence is checked for credential path detection
✕No process memory or running process list
✕No document, database, or application data
✕No user activity, browser history, or keystrokes
✕No Active Directory enumeration beyond DC detection (unless a DC check is explicitly in scope)
✕No screenshots or clipboard data
✕No outbound network connections beyond the single POST to the ingest endpoint

Data handling and retention

Transmission

All telemetry is transmitted over TLS 1.2+ to a single ingest endpoint. The bearer token in the script is scoped to one organization — it is rejected by any other tenant's ingest path.

Storage

Assessment telemetry, findings, and reports are stored in an isolated per-MSSP partition. MSSP operators can only access organizations within their own account. RedTeamTrust infrastructure staff have access under strict internal controls.

Evidence files

Compliance evidence uploaded through the client portal (PDFs, screenshots, policy documents) is stored in isolated cloud object storage. Files are served through an authenticated download endpoint — direct URLs are never exposed.

Retention

Assessment data is retained for the duration of the active MSSP engagement. Operators may request deletion at any time. We do not sell, share, or use assessment findings for purposes beyond providing the platform service.

Confidentiality

Assessment reports are generated for the assessed organization and their MSSP partner only. RedTeamTrust does not share findings with third parties, law enforcement, or other customers without explicit written consent except as required by law.

Responsible disclosure

If you discover a vulnerability in our platform or assessment tooling, please report it to us before public disclosure. We commit to acknowledging reports within 2 business days, providing a remediation timeline within 10 business days, and not pursuing legal action against good-faith researchers who follow responsible disclosure practices.

Contact security team