Legal

Legal documents

Everything you need to review before using Whocan. Our Terms of Use and Privacy Policy govern the commercial and data-protection terms of your relationship with PRAGMABLE.

Terms of Use (EULA)

Effective 30 March 2026

Commercial terms governing the use of the Whocan platform — subscription, preview access, acceptable use, warranties, liability, and termination. Designed as a B2B agreement between two professionals.

B2B professional useHuman review of Findings requiredFrench jurisdiction

Read full document

Privacy Policy

Effective 30 March 2026

How PRAGMABLE collects, uses, stores, and protects personal data under the GDPR. Covers legal bases, subprocessors, international transfers, retention periods, and your data-subject rights.

GDPR Art. 6 legal basesEU/EEA hosting by defaultNo data sales

Read full document

Trust signals

What you're accepting, in brief

GDPR-compliant processing

Every processing activity is mapped to a GDPR Article 6 legal basis. Findings never constitute automated decision-making under Article 22.

EU/EEA data residency

Customer data is hosted and stored within the EU/EEA by default. Non-EU transfers require SCCs and a Transfer Impact Assessment.

Encryption everywhere

All data encrypted at rest and in transit via TLS 1.2+. Access controls follow the principle of least privilege.

Metadata only — never your data

Whocan analyses IAM configurations, policies, and resource metadata. We do not access S3 contents, database records, or application data.

Verified access to the latest data

Core access stays low-friction. The latest vulnerability database and enterprise capabilities require identity verification (KYC); authorized penetration-testing engagements are approved case-by-case.