Per-product transparency
Dhara
Audit engine that scans systems you own or are explicitly authorized to test, producing structured reports and an intelligence knowledge graph.
dhara.eleven11.pro · audit.eleven11.pro
What we collect, why, and how long
| Data | Purpose | Lawful basis | Retention | Region |
|---|---|---|---|---|
| Audit subjects | Run the scan you authorized against the domains and endpoints you authorized. | Performance of contract | Findings retained for the engagement term + 7 years for legal-hold compliance unless contractually shorter. | EU (Germany), EU (Finland), India |
| Operational telemetry | Operate the scan reliably; debug failed runs. | Legitimate interest | 30 days. | EU (Germany), EU (Finland) |
Subprocessors involved
| Vendor | Purpose | Region | Conditional | DPA |
|---|---|---|---|---|
| Hetzner Online GmbH | Compute and storage hosting for Eleven11 services | EU (Germany), EU (Finland) | — | Vendor DPA |
| Cloudflare, Inc. | DNS, CDN, edge proxy, and tunneling | Global | — | Vendor DPA |
| Anthropic, PBC | Large language model inference. Used only when a customer has not configured their own BYOK provider; Eleven11 never silently routes BYOK-configured workloads to Anthropic. | United States | Only when no BYOK LLM provider is configured for the workspace. | Vendor DPA |
How to delete your data
Email [email protected] with your customer ID. Customer-portal self-delete is on the roadmap.
Defensive tripwires (canary tokens)
Dhara may deploy canary tokens during engagements you scope and authorize. Each token's interactions are logged in your engagement record. Canaries are never deployed against systems outside your authorized scope.