VulnerabilityScan.com

Privacy Policy

Last updated: December 15, 2024

1. Introduction

VulnerabilityScan.com ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our managed vulnerability scanning services and website.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Company name and billing information
  • Password (stored in encrypted form)

2.2 Scan Target Information

To perform vulnerability scanning services, we collect information about your assets:

  • IP addresses and domain names
  • Network ranges and configurations
  • Web application URLs
  • Credentials for authenticated scanning (encrypted at rest)

2.3 Scan Results Data

Our scanning services generate:

  • Vulnerability findings and severity ratings
  • System and software version information
  • Configuration details related to security posture

2.4 Usage Information

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Analytics data about service usage

3. How We Use Your Information

We use collected information to:

  • Provide and improve our vulnerability scanning services
  • Generate scan reports and findings
  • Communicate with you about your account and services
  • Process payments and billing
  • Ensure security and prevent fraud
  • Comply with legal obligations
  • Improve our AI-aided triage algorithms

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

  • Service Providers: Third parties who assist in delivering our services (cloud hosting, payment processing)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with mergers, acquisitions, or asset sales

5. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Access controls and authentication
  • Regular security assessments of our own infrastructure
  • Employee security training and background checks

6. Data Retention

We retain your account information and scan data for the duration of your subscription plus 90 days. Upon account termination, you may request immediate deletion of your data. We retain anonymized, aggregated data for service improvement purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Export your data in a portable format
  • Object to or restrict processing
  • Withdraw consent

To exercise these rights, contact us at privacy@vulnerabilityscan.com.

8. International Data Transfers

We are based in the United States. If you access our services from outside the US, your information may be transferred to and processed in the US. We implement appropriate safeguards for international transfers, including Standard Contractual Clauses where applicable.

9. Cookies and Tracking

We use essential cookies for authentication and security. We use analytics tools to understand service usage. You can control cookie preferences through your browser settings.

10. Children's Privacy

Our services are not intended for individuals under 18. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or through our service. Continued use after changes constitutes acceptance.

12. Contact Us

For privacy-related questions or concerns:
Email: privacy@vulnerabilityscan.com
Address: Pittsburgh, PA