Privacy Policy

Last Updated: October 18, 2025

1. Information We Collect

1.1 Account Information

When you create a Vultrik account, we collect:

• Email address (required for authentication and notifications)
• Full name (optional, for personalization)
• Company name (optional)
• Password (securely hashed using bcrypt with salt rounds of 10)

1.2 Scan Data

To perform security scans on your behalf, we collect and process:

• Domain names, IP addresses, and URLs you provide for scanning
• Technical scan results including vulnerabilities, SSL certificates, DNS records, and HTTP headers
• Historical scan data for trend analysis and comparison

1.3 Usage Information

We automatically collect certain information when you use our platform:

• Log data (IP address, browser type, access times, pages viewed)
• Device information (operating system, device identifiers)
• Cookies and similar tracking technologies (see Section 6)

1.4 Dark Web Monitoring

If you enable dark web monitoring (Enterprise plan), we collect:

• Email addresses and domains you want to monitor
• Alerts and matches found in breach databases and dark web sources

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To perform security scans, generate reports, and provide dark web monitoring
• Account Management: To create and manage your account, process subscriptions, and provide customer support
• Communication: To send security alerts, scan reports, product updates, and transactional emails
• Improvement: To analyze usage patterns, improve our scanning algorithms, and enhance the platform
• Security: To detect fraud, prevent abuse, and protect the security of our platform
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

3. Data Sharing and Disclosure

3.1 We Do NOT Sell Your Data

Vultrik does not sell, rent, or trade your personal information to third parties for marketing purposes.

3.2 Service Providers

We may share your information with trusted third-party service providers who assist us in operating our platform:

• Cloud infrastructure providers (hosting and storage)
• Payment processors (for subscription billing)
• Email service providers (for transactional emails and alerts)
• Analytics providers (for usage statistics)

These providers are contractually obligated to protect your data and use it only for the specific services they provide to us.

3.3 Integrations

If you choose to integrate Vultrik with third-party services (Slack, Teams, Jira, ServiceNow, Google Chat), we will share relevant scan results and alerts with those platforms according to your configuration. You control what data is shared through integration settings.

3.4 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Vultrik, our users, or others.

3.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control.

4. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

• Account Data: Retained while your account is active and for 30 days after account deletion
• Scan Results: Retained for the duration of your subscription plus 90 days for recovery purposes
• Billing Records: Retained for 7 years to comply with tax and accounting regulations
• Logs and Usage Data: Retained for 12 months for security and debugging purposes

5. Data Security

We implement security measures to protect your information:

• Password Security: All passwords are hashed using bcrypt (10 salt rounds) before storage.
• Multi-Factor Authentication: TOTP-based 2FA is available and recommended for all accounts.
• API Security: API keys are hashed using SHA-256 and support scoped permissions and rate limiting.
• Session Management: JWT tokens with 7-day expiration for authenticated sessions.
• Database Security: PostgreSQL database with parameterized queries to prevent SQL injection.
• HTTPS: All connections use HTTPS/TLS encryption in transit.

While we implement security best practices, no system is 100% secure. We strongly recommend using strong, unique passwords and enabling 2FA.

6. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your logged-in session
• Remember your preferences and settings
• Analyze usage patterns and improve the platform
• Detect and prevent fraud

You can control cookies through your browser settings, but disabling certain cookies may limit platform functionality.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

You can access your account data through the Settings page. You can request a copy of your data in a portable format by contacting support@vultrik.com.

7.2 Correction

You can update your account information through the Settings page at any time.

7.3 Deletion

You can delete your account through Settings > Account > Delete Account. This will permanently remove your account data within 30 days, subject to legal retention requirements.

7.4 Opt-Out

You can opt out of marketing emails via the unsubscribe link in any email. Transactional emails (security alerts, scan reports) cannot be disabled while your account is active.

7.5 Object and Restrict

You may object to certain processing activities or request restrictions on how we use your data by contacting us.

8. International Data Transfers

Vultrik is based in the European Union. If you access our services from outside the EU, your information may be transferred to and processed in the EU. We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for data transfers to countries with equivalent data protection

Enterprise customers can request EU-only data processing and storage.

9. Children's Privacy

Vultrik is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

10. Third-Party Links

Our platform may contain links to third-party websites or services. This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party services you interact with.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (we don't sell your data)
• Right to non-discrimination for exercising your CCPA rights

To exercise these rights, contact privacy@vultrik.com.

12. GDPR Compliance (European Users)

If you are in the European Economic Area (EEA), UK, or Switzerland, we process your data in accordance with the General Data Protection Regulation (GDPR). Our legal bases for processing include:

• Contract: Processing necessary to provide our services
• Legitimate Interests: Improving our platform, fraud prevention, and security
• Consent: Marketing communications (you can withdraw consent at any time)
• Legal Obligation: Compliance with applicable laws

You have the right to lodge a complaint with your local data protection authority.

13. Data Protection Officer

For privacy-related inquiries, concerns, or to exercise your data rights, contact our Data Protection Officer:

Email: dpo@vultrik.com
Address: Vultrik Data Protection Officer, [Address to be provided]

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice on our platform

Your continued use of Vultrik after changes become effective constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@vultrik.com
• Support: support@vultrik.com
• Website: https://vultrik.com