Privacy policy

Vulnaly ("we", "our" or "us") is committed to protecting your privacy and personal data. This privacy policy explains how we collect, use and store information when you use our website security scanner services.

By using our services, you agree to the data collection and use practices described in this privacy policy. We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data controller: Vulnaly, registered globally. Contact us: [email protected]

We collect the following data:

Personal data:

• Contact information: name, surname, email address (when ordering paid service).
• Payment information: payment data is processed through the Stripe payment system. We do not store your payment card data.

Website scanning data:

• Website URL: your provided website address for scanning.
• Scan results: security vulnerability and speed metrics analysis results.
• Reports: generated security and speed reports with unique identifiers.

Technical data:

• Browsing data: IP address, browser type, browsing information, pages viewed.
• Cookie data: information collected through cookies and similar technologies.
• Server logs: technical information about website usage.

Important: We only check publicly accessible data. We do not attempt to break into your website or access private content.

We use your data for the following purposes:

Service provision:

• Website security and speed scanning.
• Security vulnerability and speed problem identification.
• Detailed report generation and presentation.
• Payment processing through Stripe system.

Communication:

• Sending reports to you by email.
• Providing technical support.
• Sending service updates and security alerts.

Legal purposes:

• Implementation of tax and accounting requirements.
• Resolution of legal disputes.
• Compliance with laws and regulations.

Legal basis:

• Consent: when you explicitly agree to data processing.
• Contract performance: for providing paid services.
• Legitimate interest: to ensure website security and functionality.
• Legal obligation: for tax and accounting requirements.

We implement appropriate technical and organizational measures to protect your data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.

Technical measures:

• SSL/TLS encryption for all data transmission.
• Database encryption.
• Regular security update installation.
• Firewalls and antivirus software.
• Regular security audits and testing.

Organizational measures:

• Data access restriction to authorized employees only.
• Two-factor authentication.
• Strict password policy.
• Regular employee training on data security issues.
• Documentation of data processing procedures.

While we strive to protect your data, no method of data transmission over the internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your data.

Our website uses cookies and similar technologies to improve your browsing experience and ensure website functionality.

Cookie types:

• Necessary cookies: required for website operation (session management, security).
• Functional cookies: allow the website to remember your choices.
• Analytical cookies: help understand website usage (anonymous information).

You can control cookies at any time through your browser settings. Note that disabling cookies may cause some website functions to not work properly.

We store your data only for as long as necessary for the specified purposes, unless a longer retention period is required by law.

Retention periods:

• Scan results and reports: 2 years after last scan.
• Payment data: 10 years (tax and accounting requirements).
• Customer account data: as long as you have an active account, or 2 years after last login.
• Communication data: 2 years after last communication.
• Server logs: 6 months.
• Cookie data: according to cookie type settings (from session end to 2 years).

When data is no longer needed, we securely delete or anonymize it. Anonymized data may be used for statistical purposes.

Under GDPR and applicable data protection laws, you have the following rights:

• Right to know: you can request information about the data we process about you.
• Right to correct: you can request to correct inaccurate or incomplete data.
• Right to delete: you can request to delete your data (except those we are required to keep by law).
• Right to limit processing: you can request to limit the processing of your data.
• Right to data portability: you can request to transfer your data to another data controller.
• Right to object: you can object to the processing of your data for certain purposes.
• Right to withdraw consent: you can withdraw your consent to process your data at any time.
• Right to complain: you can file a complaint with the data protection supervisory authority.

To exercise these rights, contact us by email at [email protected]. We will try to respond to your request within 30 days. If you are not satisfied with our response, you have the right to file a complaint with the relevant data protection authority.

If you have questions or comments about this privacy policy or our data processing practices, contact us:

• Email: [email protected]