This Privacy Policy describes how VulneraX collects, uses, and protects information in connection with our automated security scanning and reporting services.

By using VulneraX, you consent to the data practices described here.

We collect limited data necessary to provide the Service effectively and securely.

• Account Information: Google OAuth profile basics (name, email, unique ID) for authentication.
• Scan Inputs: Target URLs/domains, scanner configuration, and scheduling metadata you provide.
• Scan Artifacts: Logs, request/response metadata, normalized evidence (e.g., header diffs, DOM snapshots).
• Reports: Generated HTML/PDF output stored for retrieval (e.g., Firebase Storage or S3).
• Telemetry (Release-minimal): Aggregated, anonymized usage metrics to improve reliability and performance.

We use collected data to authenticate users, run scans, generate reports, provide support, and improve the Service.

We may use aggregated or anonymized data for analytics, research, and to enhance detection quality.

We process data based on your consent (OAuth), contractual necessity (providing scans and reports), and our legitimate interests (security, service improvement).

Data may be stored in Firebase Realtime Database and cloud object storage for reports. Access is restricted by role and token-based controls.

We implement technical and organizational measures to safeguard data; however, no system is 100% secure.

We retain scan inputs, artifacts, and reports for as long as necessary to provide the Service and for a reasonable period thereafter for auditability and product improvement.

You may request deletion of specific reports or associated artifacts by contacting us at the email below. Certain logs may be retained for security and legal compliance.

We do not sell personal data. We may share data with trusted processors (e.g., Firebase, cloud storage, message queues) solely to deliver the Service.

Where data is transferred internationally, we will use appropriate safeguards as required by applicable law.

Subject to applicable law, you may have rights to access, correct, export, or delete your personal data, or object to certain processing.

To exercise these rights, contact us at the email below. We will verify your identity and respond within a reasonable timeframe.

VulneraX is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us for deletion.

We may use cookies or similar technologies for authentication (e.g., OAuth session state) and basic functionality. You can control cookies through your browser settings.

We may update this Policy from time to time. Material changes will be posted with a new effective date. Continued use indicates acceptance.

For privacy questions or requests, contact: privacy@vulnerax.in