Privacy Policy

Information We Collect

Vulnify collects information you provide directly, information required to run the service, and certain technical information needed to protect the platform and operate core workflows.

Information you provide

• Account details such as name, email address, password hash, and workspace profile information.
• Targets, scan settings, results, reports, and related remediation workflow data.
• Support, billing, premium assessment, and partner-program submissions.
• Optional integration, API, webhook, and notification settings for supported workflows.

Information collected automatically

• Service usage, device, browser, and security telemetry needed to operate and protect the platform.
• Necessary cookies for login, consent, security, and core site behavior.
• Optional analytics and marketing preference signals when a visitor chooses to allow those categories through the consent banner.
• Referral or attribution identifiers, including supported referral codes captured from URL parameters or browser storage when a visitor arrives through an affiliate or referral flow.

How We Use Information

We use data to provide the platform, secure accounts and workspaces, deliver reports, support billing and premium assessment workflows, communicate with users, and improve the service.

• Run scans, display findings, and generate reports.
• Operate subscriptions, credit purchases, premium assessments, and support workflows.
• Enable optional features such as scheduled scans, notifications, integrations, API keys, and webhooks.
• Support approved referral attribution and partner-program workflows.
• Protect the platform against abuse, fraud, and unauthorized access.
• Respect privacy and consent choices for optional analytics and marketing categories.

Cookies And Consent

Vulnify uses a consent banner that supports necessary, analytics, and marketing cookie categories.

• Necessary cookies remain enabled because they support core site functionality and security.
• Analytics cookies are optional and are only enabled when a visitor grants that category.
• Marketing cookies are optional and are only enabled when a visitor grants that category.
• Some operational or referral-attribution data may still be processed outside optional analytics and marketing categories when needed to support security, fraud prevention, or approved referral workflows.

Visitors can reject all optional cookies, accept all, or customize preferences from the consent interface.

Reports, Public Pages, And Live Activity

Workspace scan data and saved results are intended to remain private to the workspace or account that owns them unless a supported public-sharing path is intentionally used.

• Some workflows may generate browser-accessible HTML, PDF, or JSON report artifacts for review, export, or temporary sharing.
• Some public-safe redacted pages may be published through supported public-page workflows, including report-style pages or public programmatic pages.
• The public site may show a masked or anonymized live activity feed derived from completed scans without displaying full target identity.

Public-safe pages and temporary artifacts are different from normal private workspace history. Users are responsible for deciding when they are authorized to share or publish a result through the workflows that are available to them.

When We Share Data

We do not sell personal data. We may share information with service providers and platform partners only as needed to operate the service or comply with law.

• Payment processors and billing infrastructure such as Stripe.
• Transactional email providers and similar infrastructure services.
• Workspace-selected integrations such as Slack or Jira when a user enables them.
• Approved partner or referral workflows when attribution, rewards, or related review is required.
• Legal or regulatory recipients when disclosure is required to comply with applicable law or protect rights and safety.

Security And Retention

We use reasonable technical and organizational controls to protect the service, including encrypted transport, access controls, and account-security features such as optional 2FA.

We retain information for as long as needed to operate the service, satisfy legal obligations, resolve disputes, and support the workflows a user has chosen. Retention may vary based on account, billing, audit, and security needs.

Your Privacy Choices

Depending on your location, you may have rights to access, correct, export, or request deletion of your personal information.

• Account and privacy controls may be available directly inside the product for supported workflows.
• Privacy requests can be sent to privacy@vulnify.app.
• General support questions can be sent to support@vulnify.app.