Privacy Policy

Last updated: 2026-01-27T18:21

The Short Version

We collect only what we need to provide our security scanning service. We don't sell your data. We process everything in the EU. You can ask us to delete your data anytime.

Who We Are

VulWall is an EU-based security scanning service that helps companies understand and improve their security posture. When we say "we," "us," or "VulWall," we mean the company providing this service.

What We Collect

Account Information

When you sign up, we collect:

  • Email address
  • Company name (optional)
  • Password (stored securely hashed, never in plain text)

Scan Data

When you use our service, we collect:

  • Domain names you ask us to scan
  • Scan results (vulnerabilities found, security scores)
  • Scan history and timestamps

Technical Data

We automatically collect:

  • IP address (for security and abuse prevention)
  • Browser type and version
  • Pages visited and features used

How We Use Your Data

We use your information to:

  • Provide the security scanning service you signed up for
  • Send you scan results and security alerts
  • Improve our scanning accuracy and service quality
  • Prevent abuse and protect our infrastructure
  • Communicate important service updates

We do not sell, rent, or share your personal data with third parties for marketing purposes. Ever.

Under GDPR Article 6, we process your personal data based on:

  • Contract performance (Article 6(1)(b)): Processing your account information and scan data is necessary to provide the service you signed up for.
  • Legitimate interests (Article 6(1)(f)): We process technical data (IP addresses, usage patterns) for security, fraud prevention, and service improvement. We've assessed that these interests don't override your privacy rights given the limited data involved.
  • Legal obligation (Article 6(1)(c)): We may process data when required by law, such as responding to valid legal requests.

What We Scan

Our service performs non-intrusive external security scanning on domains you ask us to scan. This includes:

  • DNS records and subdomains
  • SSL/TLS certificate configuration
  • HTTP security headers
  • Open ports visible from the internet
  • Known vulnerabilities in detected services

We do not perform intrusive testing, exploit vulnerabilities, or access any systems without authorization.

Data Storage & Security

All data is processed and stored within the European Union. We use industry-standard security measures including:

  • Encryption in transit (TLS) and at rest
  • Regular security audits
  • Access controls and authentication
  • Secure backup procedures

Service Providers

We use trusted third-party services to operate VulWall:

Provider Purpose Location
OVH Infrastructure hosting EU (France)
Railway Application hosting EU (West)
Stripe Payment processing EU
Resend Transactional emails US*

*For US-based providers, data transfers are protected by the EU-US Data Privacy Framework and Standard Contractual Clauses.

We maintain contracts with all service providers requiring them to protect your data to the same standards we do.

Data Processing Agreement

For business customers who require a Data Processing Agreement (DPA) for GDPR compliance, we provide one upon request. Contact contact@vulwall.com to request our standard DPA.

Data Retention

We keep your data for as long as you have an active account. Specifically:

  • Account data: Until you delete your account
  • Scan results: 12 months, or until you delete them
  • Technical logs: 90 days for security purposes

When you delete your account, we remove your personal data within 30 days. Some anonymized, aggregated data may be retained for service improvement.

Your Rights (GDPR)

As an EU-based service, we respect your data protection rights. You can:

  • Access: Request a copy of all data we hold about you
  • Correct: Update or fix inaccurate information
  • Delete: Request deletion of your data ("right to be forgotten")
  • Export: Get your data in a portable format
  • Object: Opt out of certain data processing

To exercise any of these rights, email us at contact@vulwall.com.

Cookies

We use essential cookies to:

  • Keep you logged in
  • Remember your preferences
  • Protect against cross-site request forgery

We don't use tracking cookies or third-party advertising cookies.

Changes to This Policy

We may update this policy occasionally. If we make significant changes, we'll notify you by email or through a notice on our website. The "last updated" date at the top shows when this policy was last revised.

Data Protection Contact

For data protection inquiries, contact us at privacy@vulwall.com.

VulWall is registered in the Netherlands. Our supervisory authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Contact Us

Questions about this privacy policy or how we handle your data? We're happy to help.

Email: contact@vulwall.com