Basic Contact Information

For license management and essential communications, we collect only:

• Primary contact name and email address
• Organization name and basic company information
• License activation credentials

On-Premises Data Sovereignty

Zero Cloud Data Storage: All security-sensitive data remains exclusively within your on-premises infrastructure. We do not collect, store, or have access to:

• Vulnerability scan results or security assessments
• Network topology or asset information
• IP addresses, hostnames, or system configurations
• Security findings, reports, or remediation data
• Any data processed by the on-premises application

Anonymous Usage Analytics

We may collect minimal, anonymized usage statistics to improve our software:

• Application version and basic system requirements
• Feature usage patterns (without content data)
• Error logs for software improvement (sanitized of sensitive information)

Your Data, Your Infrastructure

VulnVision operates entirely within your secure environment, providing maximum security through isolation:

• All processing occurs within your network perimeter
• No external data transmission of security findings
• Full compliance with air-gapped and classified environments
• Integration with your existing security infrastructure

Minimal Cloud Components

Our limited cloud infrastructure only handles:

• Software license validation and activation
• Security update notifications and patch delivery
• Basic contact information with enterprise-grade encryption
• Anonymous usage analytics (no security data)

Enterprise Security Standards

Our cloud components maintain:

• SOC 2 Type II compliance for data handling
• Encryption in transit and at rest for all communications
• Multi-factor authentication and zero-trust access
• Regular security audits and penetration testing

Contact Information Retention

We retain basic contact information (name, email, organization) only for active license management. Upon license termination or at your request, this information is securely deleted within 30 days, except where legally required for compliance.

Complete Security Data Control

You maintain complete control over all security-related data since it resides exclusively on your infrastructure:

• Set your own data retention policies according to organizational needs
• Implement custom archiving and backup strategies
• Comply with industry-specific data governance requirements
• Ensure data residency compliance for global operations

License and Usage Data

Anonymous usage analytics are retained for 12 months for software improvement purposes. This data cannot be linked to specific organizations or security findings.

Data Subject Rights

Regarding your contact information, you have the right to:

• Access and review your stored contact information
• Request correction of inaccurate data
• Request deletion of your information (subject to licensing requirements)
• Restrict or object to processing of your information
• Data portability where technically feasible

Security Data Sovereignty

For all security-related data, you have complete control as it resides on your infrastructure. You can access, modify, delete, or transfer this data according to your organization's policies without any external dependencies.

License Activation

Our on-premises software communicates with our licensing servers only for initial activation and periodic license validation. This communication is encrypted and contains only license tokens and basic system identifiers.

Software Updates

The application may check for security updates and patches. You can configure these communications according to your organization's network policies, including operating in fully air-gapped environments.

Website Analytics

Our public website uses standard analytics cookies to improve user experience. These are separate from the on-premises application and can be managed through your browser settings.