HomePricingWhat We ReviewHow It WorksContact
Your Privacy Matters

Privacy Policy

How VulnX collects, uses, and protects your information.

Last updated: April 9, 2026

1. Overview

VulnX ("we," "us," "our," or "Company") operates as a website security review platform. We are committed to protecting your privacy and ensuring you have a positive experience on our website and when using our security review services.

This Privacy Policy explains what information we collect, how we use it, and what rights you have regarding your data. Please read this policy carefully. If you have any questions, contact us at hello@vulnx.in.

2. Information We Collect

Account & Registration Information

When you create a VulnX account, we collect:

  • Full name
  • Email address
  • Password (encrypted)
  • Phone number
  • Company name and type
  • Job role / title

Audit Request Information

When you request a security review, we collect:

  • Website URL and domain details
  • Website type (e-commerce, SaaS, marketing, etc.)
  • Technical stack information (frameworks, databases, CMS, etc.)
  • Hosting provider and environment details
  • Information about third-party services integrated into your site
  • Details about payment systems, admin panels, APIs, and CDN usage
  • Your security concerns and specific focus areas
  • Any recent security incidents or breaches

Payment Information

Payment processing is handled securely through Razorpay:

  • Payment method (credit/debit card, UPI, net banking, etc.)
  • Transaction ID from Razorpay
  • Billing amount and currency
  • Payment status and timestamp

Important: VulnX does not store or process credit card details. Razorpay handles all PCI-compliant payment processing. We only receive transaction confirmation, order ID, and payment status.

Report & Delivery Information

Once your security review is complete, we collect and handle:

  • Security findings and vulnerability data
  • Screenshots and technical details of discovered issues
  • Remediation recommendations
  • Report access logs and download history

Support & Communication

When you contact support or open a ticket:

  • Email messages and attachments
  • Support ticket history and details
  • Any additional context or documents you provide

Usage & Analytics Data

  • Pages visited and features used
  • Time spent on platform
  • Device type, browser, and operating system
  • IP address and approximate location
  • Referring URL
  • Cookie and tracking data (see Cookie Policy)

3. How We Use Your Information

VulnX uses your information for the following purposes:

  • Service Delivery: To provide security reviews, generate reports, and deliver findings.
  • Account Management: To create and maintain your account, verify identity, and manage access.
  • Communication: To send order confirmations, report notifications, support responses, and service updates.
  • Payment Processing: To process payments, manage invoices, and handle refunds.
  • Security & Compliance: To detect fraud, prevent abuse, and comply with legal requirements.
  • Service Improvement: To analyze usage patterns, identify issues, and improve our platform.
  • Marketing (Opt-In): To send newsletters and updates only if you have subscribed.
  • Legal Compliance: To meet regulatory requirements and maintain audit trails.

4. Data Sharing & Third Parties

VulnX does not sell, trade, or rent your personal information to third parties. We may share data only in these cases:

  • Service Providers: Razorpay (payment processing), email services, and hosting providers who operate under confidentiality agreements.
  • Legal Obligations: If required by law, court order, or government request.
  • Business Transfers: In case of merger, acquisition, or sale of assets (with notice to you).
  • Your Consent: When you explicitly authorize sharing for a specific purpose.

5. Data Security

VulnX takes data security seriously and implements industry-standard protections:

  • SSL/TLS Encryption: All data in transit is encrypted using 256-bit SSL/TLS.
  • Password Hashing: Passwords are hashed using bcrypt with automatic salt generation.
  • Database Encryption: Sensitive data is encrypted at rest.
  • Access Controls: Role-based access ensures only authorized personnel access sensitive data.
  • Audit Logging: All access to sensitive data is logged for compliance and monitoring.
  • Regular Security Audits: Regular testing and penetration reviews to identify vulnerabilities.

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

VulnX retains information as follows:

  • Account Data: Stored while your account is active and for 12 months after termination (for compliance).
  • Reports & Findings: Available for download indefinitely, but we may archive access after 3 years.
  • Payment Records: Retained for 7 years (financial/tax compliance).
  • Support Tickets: Kept for 2 years for reference and dispute resolution.
  • Analytics Data: Aggregated, non-identifiable data is retained indefinitely.
  • Logs & Audit Trails: Retained for 1 year for security and compliance purposes.

You can request deletion of your account and associated data by contacting us. We will honor deletion requests within 30 days, subject to legal holding requirements.

7. Cookies & Tracking Technology

VulnX uses cookies and similar technologies to enhance your experience:

  • Session Cookies: Keep you logged in and maintain form data.
  • Preference Cookies: Remember your settings and preferences.
  • Analytics Cookies: Help us understand how you use VulnX.
  • Security Cookies: Protect against fraud and malicious activity.

You can control cookies through your browser settings. See our full Cookie Policy for details.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete information.
  • Right to Deletion: Request deletion of your data (subject to legal obligations).
  • Right to Restriction: Request we limit how we use your data.
  • Right to Portability: Request your data in a portable format.
  • Right to Withdraw Consent: Opt out of marketing communications anytime.
  • Right to Lodge a Complaint: File a complaint with relevant data protection authorities.

To exercise any of these rights, email hello@vulnx.in with details of your request.

9. Children's Privacy

VulnX services are intended for users 18 years of age or older. We do not knowingly collect information from children. If we become aware of data collection from a minor, we will delete it immediately.

10. Updates to This Policy

VulnX may update this Privacy Policy periodically. We will notify you of material changes by updating the date at the top of this page and, if required, by email. Your continued use of VulnX constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: hello@vulnx.in

Privacy Inquiries: legal@vulnx.in

Stay ahead of threats

Security tips & advisories, no spam.