Privacy Policy

1. Who we are

Vuln Pro Scan (“we”, “us”, “our”) is a SaaS vulnerability scanning platform operated by Dynamgenix IT Corp. We operate as a data controller for the account, billing, and contact information we collect to provide our service, and as a data processor for scan data that our customers instruct us to collect and process on their behalf.

Registered address: Dynamgenix IT Corp, 9040 Roswell Rd Ste 500, Atlanta, GA 30350-1863, United States

Contact us about privacy matters at privacy@vulnproscan.com.

2. Data we collect

2a. Account and billing data (controller)

When you create an account or purchase a plan we collect your email address, billing contact details, and payment metadata (via our payment processor — we do not store card numbers). We also collect usage telemetry such as scan counts, feature interactions, and error logs to operate and improve the platform.

2b. Scan data (processor on behalf of customers)

When you run a scan, our engine collects data from the systems you instruct us to scan. This “Scan Data” may include IP addresses, hostnames, open port states, HTTP response excerpts, and vulnerability indicators. Scan Data may incidentally contain personal data of individuals whose information appears within the scanned systems. You, as our customer, are the data controller for any personal data within Scan Data. We process it solely on your instructions under our Data Processing Agreement.

2c. Cookies and tracking

We use essential cookies to authenticate your session and maintain your preferences. We do not use advertising or cross-site tracking cookies. See our Cookie Policy for full details.

3. Legal basis for processing (EU/UK GDPR)

For EU and UK users we rely on the following legal bases under Article 6 GDPR:

• Contract performance (Art. 6(1)(b)): processing your account and billing data to provide the service you have signed up for.
• Legitimate interests (Art. 6(1)(f)): platform security monitoring, fraud prevention, and product improvement analytics.
• Legal obligation (Art. 6(1)(c)): retaining billing records as required by applicable tax and financial regulations.
• Consent (Art. 6(1)(a)): for any optional analytics or marketing communications, where we rely on your affirmative opt-in.

4. How we use your data

• Providing, maintaining, and improving the Vuln Pro Scan service.
• Authenticating users and enforcing access controls.
• Billing and subscription management.
• Sending transactional emails (scan complete, account alerts).
• Detecting and preventing fraud, abuse, or security incidents.
• Complying with legal obligations.

We do not sell your personal data to third parties. We do not use Scan Data for our own purposes beyond delivering the service.

5. Data retention

• Scan Data: retained for up to 12 months from the date of the scan, or until you request deletion, whichever is earlier. You can delete individual scans at any time from your dashboard.
• Account data: retained for the duration of your account plus 30 days after account closure to allow for dispute resolution, then deleted.
• Billing records: retained for 7 years to satisfy tax and accounting obligations, after which they are deleted.
• Audit logs: retained for 24 months for security monitoring purposes.

6. International data transfers

Vuln Pro Scan is hosted on cloud infrastructure in the United States. If you are located in the EU or EEA, your personal data may be transferred to and processed in the United States. We rely on the EU Standard Contractual Clauses (SCCs) as the legal mechanism for such transfers. Our Data Processing Agreement incorporates the applicable SCCs. If you require EU-region data residency, please contact us at dpa@vulnproscan.com.

7. Your rights

If you are in the EU, EEA, UK, or California you have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion of your account and associated data. You can do this directly in Settings → Legal.
• Portability: export your account data in a structured, machine-readable format from Settings → Legal.
• Restriction: ask us to restrict processing in certain circumstances.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@vulnproscan.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (e.g. the ICO in the UK, or your national EU DPA).

8. Security

We protect your data with AES-256 encryption at rest, TLS 1.2+ in transit, role-based access controls, multi-factor authentication, audit logging, and regular penetration testing. We maintain a formal incident response programme and will notify you and relevant supervisory authorities of any breach in accordance with applicable law (within 72 hours under GDPR Article 33).

9. Sub-processors

We engage a limited number of sub-processors to help deliver the service, including our cloud hosting provider, payment processor, and transactional email provider. All sub-processors are bound by confidentiality and data protection obligations at least as protective as those in this policy. A current, publicly accessible list of sub-processors is available at /sub-processors. For DPA requests contact dpa@vulnproscan.com.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or via an in-app notice at least 14 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

11. Data Protection Officer

We have assessed our processing activities under Art. 37 GDPR. We are in the process of designating a Data Protection Officer (DPO) given the nature of our services (large-scale security scanning). In the interim, privacy and data protection enquiries are handled by our Privacy team at privacy@vulnproscan.com and our DPA team at dpa@vulnproscan.com.