Privacy Policy

Effective Date: 13-10-2025

Last Updated: 13-10-2025

This Privacy Policy describes how we collect, use, and protect your personal data when you use our website and application suite (“App”). We are committed to protecting your privacy and handling your data responsibly, in full compliance with the General Data Protection Regulation (GDPR) and the NIS2 Directive, where applicable.


1. Scope

This policy applies to:

  • Visitors to our website
  • Users of our Verdaneon application suite

 

2. What Data We Collect

2.1 When You Visit Our Website

We may collect:

  • Visitor Analytics: Page views, session duration, referrer info, device/browser metadata
  • Cookies and Tracking: Functional and performance cookies (see our Cookie Policy)
  • Contact Forms: Name, email address, and any messages submitted
  • Server Logs: IP addresses, user agents, request metadata (retained for 30 days)

2.2 When You Use Our Application Suite

We may collect:

  • Scan Configuration: Target IPs/domains, scan types, scheduling
  • Scan Results: Open ports, banners, services, and vulnerability data
  • Device Metadata: Hostnames, MAC addresses, OS information
  • User Identity Info: Email addresses, usernames
  • Geolocation: Inferred from IP (no GPS tracking)
  • OAuth Tokens: Stored securely for session authentication and renewal


3. How We Use the Data

We use data to:

  • Provide and operate our app and website
  • Send service-related communications (e.g. confirmations, updates)
  • Monitor system performance and detect abuse
  • Comply with applicable legal obligations

We may also use aggregated and anonymized metadata (e.g., scan durations, frequency, usage patterns) to:

  • Improve the performance and reliability of our services
  • Analyze trends and inform product development

This anonymized data cannot be linked back to individual users or scan targets.

We do not sell your personal data or use it for third-party advertising.


4. Data Sharing

We share data only when necessary:

  • OAuth Identity Providers: For secure login, access, and refresh token exchanges
  • Email Service Providers: To send transactional emails (e.g., reset links, alerts)
  • Legal or Regulatory Requests: When required by law, regulation, or lawful subpoena

We do not share user data with analytics, advertisers, or unrelated third parties.


5. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or outdated information
  • Delete your account and associated personal data (“right to be forgotten”)
  • Revoke Consent (e.g., log out, disconnect OAuth)
  • Request Export of your data in a machine-readable format

To exercise these rights, contact us at: privacy@verdaneon.com


6. Data Access and Confidentiality

We design our systems for user-only access to scan data.

Zero-Access Architecture

All scan data is stored so that only the originating user can access it. Although the data resides on our infrastructure, we have no technical ability to view, modify, or extract its content.

Encryption and Isolation

We use encryption and per-user data isolation to enforce access boundaries.

No Internal Access Tools

We do not build backdoors, admin panels, or developer tools to access your scan results. Support requests are handled using metadata or user-supplied context only.

Minimal Metadata

Limited metadata (e.g. timestamps, scan durations) may be retained for operations, but is anonymized when used for analytics or improvement.

This approach is consistent with GDPR Article 25 (Privacy by Design) and Article 5(1)(f) (Data Integrity and Confidentiality). If required by law to disclose data, we may be technically unable to comply without user cooperation.


7. Data Retention

Data Type

Retention Policy

Scan Data

Deleted after 18 months of user inactivity

OAuth Tokens

Stored until logout or expiration

Email & Server Logs

Retained for 30 days (or longer if needed for technical/legal use)

User Accounts

Retained until user deletion or 18 months of inactivity

Anonymized metadata may be

retained indefinitely for trend analysis and service improvement



8. Security

We implement administrative and technical safeguards to protect your data:

  • Encrypted token storage
  • Per-user data isolation
  • Limited-access operational logs
  • No embedded credentials or hardcoded access

In the event of a security breach, we will follow notification procedures as required under GDPR and NIS2.


9. Use of AI and Machine Learning

Our services include the use of AI and machine learning models to process, analyze, and interpret scan results. These models help:

  • Identify security risks
  • Prioritize findings
  • Generate trend-based insights
  • Suggest mitigation actions
  • Improve reporting and decision support

9.1 Purpose of AI Use

We use AI and LLM components as part of the core functionality of our portal and app. These models analyze scan results to enhance user experience and operational outcomes. AI-generated outputs are intended to assist—not replace—your own judgment.

9.2 Automated Processing

Some results shown in the portal may be generated automatically. These outputs may involve pattern recognition, risk scoring, or prioritization using large-scale trained models. You may contact support if you believe an automated interpretation is incorrect or misleading.

9.3 Model Training and Data Use

We may use anonymized or pseudonymized metadata from scans to improve the performance of our AI systems. This data:

  • Is never used to expose one customer’s scan content to another
  • Is stripped of identifiable network or system details
  • May include patterns, frequency, duration, or derived features

You may opt out of contributing to AI training upon request, except where data is essential for licensing, abuse prevention, or legal compliance.


10. International Users

We may process your data in countries outside your own. We implement safeguards (e.g. encrypted transport, controlled hosting) to ensure data protection consistent with EU regulations.


11. Changes to This Policy

We may revise this Privacy Policy over time. Updates will be posted on this page with an updated “Last Updated” date. Your continued use of the website or app constitutes acceptance of the revised terms.


12. Contact Us

If you have questions or wish to exercise your rights under this policy, please contact us:

support@verdaneon.com