Privacy Policy

Introduction

NetVigil is an external attack surface management tool that helps businesses identify and monitor their internet-facing digital assets. We are committed to protecting your privacy and being transparent about how we handle your information. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

We operate in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws, including Quebec's Law 25. This policy applies to all users of our service.

1. Who We Are

NetVigil is a Canadian company based in Nova Scotia that provides external attack surface management services. We help organizations discover, assess, and monitor their external digital assets to improve their security posture.

If you have any questions about this Privacy Policy or our privacy practices, you can contact us at:

• Email: privacy@netvigil.ca
• Location: Nova Scotia, Canada

2. Information We Collect

Account Information

When you create an account, we collect the following information:

• Your name
• Your email address
• Your company name

Scan Data

When you use our service to scan your organization's external attack surface, we process and store the following types of data:

• Domain names and subdomains
• IP addresses associated with your assets
• Technology version information (e.g., web server versions, software versions)

This scan data belongs to you and is collected solely to provide our service to you. We do not scan or collect data from assets that you do not authorize.

Session Information

We use essential cookies to keep you logged in during your session. These cookies are necessary for the service to function and are not used for tracking or advertising purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To create and manage your account
• To perform external attack surface scans on assets you specify
• To generate reports and insights about your external attack surface
• To communicate with you about your account and our service
• To improve and maintain our service

We do not use your information for any other purposes without your consent.

4. Information Sharing

We do not sell, rent, or share your personal information or scan data with third parties, advertisers, or any other external organizations.

Your data remains private and is used exclusively to provide our service to you. We may only disclose your information if required by law or to protect our legal rights.

5. Data Storage and Security

Canadian Data Residency

All your data is stored exclusively within Canada. We use Canadian hosting providers and data centers to ensure your information remains within Canadian jurisdiction. We do not transfer or store any data outside of Canada.

Security Measures

As a security-focused company, we implement robust security measures to protect your data, including:

• Encryption of data in transit and at rest
• Access controls limiting who can access your data
• Regular security assessments and monitoring
• Secure infrastructure and application development practices

6. Data Retention

We retain your information only for as long as necessary to provide our service:

• Account Information: Retained while your account is active. When you close your account, we delete your account information within 30 days.
• Scan Data: Retained as long as you choose to keep it. You can delete your scan results at any time through your account settings, and they will be permanently removed.

7. Your Rights

Under Canadian privacy law, you have the following rights regarding your personal information:

• Access: You can request a copy of the personal information we hold about you.
• Correction: You can request corrections to your personal information if it is inaccurate or incomplete.
• Deletion: You can request that we delete your personal information, subject to legal requirements.
• Withdrawal of Consent: You can withdraw your consent at any time, which may limit our ability to provide certain services.
• Complaint: You have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada if you believe we have violated your privacy rights.

To exercise any of these rights, please contact us at privacy@netvigil.ca.

8. Additional Rights for Quebec Residents

If you are located in Quebec, you have additional rights under Quebec's Law 25:

• Right to Discontinue Use: You can request that we stop using your personal information.
• Right to Portability: You can request a copy of your personal information in a structured, commonly used format.
• Right to Be Forgotten: You can request that we delete your personal information when it is no longer necessary for the purposes for which it was collected.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by email or through our service and update the "Last Updated" date at the top of this policy. We encourage you to review this policy periodically.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@netvigil.ca

We will respond to your inquiry within 30 days in accordance with Canadian privacy law requirements.