WASViking

Privacy Policy

Privacy Policy

Effective Date: July 19, 2025

1. Introduction

WASViking LLC ("WASViking", "we", "our", or "us") is committed to protecting the privacy of its users and customers. This Privacy Policy describes how we collect, use, store, share, and safeguard personal and technical data when you access or use our web application security services, platform, website, or interact with us.

This policy applies to:

  • The WASViking platform (SaaS web application, API, CLI)
  • Our public websites and customer support channels
  • Communications and emails with you

By using our services, you agree to the collection and use of information in accordance with this policy.

1.1 Definitions

"Customer Content" refers to any domains, IP addresses, URLs, APIs, certificates, or related technical data submitted by the customer for scanning or analysis. This content may include metadata such as open ports, headers, SSL configurations, and vulnerability indicators.

Depending on the features used (including Exposure Intelligence), Customer Content or related analysis may involve identifiers such as email addresses, usernames, or other data elements that could be considered personal data under applicable laws.

2. Information We Collect

We may collect the following categories of data:

a) Information You Provide to Us

  • Name, email address, company name
  • Billing information (if applicable)
  • Authentication credentials (e.g., passwords, API tokens)
  • Support messages, feedback, or requests

b) Information Collected Automatically

  • IP address, device type, browser type
  • Access logs and activity within the platform
  • Timestamps of logins, scans, report generation
  • Usage metadata (e.g., scan type, number of assets)

c) Scan and Security Data (Customer Content)

  • Targets submitted by you (e.g., domains, IPs, APIs)
  • Security headers, certificate metadata, open ports
  • HTTP/TLS responses, vulnerability indicators
  • Logs and payloads related to scan activity

d) Exposure Intelligence Data

  • Data obtained from publicly available sources or third-party datasets related to security incidents
  • Identifiers such as email addresses, usernames, or associated metadata
  • Credential exposure indicators and related risk signals

This data is processed strictly for legitimate security purposes, including risk identification, threat analysis, and exposure monitoring, and is limited to domains and assets under the Customer’s control.

Note: You are responsible for ensuring that you have a valid legal basis to monitor and process such data in accordance with applicable data protection and privacy laws.

3. How We Use Your Information

We use your data to:

  • Provide and maintain the WASViking service
  • Authenticate users and manage access
  • Generate vulnerability and certificate reports
  • Detect abuse and prevent unauthorized scans
  • Communicate with you (e.g., updates, alerts, support)
  • Improve and secure our platform

We do not use your scan data for marketing or unrelated analytics.

4. Legal Basis for Processing (if applicable under GDPR)

If you are located in the EU or UK, we process your data based on:

  • Contractual necessity: to provide our services
  • Legitimate interest: to ensure platform security and prevent abuse
  • Legal obligation: when required by law
  • Consent: for specific features or communications, where applicable
4.1 Legal Basis for Processing under LGPD (Brazil)

If you are located in Brazil, we process personal data under the legal bases permitted by the Brazilian General Data Protection Law (LGPD – Law No. 13,709/2018), including:

  • Consent provided by the user (when applicable);
  • Fulfillment of contract or pre-contractual measures;
  • Legitimate interest in ensuring platform security and performance;
  • Compliance with legal or regulatory obligations.
4.2 Legal Basis for Processing under CCPA (California)

If you are a California resident, WASViking complies with the California Consumer Privacy Act (CCPA – Cal. Civ. Code § 1798.100 et seq.). We do not sell personal data. You have the right to know, delete, and opt out of certain data uses as defined by the CCPA.

5. Data Sharing and Disclosure

We do not sell or rent your personal data.

We may share information with:

  • Cloud infrastructure providers (e.g., AWS) for secure hosting
  • Authorized MSSP partners under strict agreements
  • Law enforcement or regulators if legally required
  • Vendors or contractors who support operations (under NDA and DPA)
6. Data Retention and Deletion
  • Scan data is retained only for as long as needed to provide the service and allow customers to access reports.
  • You may delete your data and reports at any time via your account dashboard.
  • Logs related to abusive or unauthorized activity may be retained for security reasons, limited to the minimum necessary period.
7. Security of Your Information

We implement strong security measures including:

  • TLS 1.2+ encryption in transit
  • Encryption at rest for stored data
  • Role-based access control and principle of least privilege
  • Regular security audits and vulnerability testing
  • Monitoring for abuse and anomalies
8. Your Rights (GDPR/CCPA)

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to or restrict certain data uses
  • Request data portability (where applicable)
  • Lodge a complaint with a supervisory authority

If you are located in Brazil, you may also exercise the following rights under the LGPD:

  • Confirmation of the existence of data processing;
  • Access to your personal data;
  • Correction of incomplete, inaccurate or outdated data;
  • Anonymization, blocking, or deletion of unnecessary or excessive data;
  • Data portability to another provider;
  • Revocation of consent and information about its consequences.

To exercise your rights, contact us at: [email protected]

9. International Data Transfers

WASViking LLC is based in the United States. If you are located outside the U.S., your data may be transferred to and processed in the U.S. We apply appropriate safeguards (e.g., standard contractual clauses) where required.

10. Cookies and Tracking Technologies

We may use minimal cookies and technical tracking tools to support platform functionality and security. No third-party advertising cookies are used.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised “Effective Date.” We encourage you to review this page periodically.

12. Contact Us

For any questions or requests regarding this Privacy Policy, contact us at:
WASViking LLC
Orlando, FL, USA
[email protected]

Up

2025 © WASViking LLC

Florida, United States