Security Data Handling

1. Purpose of Security Data Processing

WASViking LLC ("WASViking", "we", "our", or "us") processes security-related data to provide threat detection, exposure monitoring, attack surface visibility, and incident response support across authorized customer assets.

This includes identifying indicators of exposed credentials, leaked exposure signals, suspicious activity, and other security-relevant findings associated with domains, infrastructure, and applications that the customer is authorized to monitor.

2. Sources of Security Data

Security findings may originate from a combination of customer-provided information, authorized monitoring of assets, public attack surface data, publicly available security-related sources, breach intelligence datasets, and internal detection logic.

WASViking does not collect personal data for resale, advertising, or unrelated profiling purposes.

3. Nature of Exposure Intelligence Data

Certain findings within Exposure Intelligence or related security modules may include data elements such as email addresses, usernames, application URLs, credential-related indicators, breach timestamps, or similar records connected to a security event or exposure signal.

Depending on the context, some of these elements may constitute personal data under applicable privacy laws.

4. Authorized Use and Customer Responsibility

Customers are responsible for ensuring that they have the legal authority and legitimate security purpose to monitor the domains, assets, systems, and associated data submitted to or activated within the WASViking platform.

By enabling monitoring features, adding monitored domains, or interacting with exposure intelligence findings, the customer confirms that such use is authorized and performed solely for lawful cybersecurity, risk management, or incident response purposes.

5. Domain Verification and Monitoring Controls

For certain Exposure Intelligence features, WASViking may require technical verification of domain ownership or control, such as DNS TXT validation, before monitoring is activated.

These controls are intended to reduce scope abuse, help verify authorization, and support accountability for monitored assets.

6. Data Minimization and Controlled Reveal

Sensitive fields may be masked by default within the platform. Access to full values may require user action, appropriate role-based permissions, and organizational authorization.

Reveal actions, detailed views, and related access events may be logged for audit, security monitoring, misuse prevention, internal investigations, and compliance support.

7. Permitted and Prohibited Use

The WASViking platform must be used only for legitimate and authorized security purposes. Customers and users may not use WASViking for unauthorized surveillance, opportunistic data collection, credential harvesting, harassment, or any activity that violates applicable law, contractual obligations, or the rights of individuals or third parties.

8. How We Use Security Data

We may use security-related data to:

• Provide exposure intelligence and threat monitoring services
• Detect and investigate compromised credentials or related exposure events
• Support security workflows, alerts, dashboards, and reporting
• Prevent misuse, fraud, abuse, or unauthorized use of the platform
• Improve service quality, detection logic, and operational security
• Comply with legal, regulatory, and contractual requirements

9. Data Sharing and Disclosure

We do not sell or rent security findings or personal data contained in such findings.

We may share relevant information with trusted subprocessors, infrastructure providers, professional advisors, or authorities where necessary to operate the service, investigate abuse, protect rights, or comply with legal obligations.

10. Data Retention

Security findings, monitored domain records, audit logs, verification events, and related operational records are retained only for as long as reasonably necessary to provide the service, support investigations, prevent abuse, comply with legal obligations, enforce our agreements, and protect WASViking and its customers.

Retention periods may vary depending on the type of data, account status, contractual commitments, security needs, and applicable legal requirements.

11. Role of WASViking

Depending on the context, WASViking may act as a data processor or service provider on behalf of the customer for customer-directed monitoring activities, and as an independent controller for operational, billing, account security, fraud prevention, platform integrity, and legal compliance purposes.

12. Security Measures

WASViking implements technical and organizational measures designed to protect security-related data, including access controls, encryption in transit, audit logging, least-privilege principles, and monitoring intended to preserve platform integrity and reduce unauthorized access.

13. Contact Us

For questions regarding this Security Data Handling notice or WASViking’s security-related data practices, contact us at:
WASViking LLC
Orlando, FL, USA
[email protected]