Privacy Policy
Last updated: March 3, 2026
This Privacy Policy explains how Solustiq Yazilim ve Yapay Zeka Teknolojileri A.S. ("Company", "we", "us") collects, uses, stores, and protects your personal information when you visit our website or use the Vuln0x platform ("Service").
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, company name, and profile details provided during registration.
- Payment Information: Credit card details and billing address, processed securely by Stripe. We do not store your full credit card number.
- Scan Configuration: Target URLs, domains, scan types, and scheduling preferences you configure.
- Support Communications: Messages and attachments sent through our support channels.
1.2 Information Collected Automatically
- Usage Data: Pages visited, features used, scan history, and interaction patterns within the Service.
- Device Information: IP address, browser type and version, operating system, and device identifiers.
- Log Data: Server logs including timestamps, request URLs, HTTP status codes, and referrer URLs.
1.3 Scan Data
During security scans, Vuln0x collects technical data from your target systems, including but not limited to:
- HTTP response headers.
- SSL/TLS certificate details.
- DNS records.
- Technology stack information.
- Open ports and services.
- Vulnerability indicators and security misconfigurations.
Important: Scan data is distinct from personal data. However, scan results may incidentally contain personal data (e.g., if error messages on the target system expose personal information). Such incidental personal data is processed in accordance with our Data Processing Agreement.
2. How We Use Your Information
- To provide, operate, and maintain the Vuln0x platform.
- To process your subscription and payments.
- To authenticate your identity and manage your account.
- To perform security scans and generate reports as requested.
- To communicate with you about your account, updates, and security alerts.
- To improve and optimize the Service based on usage patterns.
- To detect, prevent, and address fraud, abuse, and security issues.
- To comply with legal obligations and respond to lawful requests.
3. Cookies and Tracking
We use the following types of cookies:
- Essential Cookies: Required for authentication, session management, and core functionality. Cannot be disabled.
- Analytics Cookies: Help us understand how visitors interact with our website to improve the user experience. Can be opted out.
We do not use third-party advertising cookies or sell your data to advertisers.
4. Third-Party Services
We share data with the following third-party services solely for the purposes described:
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Name, email, payment details |
| Supabase | Authentication and database | Account data, session tokens |
| Fly.io | Application hosting | All application data |
| Vercel | Frontend hosting | IP address, usage data |
A complete list of sub-processors is available in our Data Processing Agreement.
5. Data Retention
- Active Accounts: Data is retained for the duration of your subscription.
- Account Deletion: All personal data and scan results are permanently deleted within 30 days of account deletion.
- Billing Records: Retained for up to 7 years for tax and legal compliance.
- Server Logs: Retained for 90 days.
6. Your Rights
Under GDPR (for EU/EEA residents) and KVKK (for Turkish residents), you have the following rights:
- Right of Access: Request a copy of your personal data.
- Right to Rectification: Correct inaccurate or incomplete personal data.
- Right to Erasure: Request deletion of your personal data.
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Restrict Processing: Request limitation of processing.
- Right to Object: Object to processing based on legitimate interests.
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at privacy@vuln0x.com. We will respond within 30 days.
7. Data Security
We implement industry-standard security measures to protect your data, including:
- TLS 1.2+ encryption for all data in transit.
- AES-256 encryption for data at rest.
- Secure authentication with multi-factor support.
- Regular security audits and penetration testing.
- Access controls with principle of least privilege.
8. International Data Transfers
Your data may be transferred to and processed in the United States. For EU/EEA residents, transfers are protected by Standard Contractual Clauses (SCCs). For Turkish residents, transfers are conducted in compliance with KVKK Article 9 requirements.
9. Children's Privacy
Vuln0x is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 18, we will promptly delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service at least 30 days before taking effect.
11. Contact
For privacy-related inquiries or data subject rights requests:
- Email: privacy@vuln0x.com
- Company: Solustiq Yazilim ve Yapay Zeka Teknolojileri A.S.
- Website: https://vuln0x.com
12. Supervisory Authority
If you are not satisfied with our response to your privacy concern, you have the right to lodge a complaint with your local data protection authority:
- Turkey: Kisisel Verileri Koruma Kurumu (KVKK)
- EU/EEA: Your local Data Protection Authority