Privacy Policy

At Valitrix, we understand that as a cybersecurity company, we hold ourselves to the highest standards of data protection and privacy. This Privacy Policy explains how we collect, use, process, and protect your information when you use our breach and attack simulation (BAS) services and other cybersecurity validation tools.

We are committed to transparency and compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other regional privacy regulations.

2.1 Account and Contact Information

• Name, email address, phone number, and job title
• Company name, industry, and organization size
• Account credentials and authentication information
• Billing and payment information (processed by secure third-party providers)

2.2 Security Testing Data

• Network configurations and security control settings
• Security test results and vulnerability assessments
• System metadata and performance metrics
• Compliance status and remediation tracking

2.3 Usage and Technical Data

• Platform usage statistics and feature interactions
• Log files, IP addresses, and device information
• Browser type, operating system, and access times
• Performance data and error reports

Important: We do not access, collect, or store sensitive business data, personal customer information, or proprietary content during security testing activities.

We use collected information for the following purposes:

3.1 Service Delivery

• Providing cybersecurity validation and testing services
• Generating security reports and compliance assessments
• Monitoring and improving security control effectiveness
• Delivering customer support and technical assistance

3.2 Platform Improvement

• Analyzing usage patterns to enhance platform functionality
• Developing new security testing methodologies
• Improving threat detection and simulation capabilities
• Maintaining and optimizing system performance

3.3 Communication and Updates

• Sending security alerts and critical notifications
• Providing product updates and new feature announcements
• Sharing relevant cybersecurity insights and best practices
• Processing support requests and inquiries

As a cybersecurity company, we implement industry-leading security measures to protect your data:

4.1 Encryption and Access Controls

• End-to-end encryption for all data in transit and at rest
• Multi-factor authentication for all user accounts
• Role-based access controls and principle of least privilege
• Regular security audits and penetration testing

4.2 Infrastructure Security

• Secure cloud infrastructure with SOC 2 Type II compliance
• Network segmentation and monitoring
• Automated threat detection and incident response
• Regular security updates and vulnerability management

4.3 Data Isolation

• Customer data is logically separated and isolated
• No cross-customer data access or sharing
• Secure data processing environments
• Controlled data retention and secure deletion

We do not sell, rent, or share your personal information with third parties, except in the following limited circumstances:

5.1 Service Providers

We may share data with trusted service providers who assist in delivering our services, such as cloud hosting providers, payment processors, and support platforms. These providers are contractually bound to protect your data and use it only for specified purposes.

5.2 Legal Requirements

We may disclose information when required by law, court order, or government regulation, or when necessary to protect our rights, property, or safety, or that of our users or others.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, customer information may be transferred as part of the transaction, subject to the same privacy protections.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request access to your personal information we process
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a portable format
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at privacy@valitrix.com. We will respond to your request within the timeframes required by applicable law.

We retain personal information for as long as necessary to provide our services and comply with legal obligations:

• Account Information: Retained during active subscription and for 2 years after termination
• Security Test Data: Retained according to customer requirements, typically 1-3 years
• Usage Logs: Retained for up to 12 months for security and operational purposes
• Support Records: Retained for 3 years after case closure

Upon request or contract termination, we will securely delete or anonymize your data in accordance with your instructions and applicable legal requirements.

Our services are operated from the United Kingdom and European Union. If you are located outside these regions, your information may be transferred to and processed in countries with different data protection laws.

We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Data processing agreements with adequate protection measures
• Regular assessments of transfer mechanisms and security measures

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of significant changes through our platform, email, or other appropriate communication methods.

The updated policy will be effective as of the "Last updated" date shown at the top of this page. Your continued use of our services after changes are made constitutes acceptance of the updated policy.

For questions about this Privacy Policy or our data handling practices, please contact our Data Protection Officer:

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority.