We collect the minimum data needed to run Vigilare and protect it seriously. This policy explains what we collect, why, and your rights over it.
Effective date: May 22, 2025
When you register, we collect your name, email address, company name, and a password hash. We use this to authenticate you and communicate with you about your account.
To deliver the monitoring service, we read metadata from your connected AWS accounts via a read-only cross-account IAM role you provision. We collect resource identifiers, configuration state, and finding timestamps — not raw data, secrets, or the content of your workloads. See our Security page for the exact IAM permissions required.
We collect standard server logs (IP address, browser, pages visited, timestamps) and in-app events (feature usage, navigation) to understand how the product is used and to diagnose issues. This data is aggregated and is not sold.
If you contact us by email or through the contact form, we retain that correspondence to respond to you and improve our support.
We use your account information and AWS metadata solely to operate Vigilare — running collectors, scoring findings, and delivering alerts to you.
We send you transactional emails (alerts, account notices) and, if you opt in, product update emails. You can unsubscribe from marketing emails at any time.
Aggregated, anonymised usage data helps us prioritise features and fix bugs. We do not use your AWS data to train machine-learning models or for any purpose beyond delivering the service.
We may process your data when required by applicable law, court order, or to protect the rights and safety of Vigilare, our customers, or the public.
Security and billing findings are retained for 90 days by default. You can configure a shorter retention window in your account settings.
Account information is kept for as long as your account is active. If you delete your account, your data is purged within 30 days, except where we are required by law to retain it longer.
Raw server logs are retained for 30 days for security and debugging purposes, then deleted.
You can request a copy of the personal data we hold about you at any time by emailing us.
You can update most of your account information directly in the app. If you need to correct data we hold that is not editable in-app, contact us.
You may request deletion of your account and associated personal data. We will process deletion requests within 30 days.
If you are located in the European Economic Area, UK, or California, you have additional rights including the right to object to processing, restrict processing, and (for GDPR) lodge a complaint with your local supervisory authority. Contact us to exercise these rights.
All data is encrypted in transit over TLS 1.2+ and at rest using AES-256. Access to production systems is restricted to authorised personnel via MFA-protected accounts with least-privilege IAM roles.
In the event of a data breach affecting your personal information, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by applicable law.
We may update this policy from time to time. When we make material changes we will notify you by email and update the effective date below. Continued use of the service after the effective date constitutes acceptance of the revised policy.
For privacy-related requests or questions about this policy, reach us at:
Vigilare — Privacy Team
privacy@vigilare.cloudWe aim to respond to all privacy requests within 5 business days.