Skip to main content
Back to homepage

Security & Privacy

Last updated: December 8, 2024
v1.0

How we protect your data and our security measures.

Security Guarantees
Our commitments for your data

Encryption

Industry-standard encryption for data at rest and in transit

Secure Storage

Encrypted databases with restricted access controls

Incident Response

Notification within 72 hours for security incidents

Data Handling

VexNexa scans publicly accessible web pages. We temporarily store scan results and metadata to provide our service. We do not collect or store personal data from the websites we scan.

Privacy by Design

We only scan publicly accessible content and do not attempt to access protected areas or extract personal information.

Data Storage

All scan data is stored securely in encrypted databases. Access is restricted to authorized personnel only. We use industry-standard encryption for data at rest and in transit.

Security Measures

  • Encryption at rest: AES-256 encryption for stored data
  • Encryption in transit: TLS 1.3 for all connections
  • Access control: Role-based access with multi-factor authentication
  • Monitoring: 24/7 security monitoring and logging
  • Regular audits: Quarterly security assessments and penetration testing

Data Retention

Scan results are retained for the duration of your subscription plus 30 days. You can request deletion of your data at any time through your account settings or by contacting support.

Retention Periods

  • Active users: Scan data retained for the duration of subscription
  • After cancellation: Data retained for 30 days for reactivation
  • Account deletion: All data permanently deleted within 7 days
  • Audit logs: Retained for 1 year for compliance purposes

Third-Party Services

We use select third-party services for hosting, analytics, and payment processing. All third parties are vetted for security and privacy compliance.

Third-Party Processors

  • Vercel: Hosting and CDN (SOC 2 Type II certified)
  • Supabase: Database and authentication (ISO 27001 certified)
  • Mollie: Payment processing (PCI DSS compliant)

GDPR Compliance

All our third-party processors are GDPR compliant and have Data Processing Agreements in place.

Security Incident Response

In the event of a security incident, we will notify affected users within 72 hours and provide details about the incident and remediation steps.

Incident Response Process

  1. Detection: Automated monitoring and alerting systems
  2. Assessment: Immediate evaluation of severity and impact
  3. Containment: Isolate affected systems to prevent spread
  4. Investigation: Root cause analysis and forensics
  5. Notification: Inform affected users within 72 hours
  6. Remediation: Fix vulnerabilities and restore service
  7. Post-mortem: Document learnings and improve processes

Report a Vulnerability

If you discover a security vulnerability, please report it responsibly to info@vexnexa.com

Contact

Security Inquiries

E-mail: info@vexnexa.com

For security vulnerabilities or privacy concerns, please contact us at the email above.

Business Information

Business Type: Sole proprietorship (Eenmanszaak)
Address: Gagarinstraat 28, 1562TB Krommenie, Netherlands
Chamber of Commerce: 94848262
Establishment Number: 000060294744

Last updated: December 8, 2024

Privacy PolicyContact us