Privacy Policy

Last Updated: September 15, 2025

Legal Entity and Service Scope

This Privacy Policy (the "Policy") applies to services provided by Vigilcode, Inc., a Delaware corporation ("Vigilcode," "we," "us," or "our"), including:

  • Our website at vigilcode.com and all subdomains

  • The Vigil mobile application for iOS and Android

  • Our API services at api.vigilcode.com

  • All related online services and features

This Policy does not apply to third-party websites, services, or applications, even if accessed through our Services.

Overview

Vigil provides AI-powered threat detection and security analysis services to help users identify potential digital security risks. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

Scope of This Policy

This Privacy Policy applies to:

  • The Vigil website (www.vigilcode.com)

  • The Vigil mobile application

  • All related API services and features

  • Any other services provided by Vigilcode, Inc.

Types of Data We Collect

We categorize the information we collect into three distinct types to provide transparency about how your data is used:

Service Data (Required for Operation)

  • Email addresses for authentication and account management

  • Session identifiers and device tokens for secure access

  • Account settings and preferences you configure

  • Authentication logs for security monitoring

Analysis Data (Your Submitted Content)

  • Text, images, and URLs you submit for security analysis

  • Content metadata necessary for threat detection

  • Analysis results and recommendations we generate

  • Encrypted and processed with privacy-preserving techniques when possible

Optional Diagnostic Data

  • App performance metrics (can be disabled in settings)

  • Error reports (only sent with your permission)

  • Usage analytics to improve service quality (anonymized)

Information We Collect

Email Addresses

  • Required for account creation and magic link authentication

  • Used for service communications including authentication, account recovery, and important service updates

  • Not shared with third parties for marketing or other purposes

Content Data ("Vigilize Data")

  • Text, images, URLs, and other content you submit for security analysis

  • Collected when you use our threat detection services through website or mobile app

  • Processed to provide security recommendations, threat assessments, and safety insights

  • May include screenshots, message content, email headers, and website URLs

Technical Information (Mobile App)

  • Device identifiers for secure session management (not for tracking)

  • App usage analytics to improve service performance (can be disabled in settings)

  • Authentication tokens for secure access (automatically expired)

  • Crash reports only sent with your explicit permission

  • App version and device model for compatibility support

Mobile Application Data Collection

Our mobile app collects minimal data necessary for functionality:

  • Session management: Secure tokens that automatically expire

  • Performance monitoring: App crashes and performance issues (optional)

  • Feature usage: Which features are used to prioritize improvements (anonymized)

  • Security logs: Authentication attempts for fraud prevention

Important: We do not track your location, access your contacts, read your messages, or monitor your other apps.

Automatically Collected Information

  • IP addresses for security and fraud prevention

  • Usage patterns to improve service quality

  • Error logs for technical support and debugging

How We Use Your Information

Primary Service Functions

  • Threat Detection: Analyze submitted content for security risks

  • Authentication: Provide secure, password-less login via magic links

  • Service Delivery: Generate personalized security recommendations

  • Account Management: Maintain your account and service preferences

Service Improvement

  • AI Model Training: We may use anonymized email data and Vigilize data to train and improve our AI models

  • Product Development: Enhance threat detection capabilities and user experience

  • Research: Understand emerging security threats and develop better protections

Important: All data used for model training is thoroughly anonymized with personal identifiers removed. We never use identifiable personal information for training purposes.

Data Anonymization Process

When using data for model training:

  • Personal identifiers removed: Names, email addresses, and account information

  • Content patterns preserved: Security-relevant patterns needed for threat detection

  • No reverse identification: Anonymized data cannot be traced back to individual users

  • Secure processing: Anonymization occurs in isolated, secure environments

Your Data Ownership

You retain full ownership of all content you submit to Vigil. We process your data solely to provide security analysis services and improve our threat detection capabilities.

What This Means

  • You own your content: We never claim ownership of your personal communications, files, or other submitted content

  • Limited processing rights: We only process your data to deliver the services you requested

  • No permanent claims: Our processing rights end when you delete your account or withdraw consent

  • Exportable data: You can download your data and analysis history at any time

Our Commitment

We act as a data processor for your submitted content, not a data owner. Your trust in sharing potentially sensitive content for analysis is fundamental to our service, and we honor that trust through strict data ownership respect.

Information Sharing and Disclosure

We Do Not Sell Your Data

ABSOLUTE COMMITMENT: We do not and will never:

  • Sell your personal data to advertisers, data brokers, or marketing companies

  • Share data with third parties for their own commercial purposes

  • Use your data for advertising to third parties

  • Create marketing profiles from your submitted content

  • Monetize your information beyond providing you our security services

This is a core principle that will never change, regardless of business pressures or opportunities.

What We Don't Do

  • No data sales: We do not and will never sell your personal data

  • No advertising partnerships: We do not share data with advertisers or data brokers

  • No marketing databases: We do not use your data for marketing to third parties

  • No unencrypted storage: We do not store unencrypted sensitive content

  • No cross-selling: We do not share your information for others to market to you

Information Sharing and Disclosure

We Do Not Sell Your Data

  • No commercial data sales to advertisers, marketers, or data brokers

  • No personal information sharing with third parties for their own purposes

  • Limited service providers only when necessary for service operation

Limited Disclosure Scenarios

We may disclose information only when:

  • Required by law or legal process

  • Protecting user safety in emergency situations

  • Preventing fraud or security threats to our services

  • With your explicit consent for specific purposes

Service Providers

We may share limited data with trusted service providers who:

  • Assist with service delivery (cloud hosting, email delivery)

  • Are contractually bound to protect your information

  • Cannot use data for their own purposes

  • Meet our security standards

Data Security

Protection Measures

  • Industry-standard encryption for data transmission and storage

  • Access controls limiting data access to authorized personnel only

  • Regular security audits and vulnerability assessments

  • Secure authentication using modern cryptographic methods

Data Retention

  • Account data: Retained while your account is active

  • Vigilize data: Retained for service improvement and threat analysis

  • Anonymized data: May be retained indefinitely for research and model training

  • Deletion requests: Honored in accordance with applicable law

Your Rights and Choices

Account Control

  • Access your data through account settings

  • Update information including email preferences

  • Delete your account and associated personal data

  • Download your data in portable formats

Communication Preferences

  • Opt out of non-essential communications

  • Authentication emails cannot be disabled (required for service)

  • Security alerts recommended but can be customized

Data Processing Rights

  • Request data deletion (subject to legal and operational requirements)

  • Correct inaccurate information in your account

  • Object to processing for certain purposes

  • Data portability for information you've provided

Children's Privacy

Vigil is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

International Data Transfers

Your information may be processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data when transferred internationally, including:

  • Standard contractual clauses approved by regulatory authorities

  • Adequacy decisions recognizing equivalent protection levels

  • Additional security measures as required by applicable law

California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected and how it's used

  • Right to delete personal information (with certain exceptions)

  • Right to opt-out of sale of personal information (we don't sell data)

  • Right to non-discrimination for exercising privacy rights

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. We will:

  • Notify users of material changes via email or app notification

  • Post updated policy with revision date

  • Provide transition period for users to review changes

  • Obtain consent where required by law

Third-Party Services and Websites

This Policy does not cover third parties or their products, actions, or services. Vigilcode is not responsible for:

  • Third-party websites, applications, or services you may access through our Services

  • Cookies, pixels, and tracking technologies used by third-party advertisers

  • Social media platforms, email providers, or other external services you may connect to

  • Privacy practices of companies that provide services to us

For information about third-party privacy practices, please consult their respective privacy policies.

Changes to This Policy

Vigilcode reserves the right to modify this Privacy Policy at any time. When we make changes:

  • We will update the "Last Updated" date at the top of this document

  • For material changes, we will provide additional notice via email or prominent website notification

  • Your continued use of our Services after changes constitutes acceptance of the updated Policy

  • We encourage you to review this Policy periodically for updates

Contact Information

For privacy-related questions, concerns, or requests:

Email: privacy@vigilcode.com

Effective Date

This Privacy Policy is effective as of September 15, 2025 and replaces all previous versions.

By using Vigil services, you acknowledge that you have read and understood this Privacy Policy and agree to our data practices as described herein.