1. Data Controller

Vaultworks Software OU ("we", "us", "our") is the data controller for personal data collected through the NetRecon platform and the website netreconapp.com. We are registered in Estonia and operate under the General Data Protection Regulation (GDPR).

2. Data We Collect

We collect the following categories of personal data:

• Account information: email address, full name, company name
• Payment information: processed by our payment provider Paddle; we do not store credit card details
• Usage analytics: anonymized feature usage, session duration, and error reports
• Support communications: messages sent to our support or sales channels
• Technical data: IP address, browser type, and operating system (collected via server logs)

3. How We Use Your Data

• To provide, maintain, and improve the NetRecon platform
• To process payments and manage subscriptions
• To send transactional emails (account confirmations, security alerts, billing)
• To respond to support requests
• To detect and prevent fraud or abuse

4. Self-Hosted Deployments

For customers using self-hosted plans, no user data, scan results, device inventories, or network telemetry leaves your infrastructure. The only data transmitted to our servers is license validation checks, which contain only the license key and a hardware fingerprint. No personal data or network data is included.

5. Data Storage and Security

Data is stored in EU-based data centers. All data at rest is encrypted with AES-256. All data in transit is protected with TLS 1.3. Database backups are encrypted and access-controlled. We maintain strict access controls with multi-factor authentication for all internal systems.

6. Third Parties

We share data with the following third-party processors:

• Paddle — payment processing (billing address, email, payment method)
• Cloudflare — CDN, DDoS protection, and DNS (IP addresses, request headers)

We do not sell, rent, or trade your personal data to any third party.

7. Cookies

We use essential cookies required for authentication and session management. We use anonymized analytics cookies to understand how the platform is used. No third-party advertising cookies are used. You can disable non-essential cookies in your browser settings.

8. Your Rights (GDPR)

Under the GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your personal data
• Portability — request your data in a machine-readable format
• Objection — object to processing based on legitimate interest
• Restriction — request restriction of processing in certain circumstances

To exercise any of these rights, contact us at privacy@netreconapp.com. We will respond within 30 days.

9. Data Retention

We retain account data for the duration of your subscription and for 90 days after account deletion. Payment records are retained for 7 years as required by EU tax law. Server logs are retained for 30 days. You may request early deletion of non-legally-required data at any time.

10. International Transfers

Your data is processed and stored within the European Union. If any data transfer outside the EU is required (e.g., via Cloudflare edge nodes), it is protected by Standard Contractual Clauses (SCCs) or an adequacy decision.

11. Data Protection Officer

For data protection inquiries, contact our DPO at privacy@netreconapp.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users and posted on this page. Continued use of the platform after changes constitutes acceptance.

13. Governing Law

This Privacy Policy is governed by the laws of the Republic of Estonia and the European Union, including the General Data Protection Regulation (GDPR). Any disputes shall be submitted to the courts of Estonia.