Privacy Statement

We respect your privacy and are committed to protecting it through our compliance with this privacy policy (“Policy”). This Policy describes the types of information we may collect from you or that you may provide (“Personal Information”) on the vulnissimo.io website (“Website” or “Service”) and any of its related products and services (collectively, “Services”), and our practices for collecting, using, maintaining, protecting, and disclosing that Personal Information. It also describes the choices available to you regarding our use of your Personal Information and how you can access and update it.

This Policy is a legally binding agreement between you (“User”, “you” or “your”) and Pentest Tools S.A. (“Pentest Tools S.A.”, “we”, “us” or “our”). If you are entering into this agreement on behalf of a business or other legal entity, you represent that you have the authority to bind such entity to this agreement. If you do not have such authority, or if you do not agree with the terms of this agreement, you may not access and use the Website and Services. By accessing and using the Website and Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

Automatic collection of information

When you open the Website, our servers automatically record information that your browser sends. This data may include:

• your device’s IP address
• browser type and version
• operating system type and version
• language preferences
• the webpage you were visiting before you came to our Website
• pages of the Website you visit
• time spent on pages
• search terms used
• access times and dates
• other usage statistics

This data is used only to identify potential abuse and create statistical usage information, which is not aggregated in a way that identifies individual users.

Collection of personal information

You can access and use the Website and Services without identifying yourself. If you want to use certain features, you may need to provide Personal Information (e.g., name and email address).

We collect and store any information you knowingly provide, such as:

• account details (username, unique ID, password)
• contact information (email address, phone number)
• basic personal details (name, country of residence)

This information may also come from public databases or joint marketing partners. You can decline to provide Personal Information, but this may limit feature availability.

Privacy of children

We do not knowingly collect Personal Information from children under 18. If you are under 18, please do not submit information through the Website. If you believe a child has provided us with Personal Information, please contact us so we can remove it.

Use and processing of collected information

We may act as either a data controller or data processor under the GDPR depending on the context.

As a data controller, we determine the purpose and method of processing. As a data processor, we act on your instructions only.

We process Personal Information for the following purposes:

• create and manage accounts
• fulfill and manage orders
• deliver products or services
• improve products and services
• send administrative or service updates
• respond to inquiries and provide support
• request user feedback
• enhance user experience
• respond to legal obligations or requests
• operate the Website and Services

Legal bases under GDPR:

• your consent
• performance of a contract
• compliance with legal obligations
• public interest or official authority
• legitimate interest

We’re happy to clarify what legal basis applies to any processing.

Payment processing

We use third-party payment processors that meet PCI Security Standards. Your payment data is encrypted and shared only as necessary to process payments or resolve related queries. Please review the Payment Processors’ privacy policies for more details.

Managing information

You may delete certain Personal Information or your account by contacting us. However, we may retain copies for compliance, dispute resolution, or operational needs.

Disclosure of information

We may share your Personal Information with:

• affiliates and service providers assisting us under our privacy terms
• legal authorities when required by law or to protect rights and safety

Service Providers are not authorized to use your data beyond fulfilling assigned duties.

Retention of information

We retain Personal Information:

• as long as your account is active
• as necessary to fulfill legal or operational obligations
• for no more than 36 months after inactivity unless otherwise required

After the retention period, data is deleted and certain data rights may no longer apply.

transfer of information

Your data may be transferred to and stored outside your country, but within the European Union or European Economic Area.

Data protection rights under GDPR

If you are in the EEA, your rights include:

1. Withdraw consent at any time
2. Know if your Personal Information is being processed
3. Verify and correct inaccurate or incomplete data
4. Object to certain types of processing
5. Restrict processing in specific cases
6. Request erasure of your data
7. Request data portability
8. Lodge complaints with your data protection authority

California privacy rights

Under the CCPA, California residents can:

• request the categories and specific Personal Information collected
• request deletion or opt-out of sale of Personal Information
• exercise rights without facing discrimination

How to exercise your rights

You may submit requests through our contact details. We may ask for identity verification and sufficient information to process your request.

Cookies

We use cookies to personalize your experience. Cookies collect data for security, performance, and statistical analysis. You can choose to accept or decline cookies in your browser settings.

Data analytics

We may use third-party analytics tools to analyze Website usage. These tools do not collect personally identifiable information. Data is used to improve service quality.

Do not track signals

We currently do not respond to Do Not Track signals, due to lack of standardization.

Social media features

Our Website may include features from platforms like Facebook or Twitter. These may collect your IP and interaction data and are governed by their own privacy policies.

Email marketing

You may voluntarily subscribe to newsletters. We do not sell email addresses. You can unsubscribe at any time through provided links.

Links to other resources

The Website may contain links to external resources. We are not responsible for their privacy practices. Please review their privacy statements.

Information security

We secure your data using administrative, technical, and physical safeguards. However, no method of transmission is 100% secure. Please also protect your own device and credentials.

Data breach

If a breach occurs, we may notify affected users and relevant authorities. Notices may be posted on our Website or sent via email.

Changes and amendments

We may update this Policy and will notify you by email or other means. Your continued use of the Website means you accept the updated Policy.

Acceptance of this policy

By using the Website and Services, you agree to this Policy. If you do not agree, you are not authorized to use our services.

Contacting us

If you have questions or wish to exercise your data rights, contact:

📧 contact@vulnissimo.io

We’ll respond promptly and in accordance with applicable laws.

Last updated: July 3, 2025