Privacy Policy

Effective 21 June 2026

Iron Vigil ("we", "us") provides cloud security posture management, vulnerability scanning, and compliance automation. This policy explains what we collect and how we use it.

Information we collect

Account data — name, email, and authentication identifiers from GitHub, Google, or email/password sign-up.
Usage data — actions in the product, IP address, device/browser, and diagnostic logs.
Security scan data — findings, configurations, and metadata from the cloud accounts, repositories, and endpoints you connect.
Cookies — a session cookie for authentication; we do not use third-party advertising cookies.

How we use it

To provide and secure the service, run the scans you request, generate compliance evidence, communicate with you, and meet legal obligations.

Data security

Customer credentials are protected with envelope encryption (AES-256-GCM) and are never accessible to our staff. Data is encrypted in transit (TLS) and at rest.

Sharing

We do not sell your data. We share it only with sub-processors that operate the service (e.g. cloud hosting) under contract, or when required by law.

Retention

We retain data while your account is active and as needed for legal and operational purposes. You may request deletion.

Your rights

Subject to applicable law (including GDPR and CCPA), you may access, correct, export, or delete your personal data by contacting us.

International transfers

Your data may be processed in the regions where we and our sub-processors operate, with appropriate safeguards.

Changes

We will post updates to this page and revise the effective date.

Contact

privacy@ironvigil.app

Iron Vigil · Privacy · Terms · privacy@ironvigil.app