Privacy Policy

Last updated: March 27, 2026

Vazra ("we", "us", "our") operates the Vazra autonomous AI cybersecurity platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform and visit our website.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, organisation name, and role. If you subscribe to a paid plan, payment processing is handled by our third-party payment provider — we do not store credit card numbers.

1.2 Security Scan Data

When you use Vazra's scanning capabilities, we process data related to your authorised domains, including:

• Email addresses and subdomains discovered during scans
• Breach records associated with your domain from public databases
• Endpoint telemetry from Vazra Enforcer agents installed on your systems
• Network traffic metadata (not payload content) for threat detection
• MITRE ATT&CK technique mappings and threat intelligence correlations

1.3 Usage Data

We automatically collect IP addresses, browser type, pages visited, session duration, and feature usage to improve the platform and maintain security (including rate limiting and abuse prevention).

1.4 Contact Form Data

If you contact us via our contact form, we collect your name, email, company name, and message content to respond to your enquiry.

2. How We Use Your Information

• Service delivery: To perform security scans, generate threat assessments, execute autonomous actions, and deliver reports
• Account management: To authenticate you, manage your subscription, and send transactional emails
• Security: To detect and prevent fraud, abuse, and unauthorised access to our platform
• Improvement: To improve our AI models, detection accuracy, and user experience (using aggregated, anonymised data only)
• Communication: To respond to support requests and send service-critical notifications

3. Data Storage & Security

• Data is stored on secured infrastructure with access restricted to essential personnel only
• Database credentials are rotated regularly and stored in environment variables, never in code
• All user passwords are hashed using Argon2id with per-user salts
• Session tokens are hashed before storage and expire automatically
• Multi-factor authentication (TOTP) is available for all accounts

4. Data Retention

• Account data: Retained while your account is active and for 30 days after deletion request
• Security scan results: Retained for 12 months, then automatically purged
• Endpoint telemetry: Retained for 90 days in hot storage, 12 months in cold storage
• Audit logs: Retained for 24 months for compliance purposes
• Contact form submissions: Retained for 12 months

5. Third-Party Services

Vazra integrates with third-party services solely to deliver its security capabilities:

• Have I Been Pwned (HIBP): Credential breach lookups (domain-level queries only)
• IntelligenceX: Paste site and dark web monitoring
• DeHashed: Comprehensive breach record searches
• Wazuh: Open-source endpoint detection and response
• Zoho Mail: Transactional email delivery

We do not share your personal information with these services beyond what is necessary for their specific function. No advertising or analytics trackers are used on our platform.

6. Your Rights

Regardless of your location, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Delete your account and associated data
• Export your data in a machine-readable format
• Object to processing of your data for specific purposes
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at [email protected] or via our contact form.

7. GDPR Compliance

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

• Contract performance: Processing necessary to provide the Vazra platform services you subscribed to
• Legitimate interest: Platform security, fraud prevention, and service improvement
• Consent: Optional marketing communications (if any)

Enterprise and EU-based customers may request a full Data Processing Agreement (DPA) covering GDPR Article 28 requirements. Contact our team to request one.

8. Cookies

Vazra uses only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children's Privacy

Vazra is a business-to-business platform and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to active account holders and posted on this page with an updated revision date.

11. Contact

For privacy-related enquiries, data requests, or complaints: