Effective date: June 2026 • Contact: [email protected]
This Privacy Policy explains how VXSec handles information for website visitors, scope checks, diagnostics, cleanup sprints, partner delivery, and related communications. Project-specific agreements may add to or override this policy for a specific engagement.
We collect only what is reasonably needed to respond to inquiries, scope work, deliver services, maintain records, and protect our business.
Client-controlled data remains client data. VXSec does not sell client data or use client data for advertising.
VXSec may use AI-assisted tools for internal drafting, editing, summarizing, or organizing work product when appropriate. We do not use client data to train models. Where AI-assisted tools are used, the goal is drafting support; VXSec remains responsible for reviewing deliverables before they are sent.
We share information only as needed to operate the business, deliver the agreed services, or comply with law. This may include scheduling tools, email and document tools, payment processors, cloud storage, security tools, subcontractors, and delivery partners. Examples may include Calendly, Google Workspace, Stripe, cloud hosting or storage providers, and approved project partners.
We do not sell personal information. Subprocessors and partners are expected to handle information only for the purpose of supporting the agreed work.
VXSec prefers exports, read-only access, screen share, or least-privilege access where practical. Temporary admin or implementation access may be needed for approved cleanup work. Access should be removed after the engagement or when it is no longer needed unless a project-specific agreement says otherwise.
Retention depends on the type of information, project needs, legal requirements, and client instructions.
You may request deletion of project artifacts by emailing [email protected]. Some records may need to be retained for legal, accounting, dispute, or legitimate business reasons.
VXSec uses practical security measures such as access controls, least-privilege access, password management, secure storage, encrypted transport where available, limited access to client artifacts, and removal of temporary access after work is complete. No system or transmission method is perfectly secure, and third-party platforms may have their own limitations.
The VXSec website does not use advertising pixels or tracking scripts. Server logs or hosting providers may process basic technical information such as IP address, browser, requested page, timestamp, and referrer for security, debugging, and site operation.
VXSec is based in Ontario, Canada. Some tools, subprocessors, clients, or project partners may process data in Canada, the United States, or other countries depending on the service used.
You may contact VXSec to request access, correction, deletion, or information about how your data is handled. We may need to verify identity and confirm authority before acting on requests involving client systems or project artifacts.
We may update this Privacy Policy from time to time. Updated versions will be posted on this page. Project-specific agreements may continue to control for active work where they differ from this policy.
For privacy questions, requests, or concerns, contact us at:
VXSec
Ontario, Canada
[email protected]
We will respond to privacy inquiries within 30 days.