SecTeer VulnDetect & PatchPro Support Forum VulnDetect
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Download VulnDetect Installer
    • Login

    Privacy Policy for this forum

    Scheduled Pinned Locked Moved Announcements
    1 Posts 1 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V Offline
      VulnDetect
      last edited by VulnDetect

      Due to a regression after upgrading the forum software I post the Privacy Policy here:

      Privacy and Data Processing Policy

      This policy describes what data we collect, why we collect it, how we process it, and when and how we may share this data with third parties.

      Data Collected

      This forum may collect data about you. However, it should be clear what the data is used for.
      We do not expect you to provide your real name or other real contact information, except from a valid email address.
      Your email address is only used for account verification and for announcements, such as notifications about recent activity on the forum or news related to the future VulnDetect product.
      VulnDetect only retains standard http / ssl log files, for examining and analysing usage. These log files may be retained for up to 12 months. Under normal circumstances only your IP and browser information are collected in these log files.
      VulnDetect utilises cookies as well, however, these are only used for session management and can safely be deleted between visits, the only consequence is that you will be prompted for your username and password upon your next visit.

      What we store about you

      All data that we store about you is visible from the interface of this forum.
      Please note, that we allow the use of aliases, thus you do not need to reveal your true identity, to have an active profile at the VulnDetect forum.

      Your right to be forgotten

      You may at any time opt-out of our mailing lists and services.
      You may at any time choose to delete your account. Backups are retained for two weeks. After two weeks they will be overwritten and your data will be permanently gone.
      Note: Any posts or replies you made on the forum will not be deleted as these are considered public domain and removal of your replies or posts may render the remaining post and replies in a thread useless or without proper context. You should also note that your posts and replies may be cached by search engines, web archives and other parties who are beyond our control.
      Remember, you may always choose to use an alias when posting, we will not reveal your true identity.

      Security and Encryption

      Data transfer

      We utilise HTTPS (or similar) for all data transfers. We intend to comply with best practices for HTTPS configuration for websites at all times. This may cause certain older clients to be unable to access the site.

      Certificates

      We currently use Let’s Encrypt certificates.

      Encryption at rest

      All user data is stored on encrypted devices to prevent leakage when disposing of old / broken hardware or when recycling storage at the cloud provider.
      Your password is hashed 12 times using bcrypt before it is stored in our database. bcrypt is one of the better hashing algorithms, because it makes it fairly expensive to bruteforce the password hash.
      However, we always recommend that you use a password manager and use individual passwords for every single site. This, way you don’t need to worry too much, if one of the sites you use is compromised.

      Software

      We naturally intend to update all software in a timely manner. If software is considered vulnerable, we may update it out of our regular service windows or disable functionality temporarily. When doing so, we will post a brief note on the forum to notify about the service interruption or lack of service.

      Access

      Access to user data is on a “need to” basis. All access to data and systems hosting data requires authentication and is logged.

      Backups

      Backups are encrypted before being retrieved and stored at a separate location. Backups containing user data are usually only retained for two weeks.

      Third parties

      All data is stored at Hetzner Online GmBH in one of their German facilities. The database, holding your credentials and all the posts, is stored on bare metal hosts at Hetzner, these hosts are managed by SecTeer, all data at rest is encrypted. Backups may be stored at a different facility, but still in Europe and always encrypted at rest. The forum software is running on a cloud instance at Hetzner, only session data and uploaded files, including avatars, is stored on the cloud instance, this data is not encrypted at rest.

      We believe that the European data protection laws serves the interest of users in general and are in line with our philosophy about online digital rights.

      /Tom

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

      Please see our Privacy and Data Processing Policy
      Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
      Forum software by NodeBB