Data Processing Policy



  • Re: Tech Preview

    First of all, thanks for your initiative!

    What I am missing from the Data Processing Policy, is the information on what kind of data will be gathered and transmitted by the VulnDetect client.

    Will it send a list of my software, versions, install paths etc. to your server? In terms of IT security that could be very valuable information.
    Or is it the other way around, information about the client remains at the client, and the information about vulnerabilities is downloaded to my machine to match with my software?

    I would be happy to read from you about this.


  • Community Moderator

    @Ascendor
    If you want you can vote for the feature Exclude specific drives/folders from scan
    Simply open the topic (using the link above) and click on the ^ arrow in the first posting.


  • VulnDetect Team Member

    Hi Ascendor,

    Did you read this, we do link to this during installation:
    https://secteer.com/privacy-policy-personal-carma/

    SecTeer will collect the following information for CARMA consumer accounts:

    Name (optional)
    Email / Username (mandatory)
    Password (mandatory)
    Other personal information is not required to use the product, but you may be encouraged to supply this
    IP addresses used to log in and submit data

    The SecTeer CARMA products will collect the following information from your PC or device:

    Program file names (NOT data files)
    Meta data of program files, including, but not limited to size, version information, date, hashes, digital signatures, and other header / meta information
    Directory structure i.e location of program files
    Registry information related to installed software
    Hostname or other unique identifier, to ensure correct correlation in reporting

    Unfortunately, we do not offer a way around this nor do we have any plans to offer a different way of detected this and providing the results.

    If you are concerned about this, then you can achieve a bit more anonymity, by registering using an alternative email address and perhaps send your data via a VPN (we do not support a proxy yet, but that may be implemented at a later stage).

    And, soon, we will start anonymizing the data further i.e. by using placeholders for usernames in e.g. "c:\Users<yourusername>". However, this has NOT been implemented yet.

    We've also planned another feature, which will allow you to exclude certain folders or drives.