Privacy Policy

Last updated: April 5, 2026

1. Information We Collect

We collect information you provide when creating an account (email address, display name), scan targets you configure, and vulnerability data discovered during scans. We also collect usage data such as login times, IP addresses, and feature usage for security and analytics purposes.

2. How We Use Your Information

We use your information to:

• Provide and maintain the vulnerability management service
• Send scan results, alerts, and notifications you've configured
• Improve our scanning engines and platform features
• Ensure platform security and prevent abuse

3. Data Storage & Security

All data is stored in encrypted PostgreSQL databases. Sensitive fields (API tokens, credentials) are encrypted at rest using AES-256-GCM. All connections use TLS 1.2+. We maintain immutable audit logs of all access and modifications.

4. Multi-Tenancy & Isolation

Each customer's data is isolated at the database level using row-level tenant filtering. No customer can access another customer's scan results, vulnerability data, or configuration.

5. Data Retention

Data is retained according to your tenant's configured retention policy. You can configure automatic deletion of scan results and resolved vulnerabilities after a specified number of days. When no retention policy is set, data is retained indefinitely.

6. Your Rights (GDPR)

You have the right to:

• Access — Export all your data at any time via the platform
• Rectification — Update your profile information
• Erasure — Request complete account and data deletion
• Portability — Export data in machine-readable JSON format

7. Cookies

We use essential cookies for authentication and session management only. We do not use tracking cookies, advertising cookies, or third-party analytics that track individual users.

8. Contact

For privacy-related inquiries, contact us at privacy@continia.com.