Privacy Policy

Last updated: 10/6/2025

1. Introduction

Nexorium Tech Solutions LLP ("we," "our," or "us") operates VulScan, a Python security vulnerability scanning service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided via OAuth)
  • Profile picture (if provided via OAuth)

2.2 Code and Scan Data

When you use VulScan, we collect and process:

  • Source code files you upload for scanning (temporarily stored during scan only)
  • GitHub/Bitbucket repository URLs and access tokens (if provided)
  • Repository clones (temporarily stored during scan only, then deleted)
  • Requirements.txt and dependency files
  • Scan results and vulnerability reports (stored for up to 4 months)

Important: We do not permanently store your uploaded source code files or cloned repositories. These are processed in-memory or temporarily cached only during the scan process (2-5 minutes) and are automatically deleted immediately after the scan completes.

2.3 Usage Information

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Usage statistics and analytics

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain the VulScan service
  • Perform vulnerability scans and generate security reports
  • Authenticate users and manage accounts
  • Send service-related notifications
  • Improve our service and develop new features
  • Analyze usage patterns and optimize performance
  • Prevent fraud and ensure security

4. Data Storage and Security

4.1 Data Storage

Your data is stored securely using Firebase and Google Cloud Platform services. Uploaded source code files and repository clones are temporarily stored only during scan processing (typically 2-5 minutes) and are automatically deleted immediately after scan completion. Scan results, vulnerability reports, and metadata are stored for up to 4 months, after which they are automatically deleted.

4.2 Security Measures

We implement industry-standard security measures including:

  • Encrypted data transmission (SSL/TLS)
  • Secure authentication via Firebase Auth
  • Access control and authorization rules
  • Regular security audits

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

  • Service Providers: We use third-party services (Firebase, Google Cloud) to operate our platform
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

6. Your Data Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data
  • Opt-out of marketing communications

To exercise these rights, please contact us using the information below.

7. Third-Party Services

VulScan uses the following third-party services:

  • Firebase Authentication and Firestore
  • Google Cloud Functions
  • External security databases (OSV, NVD, PyPI, GitHub Advisories)

These services have their own privacy policies governing the use of your information.

8. Cookies and Tracking

We use cookies and similar tracking technologies to maintain user sessions and improve user experience. You can control cookies through your browser settings.

9. Children's Privacy

VulScan is not intended for users under 13 years of age. We do not knowingly collect information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Nexorium Tech Solutions LLP
Email: support@nexorium.io