Privacy Policy

Effective: 30 April 2026  |  Last updated: 30 April 2026

VECTOR AI Security Suite ("VECTOR", "we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at vectorsec.net.

This policy complies with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Nigeria Data Protection Regulation (NDPR).

1. Data Controller

VECTOR AI Security Suite is operated by Abdulqadir Akinsola, sole proprietor, based in Abuja, Federal Capital Territory, Nigeria. Contact: info@vectorsec.net

2. Information We Collect

2.1 Account Information

• Email address (required, used as your login identifier)
• Display name (optional, for personalization)
• Password (hashed using bcrypt with cost factor 12)

2.2 Usage Data

• Number of reports generated per calendar month
• Plan tier (Free, Pro, Team)
• Last login timestamp
• Account creation date

2.3 Pentest Findings

The findings text you submit for report generation is sent to Anthropic Claude API for processing. VECTOR does not retain copies of your findings on our servers after report generation completes. Generated reports are saved only in your browser's local storage.

2.4 Payment Data

Payment information is handled entirely by Polar.sh (our Merchant of Record) and Stripe. We never see, store, or have access to your credit card details.

2.5 Technical Data

We automatically collect IP address, browser type, and access timestamps for security and fraud prevention. Retained for 30 days unless required for an active security investigation.

3. How We Use Your Information

Purpose	Legal Basis (GDPR)
Provide and maintain your account	Contractual necessity
Process subscription payments	Contractual necessity
Send transactional emails	Contractual necessity
Generate AI-powered security reports	Contractual necessity
Enforce plan limits and prevent abuse	Legitimate interest
Detect and prevent fraud or security threats	Legitimate interest
Comply with legal obligations (tax, regulatory)	Legal obligation

4. Third-Party Service Providers

Provider	Purpose	Data Shared
Anthropic, PBC	AI report generation	Pentest findings (transient)
Polar Software Inc.	Subscription billing, VAT compliance	Email, name, subscription status
Stripe, Inc.	Payment processing (via Polar)	Payment card data
Resend Inc.	Transactional email delivery	Email, name
Hetzner Online GmbH	Server hosting (Germany, EU)	All account data at rest

5. Data Storage and Security

5.1 Where Your Data Is Stored

VECTOR's primary servers are hosted by Hetzner Online GmbH in Nuremberg, Germany - within the European Union. Hetzner is ISO 27001 certified.

5.2 Security Measures

• Encryption in transit: All traffic uses TLS 1.2+ (HTTPS)
• Password security: bcrypt cost-12 hashing
• Authentication: JWT tokens with 7-day expiration
• Network: Firewall restricts access; only ports 22, 80, 443 are open
• Backups: Daily automated server snapshots

5.3 Data Retention

Account data is retained while your account is active. Upon account deletion, all your data is permanently removed within 30 days, except where retention is required by law.

6. Your Rights

• Access: Request a copy of your data via My Profile or by emailing info@vectorsec.net
• Rectification: Update via My Profile
• Erasure: Delete account via My Profile > Danger Zone
• Portability: Request data export
• Restriction: Limit processing
• Objection: Object to processing based on legitimate interest
• Lodge a complaint: With NDPC (Nigeria) or your EU data protection authority

Email info@vectorsec.net. We respond within 30 days.

7. International Data Transfers

• Servers in Germany (EU) - covered by GDPR
• Anthropic API calls processed in the United States - protected by Standard Contractual Clauses
• Polar.sh and Stripe in the United States - protected by Data Privacy Framework or SCCs

8. Cookies and Tracking

• Authentication cookie (JWT token, essential, 7 days)
• localStorage for saved reports, client profiles, finding library (your browser only)

We do not use third-party advertising cookies or behavioural tracking.

9. Children's Privacy

VECTOR is not intended for users under 18.

10. Data Breach Notification

We will notify affected users within 72 hours of any breach affecting personal data, per GDPR Article 33.

11. Changes to This Policy

Material changes communicated via email at least 30 days before taking effect.

12. Contact Us

• General & Privacy: info@vectorsec.net
• Founder: abdulkadir.akinsola@vectorsec.net