IronVast Logo
Sign Up Login

Privacy Policy

Last updated: January 2025

Introduction

IronVast (NZBN: 9429049352788) is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and disclose personal information when you use our vulnerability scanning services at ironvast.com.

This Privacy Policy complies with the New Zealand Privacy Act 2020 and applies to all users of our Service, regardless of location.

1. Information We Collect

1.1 Personal Information You Provide

When you create an account or use our Service, we collect:

  • Account Information: Name, email address
  • Target System Information: IP addresses, hostnames, domains, and URLs you submit for scanning
  • Communication Data: Information you provide when contacting our support team

1.2 Information We Collect Automatically

When you use our Service, we automatically collect:

  • Technical Information: IP address, browser type and version, operating system, device information
  • Usage Data: Pages visited, features used, time spent on our platform, scan history
  • Log Data: Server logs, access times, error reports, and system performance data

1.3 Cookies and Similar Technologies

We use cookies and similar technologies to:

  • Enable platform functionality and remember your preferences
  • Analyze usage patterns and improve our Service
  • Provide security features and prevent fraud

You can control cookie settings through your browser, but some features may not function properly if cookies are disabled.

2. How We Use Your Information

We use your personal information for the following purposes:

2.1 Service Provision

  • Creating and managing your account
  • Performing vulnerability scans on your Target Systems
  • Generating and delivering scan reports
  • Providing customer support and technical assistance

2.2 Communication

  • Sending service-related notifications and updates
  • Responding to your inquiries and support requests
  • Providing security alerts and scan results

2.3 Service Improvement

  • Analyzing usage patterns to improve our platform
  • Developing new features and services
  • Conducting security monitoring and fraud prevention

2.4 Legal and Compliance

  • Complying with legal obligations and responding to lawful requests
  • Protecting our rights and preventing misuse of our Service
  • Enforcing our Terms and Conditions

3. Legal Basis for Processing (Privacy Act 2020 Compliance)

Under the New Zealand Privacy Act 2020, we process your personal information based on the following lawful purposes:

  • Performance of Contract: To provide the vulnerability scanning services you have requested
  • Legitimate Interests: To improve our Service, ensure security, and prevent fraud
  • Legal Obligation: To comply with applicable laws and regulations
  • Consent: Where you have explicitly consented to specific processing activities

4. Information Sharing and Disclosure

4.1 We Do Not Sell Your Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating our Service:

  • Payment Processing: Stripe (for processing subscription payments)
  • Cloud Infrastructure: International data centers for hosting and data processing
  • Analytics and Monitoring: Service providers that help us analyze usage and improve performance

These providers are contractually bound to protect your information and use it only for specified purposes.

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Valid legal processes (court orders, subpoenas)
  • Government or regulatory investigations
  • Protecting our rights, property, or safety
  • Preventing fraud or other illegal activities

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to this Privacy Policy.

5. International Data Transfers

5.1 Cross-Border Processing

Your information may be processed and stored in data centers outside New Zealand. We ensure adequate protection through:

  • Selecting service providers with strong privacy protections
  • Implementing appropriate technical and contractual safeguards
  • Ensuring compliance with New Zealand Privacy Act requirements

5.2 Adequacy Decisions

Where possible, we transfer data to countries with adequacy decisions or equivalent privacy protections.

6. Data Security

We implement comprehensive security measures to protect your personal information:

6.1 Technical Safeguards

  • Encryption: Data is encrypted in transit and at rest using industry-standard protocols
  • Access Controls: Strict access controls and authentication mechanisms
  • Network Security: Firewalls, intrusion detection, and regular security monitoring
  • Secure Infrastructure: Hosted on secure, monitored cloud infrastructure

6.2 Organizational Measures

  • Privacy Training: Regular privacy and security training for our employees
  • Data Minimization: We collect only the information necessary for our services
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Incident Response: Established procedures for responding to security incidents

6.3 Breach Notification

In the event of a data breach that poses serious harm, we will:

  • Notify the Privacy Commissioner within 72 hours where required
  • Inform affected individuals without undue delay
  • Take immediate steps to contain and remediate the breach

7. Data Retention

7.1 Retention Periods

We retain your personal information only as long as necessary:

  • Account Information: Until you delete your account, plus 30 days for account recovery
  • Scan Data and Results: 12 months after generation, unless deleted earlier
  • Usage Logs: 24 months for security and service improvement purposes
  • Support Communications: 3 years or as required by law

7.2 Deletion

After retention periods expire, we securely delete or anonymize your personal information.

8. Your Privacy Rights

Under the New Zealand Privacy Act 2020, you have the following rights:

8.1 Access

  • Request access to personal information we hold about you
  • Receive a copy of your information in a commonly used format

8.2 Correction

  • Request correction of inaccurate or incomplete personal information
  • Have outdated information updated

8.3 Deletion

  • Request deletion of your personal information in certain circumstances
  • Delete your account and associated data

8.4 Restriction

  • Request restriction of processing in specific situations
  • Object to certain types of processing

8.5 Portability

  • Request transfer of your personal information to another service provider
  • Receive your data in a structured, machine-readable format

8.6 Objection

  • Object to processing based on legitimate interests
  • Opt out of marketing communications

9. Exercising Your Rights

To exercise your privacy rights:

9.1 Contact Methods

  • Email: [email protected]
  • Subject Line: Include "Privacy Request" in your email subject
  • Required Information: Provide sufficient detail to verify your identity

9.2 Response Time

We will respond to your request within 20 business days, as required by the Privacy Act 2020.

9.3 Verification

We may request additional information to verify your identity before processing certain requests.

10. Marketing Communications

10.1 Service Communications

We may send you important service-related communications, which you cannot opt out of while using our Service.

10.2 Marketing Emails

With your consent, we may send promotional emails about new features or services. You can unsubscribe at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Contacting [email protected]
  • Updating your preferences in your account settings

11. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Third-Party Links

Our Service may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before providing any information.

13. Privacy Policy Updates

13.1 Changes

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements.

13.2 Notification

Material changes will be notified via:

  • Email notification to registered users
  • Prominent notice on our website
  • In-platform notifications

13.3 Effective Date

Updated policies take effect on the date specified. Continued use of our Service constitutes acceptance of the updated policy.

14. Complaints and Contact

14.1 Privacy Concerns

If you have concerns about our privacy practices, please contact us first:

Email: [email protected]

Address: 4/737 East Coast Road, Browns Bay, Auckland, New Zealand

NZBN: 9429049352788

14.2 Privacy Commissioner

If you're not satisfied with our response, you may lodge a complaint with the New Zealand Privacy Commissioner:

Office of the Privacy Commissioner

Website: privacy.org.nz

Phone: 0800 803 909

Email: [email protected]

15. Data Protection Officer

For complex privacy matters or data protection inquiries, you may contact our privacy team at [email protected] with "Privacy Officer" in the subject line.

This Privacy Policy is effective as of the date last updated and supersedes all prior privacy policies relating to the subject matter herein.