Privacy Policy

We may collect and process the following types of personal data (“Personal Data”):

• Identification and Contact Data: When an account is created for you or when you contact us, we collect identifiers such as your name and surname, email address, and optionally your company/organization name, as well as any information you choose to provide in communications (for example, information included in a support request or an account application email).
• Technical Usage Data: When you use our website or Services, our systems automatically log certain information such as your IP address, device host or name, browser type and user agent string, operating system details, device identifiers, the pages or features of our site that you use and timestamps of your activities. We also collect information through cookies and similar technologies as described in the Cookies section below.
• Service Data: If you utilize our security testing Services (for example, by running vulnerability scans), we may process data about the targets you scan (such as domain names or IP addresses of systems being tested) and the results of those scans. This data may include technical information about system vulnerabilities or misconfigurations. We treat such scan data as confidential and do not attribute it to any individual person or make it public.
• Sensitive Data: We do not intentionally collect any sensitive personal data such as information on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric identifiers, health information or sexual orientation. You should not provide such sensitive data to us. In the event you inadvertently or voluntarily submit sensitive personal information through our Services or communication channels, we will delete it immediately upon discovery, as we do not process such data.

We may collect and process the following types of personal data (“Personal Data”):

• Directly from You: You provide Personal Data to us through your direct interactions. For example, this occurs when you register for an account (accounts on Securelic are provisioned through our internal process, but you may still provide information, such as by filling out a form or sending an email with your details), when you voluntarily submit information through contact forms or our support chat or when you send us email inquiries. You also provide information if you subscribe to our newsletter or request marketing communications (we will collect your contact details and record your consent in such cases).
• Automatically from Your Use of Services: When you visit our website or use the Services, we automatically collect Technical Usage Data via cookies, server logs and similar technologies. This includes the information listed in the Technical Usage Data section above (IP address, device and browser details, usage logs, etc.). Such data is collected to understand how our Services are used, to recognize you and remember your preferences and to secure our platform. For example, like many online services, our servers may record log data when you interact with Securelic and our site may deploy analytics scripts to gather usage statistics.
• From Third Parties: On occasion, we may receive certain data about you from third party sources. For example, if you encounter a technical issue while using Securelic, we might receive diagnostic or error information from third party analytics or error reporting services to help resolve the problem. We might also obtain basic contact or background information from publicly available databases or social media (for instance, to verify an applicant’s identity or for fraud prevention) but only where those third parties have a lawful basis to share your data with us. In all such cases, any third party data is handled with the same care as data you provide directly and always in accordance with this Policy and applicable law.

We may collect and process the following types of personal data (“Personal Data”):

• To Provide and Operate the Services: We process your data to create and manage your user account, authenticate your login and provide you with the features of our cybersecurity platform (such as running authorized security scans and delivering results to you). This includes using your data to communicate with you about your use of the Services, to respond to your inquiries and support requests and to send you important notices or alerts related to your account or scans.
• To Improve and Personalize the Service: We analyze usage data and user feedback to understand how our Services are utilized and to make improvements. Your data helps us troubleshoot issues, monitor performance and enhance user experience for internal purposes. For instance, we may use aggregated usage logs to identify interface improvements or to ensure the stability and security of our platform.
• To Send News and Updates (Marketing Communications): If you have subscribed or explicitly consented, we may use your contact information (e.g. your email address) to send newsletters, product updates, security alerts or promotional communications about Securelic’s services. You are free to unsubscribe from such marketing emails at any time and we will not send you unsolicited marketing messages without your consent. (For clarity, we will never sell your personal data to third parties for marketing or any other purposes.)
• To Ensure Security and Prevent Misuse: We use logs and other data (such as IP addresses and user activity) to monitor for suspicious or unauthorized activities on our platform. This is essential for fraud detection, abuse prevention, enforcing our Acceptable Use policies and protecting the integrity of our Service and other users. For example, we may analyze logins or scan behavior to detect possible misuse of the platform.
• To Comply with Legal Obligations: Where required, we may process and retain your data to fulfill our legal obligations under applicable laws (for example, maintaining transaction records for accounting purposes or complying with specific data retention laws). If we receive a lawful subpoena or court order, we may disclose certain data to law enforcement or regulatory authorities. Unless prohibited by law, we will make a reasonable effort to notify you of such requests so that you are aware of any data disclosure.
• With Your Consent, For Other Purposes: If we ever need to use your personal information for a purpose not covered above, we will explain the purpose to you at the time and, if required by law, request your consent. For instance, if we were to launch a new feature that requires collecting new types of data, we would seek your approval before processing that data.
• We may send you service related communications such as security notifications, scan status updates and account related messages. Where required by law, we will obtain your consent before sending marketing or promotional emails. You may opt out of marketing communications at any time.

We use cookies and similar technologies (such as local storage, pixels and tags) to operate and secure Securelic, and only if you choose to analyze usage and measure marketing performance.

• Strictly Necessary (Always On): Required for authentication and session management, security protections and core functionality. These technologies cannot be switched off in our preference center because the service cannot operate securely without them. If you block them in your browser, some features (including login/session functionality) may not work properly.
• Analytics (Optional): If you consent, we use Google Analytics to understand how visitors use our website (e.g., pages visited, device/browser information and aggregated usage patterns) to improve performance and user experience.
• Marketing Measurement (Optional): If you consent, we use the Pinterest Tag to measure marketing performance (for example, whether a visit or action occurred after viewing/clicking a Pinterest ad). Depending on your settings and Pinterest’s functionality, this may involve cookies or similar identifiers.

We request your consent before using optional Analytics or Marketing Measurement technologies. You can accept all, reject all optional technologies or use strictly necessary technologies only. You can change or withdraw your consent at any time via Cookie Settings.

You can also control cookies through your browser settings. If you block or delete strictly necessary cookies, parts of Securelic may not work correctly.

We treat your Personal Data as confidential and do not share it with third parties except in the following circumstances and always in accordance with this Policy and applicable law:

• Service Providers: We use trusted third party service providers to help us operate and deliver our Services (as is common for many SaaS platforms). These include, for example: cloud hosting and infrastructure providers (for secure data storage and computing power), email delivery services (to send verification emails, notifications or newsletters), customer support and ticketing platforms, and analytics tools (to help us understand service usage). We share only the minimum necessary personal data with such providers and each provider is bound by contractual obligations to process data securely and only for our specified purposes. Where required by law, we have Data Processing Agreements (DPAs) in place with these providers to ensure your data is handled in compliance with GDPR and other relevant regulations.
• Affiliates and Corporate Transactions: We may disclose data to our affiliate companies (entities under common ownership or control with Velorqa) if needed to operate the Service or to coordinate customer support. In the event of a merger, acquisition, reorganization or sale of all or part of our business or assets, personal data relevant to that transaction may be transferred to the successor or acquiring entity. In such cases, we will ensure the recipient of the data agrees to protect personal data in a manner consistent with this Policy and applicable privacy laws (for example, by adhering to similar confidentiality and security commitments).
• Legal Compliance and Protection: We may disclose your information if we are required to do so by law or if we have a good faith belief that such action is necessary to (i) comply with a legal obligation (such as a court order or subpoena); (ii) protect and defend the rights, property or safety of our company, our users or the public; or (iii) investigate and defend against legal claims or allegations. If law enforcement or regulatory authorities request user data, we will verify that the request is lawful (and fight it if we believe it’s not) and only then comply, limiting the disclosure to what is legally necessary. When permitted by law, we will notify you of such requests so you are aware of any exposure of your data.
• With Your Consent: Apart from the scenarios above, we will share your personal data with third parties only with your explicit consent. For example, if you choose to integrate Securelic with a third party tool or service and that integration requires us to share some of your data with the third party, we will do so only with your authorization and after informing you what data will be shared and why.

International Data Transfers: Securelic is a global service. The personal data we collect may be stored or processed in the United Kingdom, the European Economic Area (EEA), the United States or other countries where we or our service providers operate facilities. When transferring data internationally, we take steps to ensure an adequate level of protection for your information. For example, if you are located in the EEA or UK and your data is transferred outside of your region, we will ensure appropriate safeguards are in place, such as using the European Commission’s Standard Contractual Clauses for data transfers or transferring data only to jurisdictions that have been officially deemed to provide an adequate level of data protection, in compliance with Articles 44–49 of the GDPR. Our goal is to ensure your data is protected no matter where it is processed. Importantly, we do not sell or rent your personal information to any third party for their own use. Any third party processing of user data is solely to assist in providing the Securelic Services under strict privacy and security controls.

We take the security of your personal data very seriously. As a cybersecurity focused company, we maintain a formal security program designed to protect your information from unauthorized access, alteration, disclosure or destruction. Our security measures include:

• Encryption: All personal data is encrypted in transit (using TLS/SSL for network connections) and at rest in our databases or storage systems. This means that your data is protected both when it’s being transmitted between your device and our servers and when it is stored on our servers or cloud infrastructure.
• Access Controls: We restrict access to personal data on a strict need to know basis. Our employees, contractors and service providers only access your data to the extent necessary to perform their duties or to provide the Services to you. We employ measures like access control lists, role based access restrictions, authentication safeguards and network firewall rules configured to grant the minimal permissions needed for any personnel or system to fulfill its function.
• Monitoring and Testing: We continuously monitor our systems for potential security vulnerabilities and suspicious activities. Regular security assessments, vulnerability scans and penetration tests are conducted on our infrastructure and software. Important security patches and updates are applied as soon as possible to mitigate emerging threats. Our infrastructure and internal practices align with industry best practices and frameworks (for example, we follow principles consistent with SOC 2 controls for security).
• Organizational Policies & Training: Our staff are trained in data protection and security best practices and are bound by confidentiality obligations. We have internal policies in place to ensure that personal data is handled safely and consistently. For example, emails sent from our system are DKIM signed to prevent spoofing or tampering. We also mandate security and privacy training for our team and restrict internal access to data.
• Incident Response: In the unlikely event of a data breach or security incident affecting your personal data, we have an incident response plan ready to execute. We will notify affected users and the appropriate authorities as required by law and we will take all necessary steps to contain and mitigate the incident and prevent future occurrences.

While we strive to protect your information, please note that no method of transmission over the Internet or electronic storage is 100% secure. Nonetheless, we continuously update and improve our security measures to meet or exceed industry standards and legal requirements for safeguarding personal data. In summary, we use a combination of technical, administrative and physical controls to protect your data and we regularly review these measures to address new security challenges.

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:

• Account Information: We keep your account registration information (such as name, email, company/organization) for as long as your account remains active on Securelic. If your account is deleted or you request deletion of your data, we will erase or anonymize the personal data associated with your account, except for any information we are required to keep for legal or regulatory reasons. (For example, we may retain data on past transactions if needed for tax or compliance audits.)
• Usage Logs: We retain server logs and other technical usage data (including IP addresses and other technical log data) for up to one (1) year from the date of collection, after which time they are securely deleted or anonymized. We have determined that a one year log retention period is useful for security analysis, auditing and troubleshooting, while still limiting retention to a reasonable timeframe.
• Communications: If you contact us (for example, via support emails or messages), we may retain those communications as long as necessary to address your inquiry and for our internal reference, typically no more than one year, unless a longer period is required for legal purposes (for instance, to have a record of a dispute or to comply with audit requirements).
• Transaction Records: If any payments or financial transactions occur (for instance, if in the future you purchase a paid plan or service through Securelic), we may retain billing records, invoices and related transaction information as required for financial reporting and compliance (e.g. under tax laws). Usually such financial records are kept for the duration mandated by law, which in some jurisdictions can be 6–7 years or more for accounting records.

After the applicable retention period ends or upon your valid deletion request, we will either delete your personal data or anonymize it (so that it can no longer be associated with you), unless we are legally required to keep it longer. Even after we delete or anonymize data from our active systems, please note that it may persist for a short period in backup archives (which are securely stored) until those backups are overwritten or deleted as part of our backup retention cycle.

We want you to be fully aware of your rights regarding your personal data. Subject to applicable law (such as the GDPR for EU/UK users), you have the following rights with respect to the personal data we hold about you:

• Right of Access: You have the right to request confirmation of whether we are processing your personal data and if so, to request a copy of the data we hold about you. Upon request, we will provide you with a copy of your personal information in a commonly used electronic format. This will typically be free of charge, although a reasonable fee may be applied for repetitive or excessive requests in some cases.
• Right of Rectification: You have the right to request that we correct or update any of your personal information that you believe is inaccurate or incomplete. We encourage you to keep your account information up to date; we will promptly make corrections to any inaccuracies once we have verified the updated information.
• Right to Erasure: You have the right to request that we delete your personal data under certain conditions. This right (also known as the “right to be forgotten”) allows you to ask us to erase personal data if, for example, it is no longer needed for the purposes for which it was collected or if you have withdrawn consent (where our processing was based on your consent) or if you object to the processing (see the right to object below) and we have no overriding legitimate grounds to continue or if deletion is required to comply with a legal obligation. Please note that this right is not absolute – sometimes we may need to retain certain information for legal compliance or our legitimate interests (as explained above in the Data Retention section).
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions. For example, you can request a temporary halt on processing if you contest the accuracy of your data or have objected to our processing (pending verification or resolution of those issues). While processing is restricted, we can still store your data but will not use it further until the restriction is lifted.
• Right to Object: You have the right to object to our processing of your personal data in certain situations. For instance, you can object at any time to the processing of your data for direct marketing purposes (and if you do so, we will honor that and stop such processing). You may also object when we are processing your data based on legitimate interests, if you believe our processing has a disproportionate impact on your rights. If you lodge an objection, we will stop processing the personal data in question unless we can demonstrate compelling legitimate grounds for the processing that override your rights or unless the processing is needed for legal claims.
• Right to Data Portability: You have the right to request that we transfer the personal data you have provided to us to another organization or directly to you, in a structured, commonly used, machine readable format, where technically feasible. This right applies when the processing is based on your consent or on a contract with you and the processing is carried out by automated means. We will assist with data portability requests to the extent required by law.
• Right to Withdraw Consent: Where we rely on your consent to process your personal information (for example, if you explicitly consent to receive our newsletter or to partake in certain optional data collection), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal and it will not affect processing of your data under other legal bases (for instance, processing that is necessary for performing a contract or that is mandated by law). If you withdraw consent for marketing emails or other optional communications, we will cease those communications.
• Right to Be Informed: You have the right to be informed about the collection and use of your personal data. We strive to provide this information through this Privacy Policy and any just in time notices that may be presented when you use certain features (for example, a prompt informing you about a new data use). If you have any questions about how we handle your data or why we need certain information, please contact us and we will gladly explain.

Exercising Your Rights: You can exercise any of these rights by contacting us using the contact details in the Contact Us section below. For security reasons, we may need to verify your identity before fulfilling certain requests (for example, we might ask you to confirm some information associated with your account to ensure the request is legitimate). We will respond to your request as soon as possible and at least within one month, as required by GDPR in most cases (this timeframe may be extended by an additional two months for particularly complex requests, but we will inform you if an extension is needed). There is no fee for making a request. However, if a request is manifestly unfounded or excessive (for example, extremely repetitive requests), we may charge a reasonable fee or refuse to act on it, as permitted by law.

Additionally, if you believe our processing of your personal data violates any applicable data protection law, you have the right to lodge a complaint with a supervisory authority. For EU users, this is typically the Data Protection Authority in your country of residence (or where the alleged violation occurred); for UK users, it is the Information Commissioner’s Office (ICO); and for users in other jurisdictions, you can contact your local privacy or data protection regulator. Of course, we would appreciate the chance to address your concerns directly before you approach a regulator – so we encourage you to contact us first with any complaint and we will do our best to resolve the issue to your satisfaction.

Our website may contain links to external websites or services that are not operated by us (for example, links to partner tools, security resources or community forums). Please note that this Privacy Policy applies only to data collected by Securelic and our Company and not to any third party websites or services. If you click on a third party link and leave our site, any personal data you provide on those external sites is governed by the third parties’ own privacy policies, which may differ from ours. We encourage you to review the privacy policies of any external sites you visit. Securelic is not responsible for the content, security or privacy practices of any third party websites or services.

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or for other operational reasons. When we make changes, we will post the updated Policy on this page and update the "Last Updated" date at the top of the Policy. If the changes are significant, we may also notify you via email or provide a prominent notice on our website. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

This Privacy Policy is effective as of the date indicated above. Your continued use of our Services after any changes to the Policy will signify your acceptance of the updated terms.

Securelic does not sell or rent personal data. We may share limited data with trusted service providers (such as analytics and marketing measurement providers) only as necessary to operate and improve the Services and in accordance with this Privacy Policy or where required by law.

This service is not intended for individuals under the age of 18. By accessing or using Securelic, you confirm that you are at least 18 years old or have the legal capacity to enter into a binding agreement.

Securelic may cooperate with law enforcement agencies, judicial authorities or other competent public authorities when required by law, court order or to protect legal rights, security and public safety.

If you have any questions, concerns or requests regarding this Privacy Policy or how we handle your personal data, please contact us using the details below. We are committed to resolving any issues and ensuring that your privacy is protected.

• Email:[email protected] (for privacy inquiries or to exercise your data rights)
• Postal Address: Velorqa Software Ltd (Securelic) – Suite 10170, 5 Brayford Square, London, United Kingdom, E1 0SG. Company Number 16849575

You may also reach out to us through the support channels listed on the Securelic website for general inquiries. Our company (Velorqa Software Ltd) is registered in the United Kingdom and we are subject to the oversight of the UK Information Commissioner’s Office (ICO) and other applicable data protection authorities. We welcome feedback from our users and will strive to promptly address any concerns.