Privacy Policy

Last Updated: January 1, 2025

1. Introduction

Veximbo ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud security platform and services.

By using our Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

We collect several types of information to provide and improve our Service:

2.1 Personal Information

  • Name and contact information (email, phone number)
  • Company name and job title
  • Billing and payment information
  • Account credentials

2.2 Cloud Environment Data

  • Cloud infrastructure configurations
  • Asset inventory and metadata
  • Security findings and vulnerabilities
  • Compliance status and audit logs
  • IAM policies and permissions

2.3 Usage Information

  • Log data and access times
  • IP addresses and device information
  • Browser type and version
  • Pages visited and features used
  • Performance and diagnostic data

2.4 Cookies and Tracking Technologies

  • Session cookies for authentication
  • Analytics cookies to understand usage patterns
  • Preference cookies to remember your settings

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our cloud security platform
  • Security Analysis: To analyze your cloud environment and identify security risks
  • Compliance Reporting: To generate compliance reports and audit documentation
  • Communication: To send you service updates, security alerts, and support messages
  • Billing: To process payments and maintain billing records
  • Analytics: To understand how users interact with our Service
  • Legal Compliance: To comply with applicable laws and regulations

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist in operating our Service
  • Cloud Providers: With your cloud providers (AWS, Azure, GCP, OCI) as necessary to deliver our Service
  • Legal Requirements: When required by law or to protect our legal rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share your information

5. Data Security

We implement industry-standard security measures to protect your information:

  • End-to-end encryption for data in transit (TLS 1.3)
  • AES-256 encryption for data at rest
  • Multi-factor authentication (MFA) for account access
  • Regular security audits and penetration testing
  • Access controls and role-based permissions
  • 24/7 security monitoring and incident response

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain business records

When you terminate your account, we will delete or anonymize your personal information within 90 days, unless we are required to retain it for legal purposes.

7. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Opt-Out: Unsubscribe from marketing communications
  • Restrict Processing: Request limitation on how we process your information

To exercise these rights, please contact us using the information provided at the end of this policy.

8. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience. You can control cookie preferences through your browser settings:

  • Essential Cookies: Required for the Service to function properly
  • Analytics Cookies: Help us understand how you use our Service
  • Preference Cookies: Remember your settings and preferences

Note that disabling certain cookies may affect the functionality of our Service.

9. Third-Party Services

Our Service may integrate with third-party services and cloud providers. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies:

  • Amazon Web Services (AWS)
  • Microsoft Azure
  • Google Cloud Platform (GCP)
  • Oracle Cloud Infrastructure (OCI)

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards, including:

  • Standard contractual clauses
  • Data processing agreements
  • Adequacy decisions by relevant authorities

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete such information promptly.

12. Data Breach Notification

In the event of a data breach that may compromise your personal information, we will:

  • Notify affected users within 72 hours of discovery
  • Provide details about the nature of the breach
  • Describe the measures taken to address the breach
  • Offer guidance on protective steps you can take

13. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information
  • Right to request deletion of personal information
  • Right to non-discrimination for exercising your rights

14. GDPR Compliance

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). We process your data based on:

  • Consent for marketing communications
  • Contractual necessity to provide our Service
  • Legitimate interests in improving our Service
  • Legal obligations to comply with laws

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification to your registered email address

We encourage you to review this Privacy Policy periodically for any updates.

16. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

  • Phone: +639777750089
  • Address: Penda Queen, Zone 11 Bry. Basketball Court, Silang, Cavite, Philippines

We will respond to your request within 30 days.