Privacy Policy
Summary: We run a marketing website. We use Google Analytics 4 (only after you consent) to understand which pages are useful. We do not sell your data, run advertising cookies, or share information with third parties for marketing purposes.
1. Who we are
This website (vygl.io) is operated by Vygl ("we", "us", "our"). Vygl provides an AI-powered security scanning platform for software development teams.
For all privacy-related questions or to exercise your rights, contact us at access@vygl.io.
2. What personal data we collect
On this marketing website we collect the following categories of data:
2.1 Essential / technical data
Your browser and our hosting provider automatically process limited technical data required to serve the page: IP address, user-agent string, referrer URL, and timestamps. This is standard for any website on the public internet and is used only to deliver content and protect against abuse.
2.2 Analytics data (only with your consent)
If you accept analytics cookies in the consent banner, we use Google Analytics 4 to measure aggregated traffic patterns — which pages are viewed, approximate geographic region (country/city level), device category, and session flow. IP addresses are truncated by Google before storage and we do not enable Google Signals or cross-device tracking.
If you reject analytics cookies, no GA4 cookies are set and no analytics data is collected.
2.3 Data you send us directly
If you email us (for example to request access to the product), we receive your email address and any content you choose to share. We use this only to reply to you.
3. Cookies we use
| Cookie | Purpose | Category | Expiry |
|---|---|---|---|
cc_cookie | Stores your cookie consent choices | Strictly necessary | 6 months |
_ga | Distinguishes unique visitors (Google Analytics) | Analytics (consent) | 2 years |
_ga_P8PW8CG1XT | Persists GA4 session state | Analytics (consent) | 2 years |
Most browsers let you block or delete cookies via their settings. You can also install a GA opt-out browser add-on from Google at tools.google.com/dlpage/gaoptout.
4. Legal basis for processing (GDPR)
- Consent (Art. 6(1)(a) GDPR): analytics cookies and related processing.
- Legitimate interest (Art. 6(1)(f) GDPR): essential site operation, security, and abuse prevention.
- Contract / pre-contractual steps (Art. 6(1)(b) GDPR): replying to your inquiries and onboarding requests.
5. How long we keep data
- GA4 analytics events: up to 14 months (we use the shortest GA4 retention option).
- Server / access logs: up to 90 days, then deleted or aggregated.
- Email correspondence: for as long as needed to handle your request and satisfy legal record-keeping obligations.
6. Who we share data with
We use a small number of service providers ("processors") to run the site:
- Google LLC — Google Analytics 4 and Google Tag Manager (analytics and tag delivery).
- Our hosting / CDN provider — serves the static website and protects against attacks.
We do not sell personal data, share it with advertisers, or use it for cross-context behavioural advertising.
7. International data transfers
Our service providers (including Google) may process data in the United States or other countries. Where personal data of EEA, UK, or Swiss residents is transferred, transfers rely on the European Commission's Standard Contractual Clauses and additional safeguards required by applicable data protection law.
8. Your rights
Depending on where you live, you may have the right to:
- access the personal data we hold about you;
- correct inaccurate data;
- delete your data ("right to be forgotten");
- restrict or object to processing;
- withdraw consent at any time (does not affect past lawful processing);
- data portability;
- lodge a complaint with your data protection authority.
California residents have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as defined by the CCPA.
To exercise any right, email access@vygl.io. We will respond within the timeframe required by applicable law (typically 30 days).
9. Children
This site is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us and we will delete it.
10. Security
We apply reasonable technical and organisational measures to protect personal data, including transport encryption (HTTPS), access controls, and the principle of data minimisation — collecting only what we need, for as long as we need it.
11. Changes to this policy
We may update this policy from time to time. Material changes will be announced on this page with a new "Last updated" date. Continued use of the site after changes means you accept the updated policy.
12. Contact
Questions, requests, or complaints? Reach us at access@vygl.io.
← Back to home