Privacy Policy

1. Introduction

Vigil Cyber LLC ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Vigilance HQ platform and related services (the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly, including:

• Account Information: Name, email address, phone number, job title, organization name
• Support Tickets: Issue descriptions, attachments, communication history
• Project Data: Project details, tasks, notes, time entries, file attachments
• Password Vault: Encrypted credential entries (stored with zero-knowledge encryption)
• Calendar Data: Scheduled events, appointments, meeting details
• Financial Data: Billing information, invoices, procurement records (via QuickBooks integration)

2.2 Information from Third-Party Services

When you connect third-party services, we may receive:

• Microsoft 365: User directory information, calendar events, email metadata
• QuickBooks: Invoice data, payment history, customer records
• Datto RMM: Device inventory, system information, security alerts

2.3 Automatically Collected Information

We automatically collect certain information when you use the Service:

• Usage Data: Pages visited, features used, actions taken
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP addresses, access times, error logs
• Security Data: Browser extension activity, threat detection logs

3. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve the Service
• Process and respond to support tickets
• Manage projects and track time entries
• Synchronize data with connected third-party services
• Generate reports and analytics for your organization
• Detect and prevent security threats
• Send service-related communications and notifications
• Comply with legal obligations
• Enforce our terms of service

4. SMS/Text Messaging Privacy

If you opt in to SMS communications through a Vigil Cyber website form, by texting START to a Vigil Cyber number, or by otherwise providing clear written or verbal consent, we may use your mobile number and SMS consent status to send one-to-one conversational, informational, appointment scheduling, service update, security assessment follow-up, and customer support text messages.

Message frequency varies based on the conversation and your service needs. Message and data rates may apply. You can reply HELP for help or STOP to unsubscribe from a Vigil Cyber SMS conversation at any time.

Mobile information will not be shared with third parties or affiliates for marketing or promotional purposes. Mobile opt-in data will not be shared with third parties. Text messaging originator opt-in data and consent will not be shared with any third parties, except as necessary to deliver SMS messages, support our messaging service, comply with law, or protect the rights and safety of Vigil Cyber and its clients.

5. Data Sharing and Disclosure

We may share your information in the following circumstances:

• With Your Organization: Data is shared with authorized users in your organization based on permissions
• Service Providers: Third-party vendors who assist in operating our Service (hosting, analytics)
• Integrated Services: Data synchronized with third-party services you connect (Microsoft, QuickBooks)
• Legal Requirements: When required by law, subpoena, or legal process
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: For any other purpose with your explicit consent

We do not sell your personal information to third parties.

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Zero-knowledge encryption for password vault entries (Argon2id key derivation)
• Multi-factor authentication support
• Role-based access controls
• Regular security audits and monitoring
• Secure data centers with physical access controls

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide services. After account termination, we may retain certain data as required by law or for legitimate business purposes (e.g., audit trails, legal compliance). You may request deletion of your data subject to our retention obligations.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your data:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (subject to legal requirements)
• Portability: Request your data in a portable format
• Objection: Object to certain processing of your data
• Withdrawal: Withdraw consent for optional data processing

To exercise these rights, contact us at support@vigilcyber.com.

9. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies. We encourage you to review the privacy policies of:

• Microsoft (for Microsoft 365 integration)
• Intuit (for QuickBooks integration)
• Datto (for RMM integration)

We are not responsible for the privacy practices of third-party services.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We implement appropriate safeguards to ensure your data remains protected in accordance with this policy.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on the Service and updating the "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

14. California Privacy Rights

California residents may have additional rights under the California Consumer Privacy Act (CCPA). This includes the right to know what personal information we collect, request deletion, and opt-out of the sale of personal information (note: we do not sell personal information). To exercise these rights, contact us at support@vigilcyber.com.