Privacy Policy

Vigilos ("we", "us", "our") operates the vigilos.co website and the Vigilos platform. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

• Account information - name, email address, and organization name provided during registration.
• Database connection credentials - encrypted at rest using AES-256 and never stored in plain text.
• Usage data - queries asked, features used, and general analytics to help us improve the product.
• Cookies & session data - used to maintain your authenticated session and remember preferences.

• Provide, operate, and improve the Vigilos platform.
• Process AI-powered queries - sent to your chosen AI provider (when using Bring Your Own Key) or through Vigilos-managed AI infrastructure.
• Send service-related communications such as security alerts and product updates.

• Vigilos runs queries directly on your database - we do not copy, move, or warehouse your data.
• Query results are processed in-memory and are not persisted beyond your active session.
• Database credentials are encrypted using AES-256 encryption at rest and transmitted over TLS.

• AI providers (BYOK) - when you bring your own API key, it is sent directly to your chosen provider (e.g., Anthropic, OpenAI, AWS Bedrock). Vigilos does not store or log your API keys beyond what is needed to proxy requests.
• Managed AI - if you use Vigilos-managed AI, queries are processed through our infrastructure. We do not use your queries to train AI models.
• Slack integration - when enabled, messages are sent and received via the Slack API. Vigilos only accesses channels where the Vigilos bot is explicitly invited.

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation:

• Right to access your personal data.
• Right to rectify inaccurate personal data.
• Right to erasure ("right to be forgotten").
• Right to data portability.
• Right to withdraw consent at any time.

To exercise any of these rights, contact us at [email protected].

Account data is retained for as long as your account is active. Upon account deletion, all personal data and stored credentials are permanently deleted within 30 days.

We use encryption at rest and in transit to protect your data. All database credentials are encrypted using AES-256. We are working toward SOC 2 Type II compliance.

We may update this Privacy Policy from time to time. For material changes, we will notify you via the email address associated with your account. Continued use of the service after changes constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy, contact us at [email protected].