Menu

    Privacy Policy

    7 July 2025

    This notice explains how we (VioletBeacon Limited and our affiliates) collect, use, and disclose personal information. VioletBeacon is a provider of software-as-a-service that helps developers find and fix vulnerabilities and other issues relating to their software projects. We collect personal information when you interact with our website or use our products and services (together the “Platform”). Please read it carefully.

    As used in this notice "personal information" means information that relates to, describes or could be used to identify an individual. It does not include anonymous or de-identified data that does not identify an individual or cannot reasonably be linked to an individual.

    Here is a brief summary of the information contained in this notice:

    • What personal information do we collect? We collect identifiers, customer records, commercial information, and internet or network activity.
    • How do we use personal information? We use personal information to operate our business, including fulfilling contract obligations, personalizing user experiences, communicating with users, and administering the Platform.
    • How long do we retain personal information? We keep personal information for as long as reasonably necessary to fulfill the purposes for which we collected, including satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for longer in the event of a complaint or a potential dispute regarding our relationship with you.
    • Do you sell my personal information? No. We do not share or sell your personal information.

    If you want to find out more information, you can jump to a specific section by clicking the links below:

    Why does VioletBeacon need my personal information?

    How does VioletBeacon get my personal information?

    What personal information does VioletBeacon collect?

    How does VioletBeacon handle source code or other customer confidential information?

    Who are the intended recipients of the personal data?

    Who will be collecting and storing the personal data?

    What law authorises the collection of your personal data?

    Is collection of your personal data mandatory?

    What will be the consequences if my personal data is not provided?

    How does VioletBeacon collect the information?

    How does VioletBeacon store your personal data?

    How can you access the personal information that VioletBeacon collects?

    How can you correct the personal information that VioletBeacon has about you?

    How is the accuracy of the personal information checked by VioletBeacon before use?

    How long does VioletBeacon keep your personal information?

    How is consent managed for your personal data?

    Who does VioletBeacon disclose your personal information to?

    How is your personal information handled outside of New Zealand?

    How are unique identifiers handled by VioletBeacon?

    Will VioletBeacon change this policy?

    Who can I contact with questions or concerns?

    Why does VioletBeacon need my personal information?

    We need your personal information to do the following:

    • Carrying out contracts entered into between you and us.
    • Providing you with the information, products and services you request from us.
    • Providing customer service and support.
    • Contacting you about your account or changes to our products and services.
    • Administering and improving our products and services, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
    • Informing you about other products and services we offer that are similar to those that you have already purchased or enquired about.
    • Delivering content and services information relevant to you including newsletters, industry updates, marketing communications and advertising.
    • Personalizing your experience.
    • Keeping our products and services secure.

    How does VioletBeacon get my personal information?

    We collect the personal data directly from you, or from the devices you use to interact with VioletBeacon's systems. If you use a third-party authentication system, we collect authentication information about you from the identity provider. Additionally, if you use VioletBeacon while working with one of our customers or Channel Partners, we may receive your information from them so we can configure your account.

    What personal information does VioletBeacon collect?

    The personal information that we collect are:

    • Identifiers. This includes information such as your name, username, phone number and address. If you use a third-party authentication tool, we may receive your username and email addresses associated with that service.
    • Customer Records. This also includes information such as your name, contact information, source code, and credentials.
    • Commercial Information. This includes details such as which of our products or services you use.
    • Internet or Network Activity. This includes information such as your IP address, browser type, operating system, activity on our website, and activity in the VioletBeacon systems. This includes, but is not limited to, logging in, logging out, viewing pages, changing data, and administering your account.

    VioletBeacon is not intended for minors so we do not knowingly collect information from or about minors. If we discover that we collected information on a minor, we will promptly take corrective action. If you believe we have collected such information, please contact us at privacy@vltbcn.com.

    How does VioletBeacon handle source code or other customer confidential information?

    Source code, Software Bill of Materials (SBOM), dependency lists, credentials, domain names, IP addresses, and other customer confidential information is treated as personal information ("Customer Records"), and are handled in accordance with this document.

    Who are the intended recipients of the personal data?

    VioletBeacon and our payment processor are the only recipients of your personal data.

    Who will be collecting and storing the personal data?

    VioletBeacon will be collecting and holding your personal data. Our address is:
    Flat 1, 30 Avondale Road
    Avondale, Auckland 1026
    New Zealand

    What law authorises the collection of your personal data?

    The New Zealand Privacy Act 2020 authorises the collection of this data.

    Is collection of your personal data mandatory?

    Your name, email address, address, phone number, and device identifiers are optional to use the VioletBeacon website (). Your IP address and actions you take on our website are automatically collected by VioletBeacon and their collection is mandatory.

    Your email address is mandatory to log into VioletBeacon. Your name, address and phone number are mandatory to create a paid VioletBeacon account. Your IP address, device identifiers, and the actions you take on our systems are when those events occur are automatically collected by VioletBeacon and their collection cannot be opted-out.

    What will be the consequences if my personal data is not provided?

    You can use the VioletBeacon website unimpeded if you non-mandatory personal data is not provided. The VioletBeacon system cannot be used unless the personal data listed is provided to us.

    How does VioletBeacon collect the information?

    Your name, email address, address, and phone number are collected directly from you when you sign up for a VioletBeacon account. Your IP address and device identifiers are collected from the devices that you use to interact with VioletBeacon, and they are sent automatically by your web browser or client software. The actions you take on our systems and when those events occur are collected internally by our systems when an action is detected.

    How does VioletBeacon store your personal data?

    Your personal data is stored on our dedicated infrastructure, is encrypted-at-rest using AES-128 or stronger, and is encrypted in transit using HTTPS or TLS with "High" encryption cipher suites. When the data is online, your personal data is stored in databases with strict firewalls and access controls, and the data is accessible only to personnel who have permissions to access your personal data. Our servers are located in New Zealand, Germany, Finland and Singapore.

    How can you access the personal information that VioletBeacon collects?

    Your name, email address, address and phone number can be accessed at https://accounts.vltbcn.com/profile.

    You IP address, device identifiers, actions you take on our systems can be accessed by requesting your access logs at https://accounts.vltbcn.com/logs

    How can you correct the personal information that VioletBeacon has about you?

    Your name, email address, address and phone number can be corrected at https://accounts.vltbcn.com/profile.

    You IP address, device identifiers, actions you take on our systems cannot be corrected since they are stored in a read-only data store. If this data is incorrect, please notify support@vltbcn.com so that we can investigate the issue.

    How is the accuracy of the personal information checked by VioletBeacon before use?

    Since we collect your name, email address, address and phone number directly from you, we assume that they are correct. IP addresses are received in the network protocols, so we trust that they are correct. Device identifiers are validated for correct format and that the data in them is correct for their intended use. The actions that you take on our systems and when those events occur are captured internally, so they are inherently trusted.

    How long does VioletBeacon keep your personal information?

    VioletBeacon does not keep your information longer than necessary to fulfill the purposes for which we have collected your personal information, including satisfying any legal, regulatory, tax, accounting or reporting requirements. In nearly all cases, we delete your personal information when your account is deleted. Backups and system logs may contain your personal information until those backups and logs are disposed, which may take up to 2 years. In the event of suspected malicious activity, your personal data may be archived as part of the investigation, and the archive may be retained indefinitely if needed for legal action. Additionally, we may retain your personal information in the event of a complaint or a potential dispute regarding our relationship with you.

    How is consent managed for your personal data?

    VioletBeacon will only use your personal data in the way that you have consented to it being used. We will not use it for any other purpose without first getting your explicit consent.

    Who does VioletBeacon disclose your personal information to?

    VioletBeacon only discloses your personal information to you and our payment processor if you are paying for your VioletBeacon service online.

    How is your personal information handled outside of New Zealand?

    VioletBeacon may store your personal data in our systems that our outside of New Zealand. These are in the EU (Germany and Finland) and Singapore. The data is stored encrypted-at-rest, is encrypted in transit, and the systems are fully under VioletBeacon's control and are not processed by any other organisation. Our data centers outside of New Zealand have been assessed and provide safeguards that are comparable to the New Zealand Privacy Act 2020.

    How are unique identifiers handled by VioletBeacon?

    Unique identifiers are only created where necessary to improve the efficiency of VioletBeacon's systems. They are treated the same as the personal data that you provide.

    Will VioletBeacon change this policy?

    We may change this policy from time to time, such as when the law changes. If we make a change, we will post the new version on this website and, if required by law, notify you of the updates. Please check back frequently to see any updates or changes to our privacy policy.

    Who can I contact with questions or concerns?

    If you have questions or concerns, please contact us at privacy@vltbcn.com.

    Additional Information

    Our Platform may contain links to web properties operated by third parties. If you follow any of these links, your usage of that web property will be subject to the third-party's privacy policy. We do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.

    Legal Bases for processing. We only process your personal information pursuant to one of the following legal bases:

    • Consent. You provided us with consent to process your personal information.
    • Contract. We may process your personal information to execute a contract with you or your employer.
    • Legal Compliance. We may process your personal information to comply with our legal obligations.
    • Legitimate Interest. Where it is necessary for us to process the information in order pursue our legitimate interests, including:
      • providing and improving our products and service;
      • maintaining the security and integrity of our offerings;
      • minimizing claims and financial losses for us, and our customers;
      • promoting our products, services and brand; and
      • conducting research and analytics.

    Additional Rights. In addition to your rights specified above, you have the right to:

    • object to our processing of your personal information;
    • request that we restrict our processing of your information;
    • transfer your personal information to another party;
    • withdraw your consent to any processing premised on your consent; or
    • file a complaint with the applicable supervisory authority.

    We will not discriminate against you for exercising any of your rights. To exercise these rights, please contact privacy@vltbcn.com.

    International Transfer. We may need to transfer your personal information out New Zealand, EEA, Switzerland or Singapore to other countries. We only transfer your information if (1) the recipient is in a country providing an adequate level of protection; (2) we use appropriate safeguards, such as standard contractual clauses; or (3) there is an applicable exception (such as consent). Please contact us at privacy@vltbcn.com if you would like additional information regarding the international transfer of your personal information.

    We do not intentionally collect or process sensitive personal information, as defined in the GDPR.

    We do not collect or process information concerning minors-those under 16 years of age. We do not have actual knowledge that we sold or shared personal information concerning minors—those under 16 years of age.