Privacy Policy

Effective Date: May 7, 2025
Last Updated: May 7, 2025

VulnServer Labs ("we," "us," or "our") values your privacy. This Privacy Policy explains how we collect, use, and protect your information when you access our lab platform (“Service”) using a time-limited authentication link (“Magic Link”).

1. Information We Collect

We collect only the data necessary to provide secure, temporary access and maintain the integrity of the Service:

Information You Provide

• Email Address: Used to send the Magic Link and session notifications.

Information We Automatically Collect

• Temporary Session ID: A unique identifier for your session, which expires after 8 hours.
• IP Address: Collected to detect abuse and support security audits.
• Timestamps: Including link access and session usage times.
• Basic Session Activity Metadata: Such as which resources are accessed and whether errors occur.
• Browser and Device Type: Captured via user-agent for compatibility and diagnostics.
• Cookie Data: See Section 5.

We do not collect personal identifiers such as your full name, payment card number, or physical location beyond what is necessary for session management.

2. How We Use Your Information

• Authenticate and authorize access to the lab.
• Monitor usage patterns to detect errors or abuse and enforce session expiration timeout.
• Improve Service stability and performance.
• Respond to technical support requests.
• Maintain audit logs for debugging, compliance, and abuse investigations.

We do not use your data for advertising, resell it, or share it with third parties for marketing purposes.

3. Session Expiration and Data Retention

• Magic Links and sessions expire automatically after 8 hours.
• Metadata is retained up to 30 days for troubleshooting and security purposes, unless flagged for investigation.
• Your email address is stored only for the duration needed to fulfill the session and handle support.

4. Third-Party Services

We may use trusted third parties for:

• Email Delivery: (e.g., Amazon SES)
• Payment Processing: (e.g., Stripe) – we never store payment credentials on our systems.

5. Cookie Usage

We use only essential cookies to provide secure, functional session access:

Types of Cookies Used

• Session Cookies: Stores a temporary identifier (such as a session token) to maintain authentication as you navigate the Lab. This cookie is essential and expires when your browser closes or your session ends.
• Security Cookies: May be used to help detect repeated unauthorized access attempts or potential session hijacking patterns.
• Preference Cookies: Optional, stores cookie preferences.

Type of Cookies Not Used

We do not use third-party tracking, advertising, or analytics cookies.

• No tracking or analytics cookies (e.g., Google Analytics).
• No advertising or remarketing cookies.
• No cross-site tracking or behavioral fingerprinting.

Your consent to use essential cookies is implied as part of accessing a secure service. Optional preference cookies (if implemented) will be disclosed clearly.

6. Security Practices

We implement standard security controls, including:

• HTTPS/TLS encryption
• Signed token validation
• Enforced session expiration and single-use access
• Infrastructure controls with logging and monitoring

No method of transmission or storage is 100% secure, but we strive to reduce risk through layered security design.

7. Your Rights

You may request to:

• Request a summary of your session-related data
• Request early deletion of your email address and session metadata, unless retained under legal obligation
• Withdraw consent by not using the Service (which may disable access)

To make a request, contact us at support@vulnserver.net.

8. Policy Changes

We may update this policy as necessary. Significant changes will be announced via our site cookie banner. Continued use signifies acceptance.

9. Contact

For questions or concerns:

VulnServer Labs, LLC
Garrett Spear
support@vulnserver.net
P.O. Box 1988