Privacy Policy

Vallhund (“we”, “us”) builds an agentless security watchdog for agent and bot traffic. This policy explains what we collect, how we use it, and the choices you have. The short version: we compute security signals from the telemetry you connect, and we drop the raw traffic. We store findings, not your requests.

Information we collect

Account information. When you sign in through our identity provider, we receive your name, email address, and a stable user identifier. We use these to create your account and show who is signed in.

Connection credentials. To connect a source such as Cloudflare, GitHub, AWS, or Supabase, you provide a read-only token, key, or role. We store these encrypted at rest and use them only to read the telemetry you authorize. We ask for least-privilege, read-only access wherever the provider supports it.

Derived security signals. From your connected sources we compute findings, actor classifications, endpoint maps, and reputation. We store these derived signals so you can review them. We do not store your raw traffic or telemetry: it is processed and dropped.

Billing information. Payments are handled by our payment processor. We store a customer and subscription reference and your plan. We do not see or store your full card details.

Operational data. We keep limited logs needed to run and secure the service, such as request metadata and error reports.

What we do not collect

We do not store your raw network or application traffic, we do not sell your data, and we do not use third-party advertising or tracking cookies. We set a single cookie to keep you signed in.

How we use information

We use the information above to provide and secure the service, compute and deliver security findings, process billing, respond to support requests, and improve reliability and detection quality.

Who we share it with

We rely on a small set of service providers to run Vallhund. They process data on our behalf under their own terms:

• Identity and authentication, to sign you in.
• Payments and subscriptions, to process billing.
• Cloud hosting and key management, for compute, storage, and encryption.
• A managed database, to hold your derived signals and encrypted credentials.
• Network and content delivery.
• Optional IP reputation enrichment, used only when enabled on your plan.

We may also disclose information if required by law, or to protect the rights and safety of our users and the service.

Security

Connection credentials and other secrets are encrypted at rest with managed keys, and all traffic to the service is encrypted in transit. Vallhund is read-only by design and never sits in your data path, so it cannot modify or take down the systems you connect.

Data retention

We keep derived signals for the retention window of your plan, after which time-bounded data ages out. Account information is kept while your account is active. You can delete a project or your entire account at any time, which removes its derived data, connections, and stored credentials.

Your rights

You can access and export your data, correct your account details, and request deletion. Account and project deletion are available in the app and cascade to all associated data. For any other request, contact us below.

International processing

The service is hosted in the United States. If you access it from elsewhere, you consent to processing in the United States.

Children

Vallhund is a tool for developers and is not directed to children. We do not knowingly collect data from anyone under 16.

Changes

We may update this policy. We will revise the date above and, for material changes, take reasonable steps to let you know.

Contact

Questions about privacy: [email protected].