Data Processing Policy
Re: Tech Preview
First of all, thanks for your initiative!
What I am missing from the Data Processing Policy, is the information on what kind of data will be gathered and transmitted by the VulnDetect client.
Will it send a list of my software, versions, install paths etc. to your server? In terms of IT security that could be very valuable information.
Or is it the other way around, information about the client remains at the client, and the information about vulnerabilities is downloaded to my machine to match with my software?
I would be happy to read from you about this.
Did you read this, we do link to this during installation:
SecTeer will collect the following information for CARMA consumer accounts:
Email / Username (mandatory)
Other personal information is not required to use the product, but you may be encouraged to supply this
IP addresses used to log in and submit data
The SecTeer CARMA products will collect the following information from your PC or device:
Program file names (NOT data files)
Meta data of program files, including, but not limited to size, version information, date, hashes, digital signatures, and other header / meta information
Directory structure i.e location of program files
Registry information related to installed software
Hostname or other unique identifier, to ensure correct correlation in reporting
Unfortunately, we do not offer a way around this nor do we have any plans to offer a different way of detected this and providing the results.
If you are concerned about this, then you can achieve a bit more anonymity, by registering using an alternative email address and perhaps send your data via a VPN (we do not support a proxy yet, but that may be implemented at a later stage).
And, soon, we will start anonymizing the data further i.e. by using placeholders for usernames in e.g. "c:\Users<yourusername>". However, this has NOT been implemented yet.
We've also planned another feature, which will allow you to exclude certain folders or drives.