Sign Up

Privacy Policy

Our privacy policy and how we use your data

Effective Date: February 21, 2026

VikingCloud is a cloud security scanning platform operated by VikingStrike ("we," "us," or "our"). This Privacy Policy describes how we collect, use, protect, and share information when you use the VikingCloud platform and related services (collectively, the "Service").

By using VikingCloud, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our Service.

1. Information We Collect

1.1 Account Information

When you create a VikingCloud account, we collect the following information:

  • Email address
  • Name (if provided)
  • Password (stored as a cryptographic hash, never in plaintext)
  • Team and organization details

1.2 Cloud Credentials

To perform security scans on your cloud infrastructure, you provide us with cloud provider credentials (such as AWS access keys, GCP service account keys, or Azure credentials). These credentials are:

  • Encrypted using AES-256-GCM authenticated encryption before storage and are never stored in plaintext
  • Used exclusively to perform read-only security scans of your cloud resources
  • Accessible only to our scanning infrastructure and never shared with third parties

1.3 Scan Data

When we scan your cloud infrastructure, we collect and store the following types of data:

  • Cloud resource inventory and configuration metadata
  • Security findings and vulnerability assessments
  • Software bill of materials (SBOM) and license information
  • Secret detection results
  • Exploit enrichment data

1.4 Usage Data

We automatically collect certain information about how you interact with the Service, including:

  • Pages visited and features used
  • Browser type and device information
  • IP address and approximate location
  • Timestamps of access

1.5 Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card numbers, bank account details, or other payment instrument information on our servers. We receive only a transaction reference and subscription status from Stripe.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the VikingCloud platform
  • Perform security scans and generate reports on your cloud infrastructure
  • Process your subscription and payments
  • Send you service-related communications, including security alerts and scan results
  • Respond to your support requests and inquiries
  • Improve and develop new features for the Service
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

3. How We Protect Your Data

3.1 Encryption

All cloud credentials are encrypted using AES-256-GCM authenticated encryption. Encrypted credentials include integrity verification to ensure both confidentiality and tamper detection. Encryption keys are stored separately from encrypted data and managed through a dedicated secret management service.

3.2 Database Security

Our database is hosted on a managed, hardened relational database service with database-level access control policies enforced on all tables. These controls ensure that users can only access data belonging to their own accounts and teams. All data is encrypted at rest and in transit.

3.3 Infrastructure Security

VikingCloud is hosted on enterprise-grade cloud infrastructure in the Asia-Pacific region. All communications between services use HTTPS/TLS encryption. Our infrastructure follows the principle of least privilege for all service accounts and access controls.

3.4 Agentless Architecture

VikingCloud uses an agentless scanning architecture. We do not install any software or agents on your cloud infrastructure. All scanning is performed remotely using read-only API access to your cloud provider accounts.

4. Third-Party Services

We use a limited number of third-party services to operate VikingCloud. These service providers are carefully vetted and contractually bound to protect your data:

  • Cloud Infrastructure Provider — Hosting, compute, and secret management services. Our infrastructure provider maintains SOC 2, ISO 27001, and other industry certifications.
  • Database Service Provider — Managed database hosting, user authentication, and file storage. Our database provider processes your account data and scan results under strict data processing agreements.
  • Stripe — Payment processing and subscription management. Stripe processes your payment information directly. See Stripe Privacy Policy.

A current list of our subprocessors is available upon request. We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data is retained until you delete your account.
  • Cloud credentials can be deleted at any time through the dashboard. Credentials are permanently removed from our systems upon deletion.
  • Scan results are retained for the duration of your subscription. Historical scan data may be retained for up to 90 days after account closure to allow for reactivation.
  • Payment records are retained as required by applicable tax and financial regulations.

6. Your Rights

You have the following rights regarding your personal data:

  • Access: You can request a copy of the personal data we hold about you at any time.
  • Correction: You can update your account information through the dashboard or by contacting us.
  • Deletion: You can request deletion of your account and all associated data. We will process deletion requests within 30 days.
  • Export: You can request an export of your scan data in a machine-readable format.
  • Restriction: You can request that we restrict the processing of your data in certain circumstances.

To exercise any of these rights, please contact us at support@vikingstrike.com.

7. Cookies

VikingCloud uses cookies and similar technologies for essential platform functionality. This includes authentication session cookies, which are required for the Service to function. For more details, please see our Cookie Policy.

8. International Data Transfers

VikingCloud infrastructure is hosted in the Asia-Pacific region. If you are accessing the Service from outside this region, please be aware that your data may be transferred to and processed in our hosting region. We take appropriate measures to ensure your data is protected in accordance with this Privacy Policy regardless of where it is processed.

9. Children's Privacy

VikingCloud is a business-to-business platform designed for professional use. The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we learn that we have collected personal information from a person under 18, we will take steps to delete that information promptly. If you believe we have collected information from a minor, please contact us at support@vikingstrike.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page and updating the "Effective Date" at the top. We encourage you to review this page periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: