Privacy Policy

“Logicwind Ventures Pvt. Ltd.” operates https://flawpilot.com, referred to as “Service.” This policy explains data collection, safeguarding, and disclosure practices. Users agree to information collection per this policy by using the Service. Terms and Conditions govern Service use alongside this Privacy Policy.

• SERVICE: The https://flawpilot.com website operated by Logicwind Ventures Pvt. Ltd..
• PERSONAL DATA: Information about identifiable living individuals.
• USAGE DATA: Automatically generated data from Service use or infrastructure.
• COOKIES: Small files stored on user devices.
• DATA CONTROLLER: Entity determining data processing purposes and methods.
• DATA PROCESSORS (SERVICE PROVIDERS): Entities processing data on controller’s behalf.
• DATA SUBJECT: Living individual who is the subject of Personal Data.
• THE USER: Individual using the Service; corresponds to Data Subject.

Logicwind Ventures Pvt. Ltd. collects various information types to provide and improve the Service.

Personal Data

The Service may request personally identifiable information including:

• Email address
• URLs submitted for scanning
• Cookies and Usage Data

Your email address is used to deliver your scan report and PDF fix guide. It may also be used to send information about Logicwind Ventures Pvt. Ltd.’s security audit services, which represents a secondary use disclosed here and in our Terms of Service. You can opt out at any time via the unsubscribe link in any email.

Usage Data

Collected information includes:

• Internet Protocol (IP) address
• Browser type and version
• Pages visited
• Visit timing and duration
• Unique device identifiers
• Diagnostic data
• Device type, operating system
• Internet browser type

Tracking Cookies Data

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookie types used:

• Session Cookies: Operate the Service.
• Security Cookies: Bot and abuse protection via Cloudflare Turnstile on the scan submission form.
• Analytics Cookies: Aggregate usage analytics via Google Analytics 4 to help us improve the Service. No personally identifiable information is included in analytics events.

Browser cookie refusal may limit Service functionality.

Scan Data

When you submit a URL for scanning, the Service collects and stores the scan results, including security findings, pillar scores, and supporting evidence. Sensitive finding evidence ("findings.evidence") is encrypted at rest using AES-256 with keys managed in AWS Secrets Manager. Scan results are accessible only to the original submitter via their unique job ID and to any recipient of an explicitly shared VC Validation link.

Collected data purposes include:

• Provide and maintain Service
• Deliver scan results, scored reports, and PDF fix guides to the submitter's email address
• Contact submitters about Logicwind Ventures Pvt. Ltd.’s paid VAPT security audit service - this secondary use of your email is disclosed at the point of collection
• Notify about Service changes
• Allow participation in interactive Service features
• Provide customer support
• Gather analysis for Service improvement
• Monitor Service usage
• Detect, prevent, and address technical issues including scan abuse and rate-limit enforcement
• Fulfill user-provided purposes
• Carry out contract obligations for billing and collection
• Provide account and subscription notices
• Provide news, special offers, and information about similar goods/services
• Any other described purpose
• Any purpose with user consent

Personal Data is retained as long as necessary for stated purposes. Specific retention periods applied by the Service:

• Scan results and findings: Retained for 90 days from the date of the scan, after which they are permanently deleted.
• VC Validation share tokens: Expire and become inaccessible 30 days after the scan.
• Email addresses: Retained indefinitely for CRM and outreach purposes unless you request deletion via hello@flawpilot.com.

Data is also retained for legal obligation compliance, dispute resolution, and legal agreement enforcement. Usage Data is retained for internal analysis with shorter retention periods generally applied, unless used for security strengthening or Service functionality improvement, or legally required longer retention.

Information, including Personal Data, may be transferred to and maintained on computers outside user jurisdictions where data protection laws may differ. Users located outside India acknowledge data transfer to India for processing. Consent to this Privacy Policy represents agreement to such transfer.

Logicwind Ventures Pvt. Ltd. takes reasonably necessary steps to ensure secure data treatment per this Privacy Policy. No Personal Data transfer occurs to organisations or countries lacking adequate controls.

Personal information may be disclosed:

Disclosure for Law Enforcement

Circumstances may require Personal Data disclosure by law or in response to valid public authority requests.

Business Transaction

Mergers, acquisitions, or asset sales may result in Personal Data transfer.

Other cases

Data may be disclosed to:

• Subsidiaries and affiliates
• Contractors, service providers, and supporting third parties
• Fulfill stated user purposes
• Include company logos on the website
• Any other disclosed purpose when information is provided
• Any other cases with user consent

The security of your data is important to us. We use HTTPS across all services, encrypt sensitive scan finding evidence at rest using AES-256 (keys managed in AWS Secrets Manager with rotation support), and restrict internal access to scan results and email addresses to a small set of authorised personnel. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

EU and EEA residents possess certain GDPR-covered data protection rights. Logicwind Ventures Pvt. Ltd. acts as a data controller for scan submitter email addresses and as a data processor for vulnerability scan data relating to the target application. Logicwind Ventures Pvt. Ltd. aims to take reasonable steps allowing users to correct, amend, delete, or limit Personal Data use.

For information about held Personal Data or removal requests, email hello@flawpilot.com.

According to CalOPPA, users acknowledge:

• Users can visit the site anonymously.
• Privacy Policy link includes “Privacy” and is easily found on homepage.
• Users receive notification of privacy policy changes on the Privacy Policy page.
• Users can change personal information by emailing hello@flawpilot.com.

Do Not Track Policy

Logicwind Ventures Pvt. Ltd. honors Do Not Track signals and refrains from tracking, planting cookies, or advertising when Do Not Track browser mechanisms are active. Users enable/disable Do Not Track via browser preferences or settings.

California residents may learn what data is collected, request deletion, and prevent sales/sharing. Logicwind Ventures Pvt. Ltd. aims to take reasonable steps allowing correction, amendment, deletion, or Personal Data use limitations.

For information requests or system removal, email hello@flawpilot.com.

Delete your personal information

Upon request, Logicwind Ventures Pvt. Ltd. deletes held Personal Data from records and directs service providers similarly. Deletion may occur through de-identification. Personal information deletion may prevent certain function access requiring Personal Data operation.

Stop selling your personal information

We don’t sell or rent your personal information to any third parties for any purpose. Logicwind Ventures Pvt. Ltd. doesn’t sell Personal Data for monetary consideration. However, certain third-party transfers or family company transfers without monetary consideration may constitute “sale” under California law. Users own Personal Data exclusively and can request disclosure or deletion anytime.

Data sale cessation requests result in transfer stoppage. Deletion or data sale cessation requests may impact user experience and program/membership service participation requiring Personal Data. Logicwind Ventures Pvt. Ltd. won’t discriminate against users exercising their rights.

Third-party companies and individuals (“Service Providers”) facilitate Service, provide Service on behalf, perform Service-related services, or assist Service use analysis. These parties access Personal Data only for task performance and are obligated against disclosure or other use. The Service currently relies on the following Service Providers:

• Amazon Web Services (AWS): Hosting, data storage, PDF report generation (Lambda), and encryption key management (Secrets Manager).
• Cloudflare R2: PDF report storage and CDN delivery.
• ZeptoMail: Transactional email delivery of scan results and PDF report links.
• Cloudflare Turnstile: Bot and abuse protection on the scan submission form.
• Sentry: Error tracking and observability across all services.
• UptimeRobot: Uptime monitoring for the scan endpoint.

The Service uses Google Analytics 4 (GA4) to monitor and analyze aggregate usage patterns. Analytics events contain no personally identifiable information. GA4 data is processed by Google under their Privacy Policy and Data Processing Terms.

Third-party Service Providers automate Service development and deployment processes.

Remarketing services may advertise on third-party websites following Service visits. Logicwind Ventures Pvt. Ltd. and third-party vendors may use cookies to inform, optimize, and serve ads based on past Service visits.

The Service contains non-operated site links. Clicking third-party links directs to third-party sites. We strongly advise reviewing every visited site’s Privacy Policy. Logicwind Ventures Pvt. Ltd. has no control over third-party content, privacy policies, or practices and assumes no responsibility.

Services aren’t intended for users under 18 years old. Logicwind Ventures Pvt. Ltd. doesn’t knowingly collect personally identifiable information from users under 18. If you become aware that a child has provided information to us, please contact us. If Logicwind Ventures Pvt. Ltd. becomes aware of collected Child Personal Data without parental consent verification, information removal steps are taken.

Privacy Policy updates may occur. Changes are posted on this page. Notification occurs via email and/or prominent Service notice before changes take effect. The “effective date” updates at the top. Periodic Policy review for changes is advised. Changes become effective upon posting.

For Privacy Policy questions, contact hello@flawpilot.com. FlawPilot is operated by Logicwind Ventures Pvt. Ltd..