Privacy Policy
Last updated: March 1, 2026
Information We Collect
We collect information you provide directly — name, email, company details — together with usage data, and the security scan output files you choose to upload for compliance translation.
Zero-Custody by Design
Viwago never accesses your infrastructure. We deploy no agents, assume no IAM roles, and hold no cloud API keys or credentials. We only ever receive the scan output file you upload. Your systems remain entirely your own.
How We Use Your Information
We use your information to provide and improve the compliance translation service, communicate with you, and ensure security. We never sell your personal data to third parties.
Data Storage & Security
Uploaded scan results and the derived compliance posture are encrypted at rest (AES-256) and in transit (TLS 1.3), and are strictly tenant-isolated — access is derived only from a verified identity token, fail-closed by design. We do not yet hold a SOC 2 certification; a SOC 2 Type II audit is in progress, and we will state our status truthfully at all times.
Third-Party Services
We use carefully vetted third-party services for infrastructure (cloud hosting), analytics, and communication. All third-party processors are bound by data processing agreements.
Your Rights (GDPR)
You have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. To exercise these rights, contact privacy@viwago.com.
Data Retention
We retain your data for as long as your account is active or as needed to provide the service. You can request deletion of your uploaded scans, derived posture, and account at any time. Compliance-related data may be retained as required by law.
Contact Us
For privacy-related inquiries, contact our Data Protection Officer at privacy@viwago.com.