ReconHawkReconHawk

Privacy Policy

Last updated: May 8, 2026

This Privacy Policy explains how Vukstone, LLC (“Vukstone,” “we,” “us”) collects, uses, shares, and protects information when you use ReconHawk (the “Service”). It applies to personal data we process as a controller — that is, information that identifies you or your organization.

The short version: we collect what we need to run the Service, we don't sell your data, and we use a small set of well-known vendors to handle billing, infrastructure, email, and analytics. The rest of this page is the detail.

1. What we collect

We collect three categories of information:

  • Account information. Name, email address, and password (stored as a salted hash) when you create an account. Billing information (name, address, last 4 digits of card, country) is collected and stored by our payment processor — we never see or store your full card number.
  • Service data. Domains, URLs, and other assets you submit for monitoring; the results of our scans against those assets (DNS records, headers, vulnerability findings, uptime checks); contacts you add for alerting; and any messages you send us through support.
  • Usage data. Standard log information (IP address, user agent, request timestamps, URLs visited within the Service) and product analytics events (which features you use, when you use them) so we can understand how the Service is performing and where to improve.

2. How we use it

  • To provide and maintain the Service.
  • To run the security checks you've asked us to run, and to send you alerts when something changes.
  • To process payments and manage your subscription.
  • To respond to support questions and communicate with you about your account or the Service.
  • To detect, prevent, and respond to abuse, fraud, or security incidents affecting the Service.
  • To improve the Service — using aggregated, de-identified usage patterns to understand what to build next.
  • To comply with applicable laws and lawful requests.

3. We do not sell your data

We do not sell, rent, or trade your personal information to third parties. We do not run third-party advertising on the Service or share your data with advertising networks.

4. Service providers we use

We share data with a limited set of vendors (“subprocessors”) who help us run the Service. Each is bound by contract to handle your data only as needed to provide their service to us:

  • Amazon Web Services (AWS) — hosting, infrastructure, storage. Data is processed in the United States.
  • Stripe — payment processing and subscription billing. Stripe is the only party that handles your full card number; see Stripe's privacy policy.
  • SendGrid (Twilio) — sending transactional emails (account confirmation, alerts, billing receipts).
  • Mixpanel — lightweight product analytics. We use it to understand which features are used and where users run into trouble. We do not send personally identifying information beyond what's needed to associate events with your account, and we don't use Mixpanel for advertising.

We may add or change subprocessors over time. Material changes will be reflected on this page; if you want to be notified ahead of time, contact us at privacy@reconhawk.com.

5. Other sharing

We may share information when:

  • You direct us to. For example, you might invite a teammate or share a report with someone outside your organization.
  • We're legally required to. In response to a valid subpoena, court order, or other lawful request — and only what we're actually required to share.
  • To protect rights or safety. If we reasonably believe disclosure is necessary to investigate, prevent, or respond to suspected fraud, abuse, or risk of harm.
  • In a business transfer. If Vukstone is merged, acquired, or sells substantially all assets, your information may transfer as part of that transaction. We'll provide notice before your data becomes subject to a different privacy policy.

6. Your rights and choices

You can:

  • Access and update the account information we hold about you from your account settings.
  • Delete your account at any time. When you delete your account, we delete or anonymize associated personal data within 30 days, except where we're required by law to retain it (for example, billing records for tax purposes).
  • Export your data on request. Email us at privacy@reconhawk.com.
  • Opt out of non-essential email. You can unsubscribe from product updates and marketing emails using the link in any such email. Transactional and account-security emails (confirmation, billing receipts, alerts you've opted into) will still be sent.

If you're in the EU/EEA, the UK, or California, you have additional rights under GDPR, UK GDPR, and the CCPA respectively — including the right to request a copy of your data, restrict processing, or object to certain uses. To exercise any of these rights, contact us at privacy@reconhawk.com.

7. Cookies and tracking

We use a small number of cookies and similar technologies:

  • Essential cookies — required for the Service to work (keeping you signed in, remembering preferences). These can't be turned off.
  • Analytics — Mixpanel sets cookies/IDs to measure feature usage. We do not use third-party advertising cookies.

You can disable non-essential cookies through your browser settings. The Service still works, but some features (analytics, per-user preferences) may behave differently.

8. Data retention

We keep account information for as long as your account is active. Service data (scan results, monitoring history) is retained according to the retention windows of your plan. After account deletion, we delete or anonymize personal data within 30 days, except where retention is required by law (e.g., billing records for tax compliance).

9. Security

We use industry-standard administrative, technical, and physical safeguards to protect your data — including encryption in transit (TLS), encryption at rest, access controls, and routine security review. However, no system is 100% secure. We cannot guarantee that unauthorized access, disclosure, or loss of data will never occur. If a breach affecting your personal data does occur, we'll notify you in accordance with applicable law.

10. Children

The Service is not directed to children under 13 (or under 16 in the EU/EEA), and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us at privacy@reconhawk.com and we will delete it.

11. International transfers

We are based in the United States, and our subprocessors process data primarily in the United States. If you are accessing the Service from outside the United States, you understand that your information will be transferred to and processed in the United States, where data-protection laws may differ from those in your jurisdiction.

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we'll notify you via email or through the Service before they take effect. The “Last updated” date at the top of this page reflects the most recent change.

13. Contact us

Questions about this policy or how we handle your data? Email privacy@reconhawk.com or write to: Vukstone, LLC, 194 Main Street, Suite 224, Newport, VT 05855.