Gondor Logo Gondor

Privacy Policy

Last updated: March 2026

This Privacy Policy describes how Gondor ("we," "us," or "our") collects, uses, and shares information when you use our website, platform, and related services (collectively, the "Services"). By using our Services, you agree to the collection and use of information as described in this policy.

1. Information We Collect

Account Information. When you create an account, we collect information such as your name, email address, organization name, and password.

Usage Data. We automatically collect information about how you interact with our Services, including pages visited, features used, search queries, and actions taken within the platform.

Device and Log Data. We collect technical information such as your IP address, browser type and version, operating system, device identifiers, and access timestamps.

User-Provided Data. We collect data you upload or input into the platform, including technology stack definitions, SBOM files, integration configurations, and other content you provide while using the Services.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Services
  • Process your requests and deliver relevant vulnerability and security data
  • Match vulnerabilities against your technology stack and configurations
  • Send service-related notifications, including security alerts and match detections
  • Improve and develop new features and functionality
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and security threats
  • Respond to your requests, comments, or questions

3. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our Services. These include:

  • Essential cookies required for the Services to function, such as authentication and session management
  • Analytics cookies that help us understand how the Services are used so we can improve them
  • Preference cookies that remember your settings and choices

You can control cookies through your browser settings. Disabling certain cookies may limit your ability to use some features of the Services.

4. Data Sharing

We do not sell your personal information. We may share information in the following circumstances:

  • Service providers: We share data with third-party vendors who assist us in operating the Services, such as hosting, analytics, and customer support providers. These providers are contractually obligated to protect your information.
  • Legal obligations: We may disclose information if required to do so by law or in response to valid legal process, such as a subpoena, court order, or government request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
  • With your consent: We may share information with third parties when you have given us explicit consent to do so.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Services. We may also retain certain information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we will delete or anonymize your personal information within a reasonable timeframe, except where retention is required by law.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request that we correct inaccurate or incomplete information
  • Deletion: Request that we delete your personal information
  • Data portability: Request a copy of your data in a structured, machine-readable format
  • Opt-out: Unsubscribe from marketing communications at any time

To exercise any of these rights, please contact us through the channels available on our website. We will respond to your request within a reasonable timeframe.

7. Security

We implement appropriate technical and organizational measures to protect your information, including encryption of data in transit and at rest, multi-factor authentication, role-based access controls, and regular security audits. While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

8. Children's Privacy

Our Services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, providing additional notice through the Services or via email. Your continued use of the Services after any changes constitutes your acceptance of the updated policy.