Privacy Policy

1. Information we collect

• Purchase and billing information provided through your payment processor.
• Download grant, checkout session, and delivery metadata needed to provide the purchased package and prevent unauthorized or duplicate downloads.
• Customer intake, scheduling, contact, and scope information you choose to submit to WVISA.
• Assessment reports, device posture details, findings, and technical evidence are generated locally on the customer-controlled device by default and are not sent to or retained by WVISA unless you voluntarily provide them for support, review, or a separately scoped engagement.
• Support communications, attachments, and remediation follow-up you choose to send to WVISA.
• Basic website analytics, security logs, or server logs used to operate and protect the public site, if enabled.

2. How we use information

• Provide, operate, deliver, and support WVISA services.
• Process purchases, scheduling, intake, delivery, and customer communications.
• Support local report generation, remediation guidance, and monthly local-rescan outputs. Local scan reports are not transmitted to WVISA by default.
• Improve service quality, reliability, packaging, and fraud prevention.
• Meet legal obligations, enforce agreements, and protect WVISA, its customers, and third parties.

3. Legal bases and authorization

Depending on your location and the service provided, WVISA may process information to perform a contract, comply with legal obligations, pursue legitimate business interests, or based on consent you provide for a specific workflow.

4. How we share information

• With payment processors, hosting providers, email providers, or infrastructure vendors needed to operate the service.
• With contractors or service providers bound by confidentiality obligations and limited to the work they perform for WVISA.
• When required by law, legal process, or to protect rights, safety, or security.
• With your authorized representatives or technical contacts for the engagement.

5. Sensitive data handling

Do not submit passwords, MFA codes, recovery codes, secret keys, payment card numbers, government ID numbers, child account passwords, private messages, school records, medical information, or other highly sensitive data through public contact forms, unsecured email, or payment custom fields unless WVISA expressly provides a secure transfer method.

5A. Download delivery and security-tool alerts

Public paid downloads may be delivered as tier-locked ZIP packages while executable code signing is deferred. If a browser, Windows, antivirus, or endpoint protection product warns about a WVISA download, do not disable protection solely to bypass the warning. Contact WVISA support, verify the SHA-256 hash shown on the paid success page, and only run WVISA on systems you own or are authorized to assess.

6. Retention

By default, WVISA does not collect or retain customer scan outputs, local reports, device posture data, or generated deliverables after a local scan. The downloadable tool writes reports to the customer-controlled device. WVISA receives those files only if you choose to send them for support, review, troubleshooting, or a separately scoped service.

WVISA may retain payment records, download grants, checkout/session metadata, security logs, support communications, and any files you voluntarily provide for as long as reasonably necessary to deliver the service, prevent fraud, resolve disputes, meet legal obligations, and maintain business records. Files voluntarily provided for support or review may be deleted or anonymized when no longer needed unless a written agreement or legal obligation requires otherwise.

7. Optional external lookups

Some WVISA checks may contact third-party or local services for read-only visibility. For example, public-IP discovery can contact services such as api.ipify.org, checkip.amazonaws.com, or ifconfig.me; optional email breach exposure checks may contact Have I Been Pwned if you provide the required API key and account scope; and supported router checks may contact the router or gateway inside the customer network. These lookups are used to generate local findings and do not send scan reports or deliverables to WVISA by default.

8. Security

WVISA uses reasonable administrative, technical, and organizational measures to protect information used to provide services. No method of transmission, storage, or processing is completely secure, and WVISA cannot guarantee absolute security.

9. Your rights

Depending on your location, you may have rights to request access, correction, deletion, restriction, portability, or objection regarding personal information. To exercise rights, contact WVISA at IndependentJoel@gmail.com.

10. Children and FamilyShield

WVISA services are not directed to children under 13, and WVISA does not knowingly collect personal information directly from children for standalone consumer use. FamilyShield is directed to parents and guardians. Parents should not submit child account passwords, private messages, school records, medical details, or other highly sensitive child information unless WVISA expressly provides a secure transfer method and the information is necessary for a separately scoped service.

11. International transfers

If WVISA transfers information across borders, WVISA will use reasonable safeguards appropriate to the transfer and applicable law.

12. Changes to this policy

WVISA may update this Privacy Policy from time to time. The current version will be posted at /legal/privacy.html, with the updated effective date shown above.

13. Contact

Joel Williams, operator of the WVISA cybersecurity assessment tool
Support email: IndependentJoel@gmail.com
Website: https://www.wvisa.org/