Legal

Privacy Policy

How Voretix collects, uses, shares and protects information when you browse the site, scan URLs, search the community dataset or use the API.

Last updated: July 12, 2026 Applies to voretix.com & api.voretix.com

1. Overview

Voretix ("Voretix", "we", "us" or "our") operates voretix.com and api.voretix.com, together with their subdomains and any other websites, APIs and endpoints operated by Voretix (together, the "Service") — a platform for analyzing domains and URLs for malicious threats, searching community scans and hunting across the scan dataset.

This Privacy Policy explains what information we collect when you use the Service, how we use it, who we share it with, and the choices you have. By creating an account, submitting a scan or otherwise using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account information

When you create an account we collect your full name, username and email address. Authentication is handled by Amazon Cognito (an AWS identity service). During registration, our signup service receives your password transiently so it can forward it to Cognito over an encrypted connection; we do not store or log it. Your password is then stored and managed by AWS Cognito. We also process email verification status and basic profile details you choose to provide.

2.2 Scan submissions

When you launch a scan — from the website or through the API — we collect and store:

  • the URL you submit, together with the scan options you choose (scanner location, emulated platform and browser, language, Tor routing and visibility);
  • the date and time of the scan and its processing state;
  • your account's internal Cognito identifier, so the scan appears in your history, plus a username snapshot used only for display/audit purposes;
  • the IP address from which the scan was submitted (via the website or the API).

Important: anything contained in a submitted URL becomes part of the scan record. Do not submit URLs that contain passwords, session tokens, personal email addresses or other secrets you do not want stored — especially in scans with public visibility.

2.3 Data collected about scanned websites

For every scan, our scanners collect extensive technical data about the scanned website, including: page content and HTML, screenshots, HTTP responses and headers, redirect chains, resolved IP addresses, WHOIS and domain registration data, DNS records, TLS certificate details, detected technologies, detection and verdict results, and structural similarity fingerprints. This data describes the scanned site, not you, but it is stored together with the scan record.

2.4 Community content

If you post comments on scan reports or file reports about a scan, we store that content together with your account identity and timestamps.

2.5 API keys, hunt quotas and usage

If you use the Voretix API we store the API keys you generate, quota and rate-limit counters, the endpoints you call, request timestamps and the IP address of the API client. Signed-in Advanced Hunting requests from the website and API update one daily counter associated with your internal Cognito identifier. Anonymous website hunts instead use a daily Free-tier counter keyed by a one-way, server-secret digest of the canonical client IP; that counter does not store the raw address.

2.6 Cookies and bot protection

We use a small number of first-party cookies (described in section 6) and Cloudflare Turnstile to protect account registration, scan launches, search and hunt from automated abuse. When the Turnstile challenge runs, your browser communicates with Cloudflare and we forward the verification token together with your IP address to Cloudflare for validation.

After a successful search or hunt challenge, the browser receives a short-lived opaque random clearance identifier. We store only its SHA-256 digest, its expiry, your internal Cognito identifier when signed in, and a server-secret digest of the canonical client IP. The live server-side record must still match the current account and IP; the cookie itself contains neither value.

We also rate-limit registration attempts using short-lived fixed-window counters. The counter is keyed with a secret-derived digest of your IP address and stored in MySQL with its window and attempt count; the registration limiter does not store the raw IP address. These counters are used only to prevent automated registration abuse. The attempt budget resets after the configured window, and an inactive limiter record expires within twice that period after its most recent attempt and is removed through bounded cleanup. We also provide your source IP address to Cognito for registration threat protection. This does not change the separate server-log collection described in section 2.7.

2.7 Log and device data

Like most websites, our servers automatically record log data when you use the Service: your IP address, browser type and user-agent string, the pages you request, referrer information and timestamps.

3. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service — run scans, generate reports, maintain your scan history, authenticate you and enforce quotas;
  • Build the community dataset — public scans are published as searchable scan reports (see section 4);
  • Security research and threat intelligence — analyze scan data to detect phishing, malware and other threats, and to improve detection quality;
  • Prevent abuse and fraud — rate limiting, bot gating, investigating misuse of the Service;
  • Improve the Service — understand how features are used and develop new functionality;
  • Communicate with you — service announcements, security notices and, where permitted, product updates;
  • Advertising and marketing — measure, personalize and deliver advertising and promotional content, on the Service and elsewhere;
  • Comply with legal obligations and enforce our terms.

4. Public Scan Data

Voretix is a community scanning platform. Scans submitted with public visibility are published: anyone can view the scan report and find it through search, hunt, related-scan features and the public API. Published scan data includes the submitted and final URLs, screenshots, page content, verdicts and all the technical data described in section 2.3.

Your account identity and IP address are never included in public search or hunt results. Scans can also be submitted as unlisted (viewable only by direct link) or private (visible only to you), subject to your plan. Choose the visibility that matches the sensitivity of what you are scanning.

5. How We Share Your Information

We may use the information we collect and share it with third parties, including in the following circumstances:

  • Service providers and third-party software. We rely on third-party vendors and software to operate the Service — for example Amazon Web Services (authentication and infrastructure), Cloudflare (bot protection), content-delivery networks and font providers, database and hosting providers, and payment processors. These providers process information on our behalf as needed to perform their functions.
  • Advertising platforms and partners. We may share usage data, identifiers, and information about how you interact with the Service with advertising platforms and marketing partners to display, measure and personalize advertising.
  • Institutions and the security community. As a threat-intelligence platform, we may share scan data — including public scan reports, indicators of compromise and aggregated findings — with security vendors, research institutions, universities, CERTs, blocklist and reputation-feed operators, and other organizations working to make the internet safer.
  • Legal requirements. We may disclose information to law-enforcement bodies, government agencies or other institutions where required by law, legal process, or to protect the rights, property or safety of Voretix, our users or the public.
  • Business transfers. If Voretix is involved in a merger, acquisition, financing or sale of assets, information may be transferred as part of that transaction.
  • Aggregated and de-identified data. We may share statistics and datasets that no longer identify you — for example threat trends, detection rates or technology adoption figures — with any third party.

6. Cookies & Similar Technologies

We use the following first-party cookies:

CookiePurposeType
__Host-vx_session Keeps you signed in using a short-lived random identifier. It contains no Cognito token or profile data; the server stores only its SHA-256 digest and a verified account snapshot. Secure and HttpOnly — it is sent only over HTTPS and page scripts cannot read it. Essential
vx_human Short-lived opaque random identifier set after you pass the Cloudflare Turnstile bot check, so search and hunt keep working across pages without repeated challenges. The server stores only its SHA-256 digest and an expiring account/IP-bound clearance record; copying the cookie to another account or IP does not create valid clearance. Essential

If Cognito is temporarily unavailable after the server has revoked a global session, the browser stores the affected account's opaque Cognito subject in local storage solely to bind and retry that unfinished sign-out. A different account cannot satisfy it, and it is deleted when revocation completes.

Third parties we integrate with (such as Cloudflare Turnstile) may set their own cookies or use similar technologies subject to their own privacy policies. If we introduce advertising or analytics cookies in the future, we will update this section and, where required, ask for your consent. You can control or delete cookies through your browser settings; blocking essential cookies will prevent sign-in and the bot-protected features from working.

7. Third-Party Content and Links

Pages on the Service load some resources from third parties — Google Fonts, the jsDelivr CDN and the Cloudflare Turnstile widget. When your browser fetches these resources, those providers receive your IP address and standard request data under their own privacy policies. Scan reports and the blog may also link to external websites (including the scanned sites themselves); we are not responsible for the privacy practices of external sites, and we recommend caution when visiting sites flagged as malicious.

8. Data Retention

We keep account information for as long as your account exists. Scan records — including the data described in sections 2.2 and 2.3 — are retained indefinitely as part of the historical threat-intelligence dataset, even after account deletion, although we can unlink or remove personal identifiers on request where required by law. Expired bot-clearance records and daily quota counters are pruned after limited operational retention periods; server logs and other bot-protection data are likewise kept only for periods appropriate to security and operations.

9. Security

We take reasonable technical and organizational measures to protect your information: encrypted connections (HTTPS), verified and revocable authentication tokens, hashed opaque session identifiers in Secure HttpOnly cookies, account/IP-bound server-side bot clearance, same-origin protections, fail-closed bot and quota checks, keyed registration rate-limit counters, and access controls on our infrastructure. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

10. Your Rights and Choices

  • Access and update your account details from your profile page.
  • Scan visibility — choose public, unlisted or private visibility when submitting scans, and change the visibility of your own scans afterwards via the API.
  • Deletion — request deletion of your account and associated personal data by contacting us (note the retention rules in section 8 for scan records).
  • Objection, restriction and portability — depending on where you live (for example under the GDPR or CCPA), you may have additional rights to object to or restrict processing, to receive a copy of your data, or to lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us using the details in section 14. We will respond within the timeframe required by applicable law.

11. International Data Transfers

The Service is operated using infrastructure that may be located in different countries. By using the Service you understand that your information may be transferred to and processed in countries other than your own, which may have different data-protection laws. Where required, we use appropriate safeguards for such transfers.

12. Children's Privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page, and for material changes we will provide additional notice (such as an announcement on the site or an email). Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

Questions, requests or complaints about this Privacy Policy or our data practices can be sent to [email protected].