Privacy Policy

1. Who we are

VXControl L.L.C-FZ(“VXControl,” “we,” “us,” or “our”) is a Free Zone Limited Liability Company registered in the Meydan Free Zone, Government of Dubai, United Arab Emirates, under licence number 2538161.01. Our registered office is at Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates.

This Privacy Policy describes how we collect, use, and share personal data in connection with our website at vxcontrol.com (the “Site”) and our open-source software projects.

2. Information we collect

We collect only the minimum information necessary to operate the Site and respond to inquiries.

• Contact information. When you email any of our public aliases (e.g., info@, press@, security@, law@), we receive your email address and any information you choose to send.
• Server logs. Our hosting provider may log standard request metadata (IP address, user agent, timestamp, URL requested) for security and operational purposes.
• Cookies. We use Google Analytics 4 to collect anonymous, aggregated usage statistics. Analytics cookies (_ga, _ga_*) are only set after you explicitly accept the consent banner. If you reject, no analytics cookies are written and no personal data is sent to Google. We use Google Consent Mode v2, so the GA tag is initialised with analytics_storage: ‘denied’ by default; your choice is stored locally under vxcontrol:cookie-consent in your browser. You can change your mind at any time via the Cookie preferences link in the site footer.

3. How we use information

• To respond to inquiries you send to us.
• To operate, maintain, and secure the Site.
• To comply with applicable laws and lawful requests.
• To improve our open-source projects based on community feedback you choose to share with us.

We do not sell personal data to third parties.

4. Legal bases (EEA / UK)

For visitors located in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR and UK GDPR:

• Legitimate interests — operating the Site, responding to your inquiries, and protecting our infrastructure.
• Consent — where required, for example before setting non-essential cookies.
• Legal obligation — where we are required by applicable law to process or retain certain information.

5. Sharing

We share personal data only with:

• Service providers that help us operate the Site (e.g., hosting, email delivery), under written confidentiality and data-protection terms.
• Authorities and regulators where required by law or to protect our legal rights.

6. International transfers

We operate from the United Arab Emirates. Personal data may be stored or processed in the UAE or in jurisdictions where our service providers operate. Where required, we use appropriate safeguards such as standard contractual clauses.

7. Retention

We retain personal data only for as long as necessary for the purposes set out in this Policy, to comply with our legal obligations, resolve disputes, and enforce our agreements.

8. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, port, or restrict our processing of your personal data, to object to processing, or to withdraw consent. To exercise any of these rights, email [email protected].

9. Security

We implement reasonable technical and organisational measures designed to protect personal data from loss, misuse, and unauthorised access. Suspected security issues should be reported to [email protected].

10. Law-enforcement requests

We respect lawful authority and recognise the rights of competent authorities to obtain information through proper legal process. We publish this section so that requesting officers know exactly how to reach us and what to expect.

• Where to send. Submit requests in writing to [email protected]. We do not accept service of process by phone, voicemail, or at our registered office reception desk.
• Required process. We require valid legal process issued by a court of competent jurisdiction. For non-UAE authorities, we typically require requests routed through Mutual Legal Assistance Treaty (MLAT) channels or letters rogatory in accordance with UAE Federal Decree-Law No. 39 of 2006 on International Judicial Cooperation in Criminal Matters.
• What we hold. As an open-source software publisher operating a static marketing website, the personal data we hold is limited to inbound email correspondence and hosting-provider server logs (IP, user agent, timestamp). PentAGI and our other software products are self-hosted by users, so we hold no user content, no execution logs, no findings, and no API keys associated with those deployments.
• Verification & scope. We verify the authenticity of each request and respond only to information specified in the legal process. Overbroad or pretextual requests will be challenged.
• User notification. We will notify the individual whose data is requested unless the legal process expressly prohibits notification, or we believe in good faith that notification would create a risk of imminent harm or destruction of evidence.
• Preservation requests. We accept preservation requests under appropriate process and preserve responsive data for ninety (90) days, extendable upon receipt of a renewal request before the period expires.
• Emergency disclosures. In an emergency involving imminent risk of death or serious bodily injury, we may, in our sole discretion and consistent with applicable law, voluntarily disclose information to authorities. Emergency requests should still be submitted to law@and clearly marked “EMERGENCY DISCLOSURE REQUEST.”
• No backdoors, no bulk access. We do not provide direct access to internal systems, do not maintain tools for bulk data extraction, and do not implement undisclosed access mechanisms. Each request is reviewed individually.
• Cost reimbursement. Where permitted by law, we may seek reimbursement for reasonable costs incurred in responding to legal process.
• Transparency. Where legally permitted, we intend to publish an aggregate transparency report at least once per calendar year, covering the number and types of requests received and our responses.

11. Children

The Site is not directed to children under 13, and we do not knowingly collect personal data from children.

12. Changes to this Policy

We may update this Policy from time to time. Material changes will be indicated by updating the “Last updated” date at the top of this page.

13. Contact

For any privacy-related questions, please contact us at [email protected] or by post at: