Legal

Privacy Policy

Last updated: May 28, 2026

The short version

Vindicta does not collect, transmit, or store any personal data. Everything you do in the app stays on your machine. There are no accounts, no analytics, no telemetry, and no cloud sync of any kind.

1. What We Collect

Nothing. Vindicta is a local-first desktop application. We do not collect, process, or transmit any personally identifiable information (PII), usage data, crash reports, or analytics.

All data you create — projects, scans, findings, scan history, and settings — is written to your local file system in a vindicta.json file and an app-local persistence store. That data never leaves your device through the Vindicta application.

2. Local Storage

Vindicta stores the following data exclusively on your local machine:

  • Project directories and metadata you register
  • Scan results and vulnerability findings
  • Academy progress, lesson state, and chat history
  • App preferences and settings
  • Generated TTS audio files (local cache)

You can inspect, edit, or delete this data at any time. Uninstalling Vindicta removes all app-managed storage.

3. External Network Requests

Vindicta makes a small number of outbound network requests, none of which involve your personal data:

  • Beta sign-up — when you register for the open beta, we collect your name and email address to send you a download link. This data is stored in our database and is not shared with third parties or used for marketing.
  • AI provider calls (Academy / Scan) — if you configure an AI model (Claude, OpenRouter, or Ollama) for scanning or the Academy Professor, the app invokes those CLIs or APIs directly from your machine using credentials you supply. Vindicta does not proxy, store, or log those requests. The AI provider's own privacy policy applies to any data you send.

4. Cookies & Tracking

The Vindicta desktop application does not use cookies, browser storage, or any tracking technology.

The landing website (vindicta.surelle.xyz) also does not use cookies, analytics scripts, or advertising trackers. It serves static HTML with no session tracking.

5. Children's Privacy

Vindicta does not knowingly collect any information from anyone, including children under the age of 13. Because no data is collected, there is nothing to distinguish.

6. Data Retention

Beta sign-up information (name and email) is retained for the duration of the beta programme. You may request deletion at any time by emailing privacy@vindicta.surelle.xyz.

7. Changes to This Policy

If we ever change this policy in a material way, we will update the date at the top of this page. Because we collect minimal data, any future changes are likely to remain minimal.

8. Contact

Questions about this policy? Email us at privacy@vindicta.surelle.xyz.