Skip to content

// Legal

Privacy Policy

Last updated: March 2026 · Effective date: March 2026

1. Introduction

Vrexo LLC ("Company," "we," "us," or "our") is the legal entity behind NullSight, a dark web monitoring product. We operate nullsight.co and provide the NullSight Service to Managed Service Providers ("MSPs") in the United States.

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit nullsight.co or use the NullSight Service.

2. Who we are and what we do

NullSight is a B2B dark web monitoring service operated by Vrexo LLC. Our customers are MSPs who use our platform to monitor whether their clients' corporate assets have appeared in known data breaches or dark web sources. NullSight does not interact directly with end users (the MSP's clients).

3. Information we collect

3.1 Information you provide directly

Collected when you fill out our demo form, contact us, or sign up:

  • Full name
  • Business email address
  • Company name
  • PSA platform type
  • Number of clients managed
  • Optional message

3.2 Information collected automatically

When you visit our website: IP address, browser type, pages visited, referring URLs, device type.

3.3 MSP-submitted monitoring assets

When an MSP registers assets: corporate domain names, IP address ranges, corporate email addresses, executive personal email addresses (submitted with MSP and client authorization).

Note: Vrexo LLC does not store end-user credentials or personal data on its own servers. NullSight queries third-party APIs and does not retain raw breach data beyond what is needed to generate alerts and reports.

4. How we use your information

  • Respond to demo requests and sales inquiries
  • Provide and maintain the NullSight Service
  • Send service-related notifications and alerts to MSPs
  • Generate dark web exposure reports for MSP clients
  • Improve our website and Service
  • Comply with applicable legal obligations

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. How we share your information

5.1 Third-party service providers

Cloud infrastructure, analytics providers, and dark web intelligence API providers (queries only, no MSP or end-user data shared beyond what is necessary).

5.2 Legal requirements

We may disclose information in response to valid legal process, to protect rights or safety, or to investigate violations of our Terms.

5.3 Business transfers

In a merger or acquisition, your information may be transferred. We will notify affected parties beforehand.

6. Data retention

Website data (demo requests, contact forms): retained up to 3 years after last contact. MSP monitoring assets: retained for the duration of the service agreement and deleted within 30 days of termination upon written request. Raw breach data: not retained beyond what is needed to generate alerts and reports.

7. Data security

We implement commercially reasonable measures including TLS/HTTPS encryption, access controls, and regular security reviews. No system is 100% secure. Vrexo LLC disclaims liability for unauthorized access beyond our reasonable control.

8. Your rights (U.S. state laws)

  • Right to know what personal information we collect
  • Right to request deletion of your personal information
  • Right to opt out of sale of personal information (Vrexo LLC does not sell personal information)
  • Right to non-discrimination for exercising your rights

To exercise rights, contact contact@nullsight.co. We respond within 45 days. California residents: this policy is intended to comply with CCPA and CPRA to the extent applicable.

9. Cookies

Our website may use cookies. You may configure your browser to refuse them. We do not use cookies to track users across third-party websites for advertising.

10. Children's privacy

The NullSight Service is for business professionals. We do not knowingly collect information from individuals under 18.

11. MSP responsibility and end-user data

When an MSP uses NullSight to monitor client assets, the MSP is responsible for: obtaining authorization from their clients, ensuring compliance with applicable laws, and notifying their clients about monitoring activities. Vrexo LLC acts as a data processor on behalf of the MSP (data controller).

12. Changes to this policy

We may update this policy from time to time. We will update the "Last updated" date when we do. Continued use of the Service constitutes acceptance of the updated policy.

13. Contact

Vrexo LLC, NullSight
Email: contact@nullsight.co
Website: nullsight.co