Threat Hunt Lab|
Sign InSign Up
Alpha

Welcome to ThreatRecon Alpha! This platform is in active development. Features may change and bugs may occur. Share your feedback

← Back to Home

Privacy Policy

Last Updated: December 8, 2025

1. Introduction

ThreatRecon ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cybersecurity training platform.

By using ThreatRecon, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Account Information: Email address, username, encrypted password
  • Profile Data: Optional display name, avatar, bio
  • Authentication Data: 2FA secrets (encrypted), trusted device tokens

2.2 Usage Data

  • Learning Progress: Simulation results, scores, completion times
  • Activity Logs: Pages visited, features used, time spent
  • Achievement Data: Unlocked badges, points earned

2.3 Technical Data

  • Device Information: Browser type, OS, device type
  • Network Data: IP address, general location (city/country)
  • Session Data: Login times, session duration
  • Cookies: Essential authentication and preference cookies only

3. How We Use Your Information

  • Provide Services: Deliver and personalize your learning experience
  • Track Progress: Monitor and display your learning achievements
  • Improve Platform: Analyze usage patterns to enhance features
  • Security: Detect fraud, prevent abuse, protect accounts
  • Communication: Send important updates, security alerts
  • Legal Compliance: Comply with applicable laws and regulations

4. Data Security

We implement industry-standard security measures:

  • Encryption: TLS/SSL for data in transit, AES-256-GCM for sensitive data at rest
  • Password Security: Bcrypt hashing with individual salts
  • 2FA: Optional two-factor authentication with TOTP
  • Session Security: HttpOnly, Secure, SameSite cookies
  • Access Controls: Role-based access, principle of least privilege
  • Monitoring: Real-time security monitoring and audit logging
  • Regular Audits: Periodic security assessments and updates

⚠️ Important: No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do NOT sell your personal information. We may share data only in these circumstances:

  • Service Providers: Trusted third parties who help operate our platform (hosting, analytics)
  • Legal Requirements: When required by law or to protect rights and safety
  • Business Transfers: In connection with mergers or acquisitions
  • With Your Consent: Any other disclosure with your explicit permission

6. Your Rights (GDPR/CCPA Compliance)

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Request your data in a machine-readable format
  • Opt-Out: Unsubscribe from non-essential communications
  • Restriction: Request restriction of data processing
  • Object: Object to certain types of processing

To exercise these rights, contact us at privacy@threatrecon.io. We will respond within 30 days.

7. Data Retention

We retain your data as follows:

  • Account Data: Until you delete your account, plus 30 days for backups
  • Learning Progress: Retained for your reference until account deletion
  • Audit Logs: 90 days for security purposes
  • Analytics Data: Aggregated and anonymized permanently

8. Cookies and Tracking

We use only essential cookies:

  • Authentication Cookies: Keep you logged in securely
  • Preference Cookies: Remember your settings (theme, language)
  • Security Cookies: Protect against CSRF attacks

We do NOT use: Third-party advertising cookies, social media tracking pixels, or cross-site tracking technologies.

You can disable cookies in your browser, but this may affect functionality.

9. Children's Privacy

ThreatRecon is not intended for users under 13 years of age. We do not knowingly collect data from children under 13. If we discover that we have collected such data, we will delete it immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by relevant data protection authorities
  • Your explicit consent where required

11. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be notified via:

  • Email notification to registered users
  • Prominent notice on the platform
  • Updated "Last Updated" date at the top of this page

Continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or concerns:

We aim to respond to all inquiries within 48 hours and resolve issues within 30 days.

Your privacy matters to us. We're committed to transparency and protecting your data.