threatengine.sh ("we", "us", "the service") is a free, open-source threat intelligence platform. This Privacy Policy explains what personal data we collect, why, how long we keep it, and what your rights are. We keep this short and plain because we have no reason to hide anything.
The data controller for threatengine.sh is the operator of this service. Contact details are at the bottom of this page. If you are in the UK or EEA, you have rights under UK GDPR / GDPR which are described in section 8.
| Data | Why we collect it | Legal basis (GDPR) |
|---|---|---|
| Name, email address, profile picture URL | Received from Google or GitHub when you sign in. We use your name to display in the interface and your email to identify your account uniquely. | Art. 6(1)(b). performance of a contract (account service) |
| OAuth provider name and provider user ID | Stored to link your account to your Google/GitHub identity so you can log in again. | Art. 6(1)(b) |
| Projects and bookmarks you create | The core purpose of having an account. We store the entities you pin (CVE IDs, actor names, etc.) and any notes you attach. | Art. 6(1)(b). you explicitly asked us to save this |
| Watchlist items (localStorage only) | The anonymous watchlist is stored in your browser's localStorage only. We never see or store it server-side. | Not applicable. stays in your browser |
| Server access logs (IP address, URL, timestamp, HTTP status) | Operational security, abuse detection, debugging. We do not use these for profiling or advertising. | Art. 6(1)(f). legitimate interest (security + reliability) |
| Session cookies | One signed HttpOnly cookie keeps you logged in. One non-HttpOnly cookie (ttpi_authed=1) lets the page show a "Profile" link without a server round-trip. Neither is used for tracking. | Art. 6(1)(b). strictly necessary for the service |
We do not collect: payment information, phone numbers, location data, browsing history outside threatengine.sh, device fingerprints, advertising identifiers, or any data beyond what is listed above.
We do not sell, share, or rent your data to any third party for any purpose.
We use exactly two cookies:
We do not use any advertising, analytics, or third-party tracking cookies.
Google and GitHub may set their own cookies during the OAuth sign-in flow. Those cookies are governed by Google's Privacy Policy and GitHub's Privacy Statement.
| Data | Retention period |
|---|---|
| Account (name, email, provider ID) | Until you delete your account, or 2 years of inactivity after which we delete automatically |
| Projects and bookmarks | Until you delete them or your account |
| Server access logs | 90 days, then automatically deleted |
| Session cookies | 30 days from last login, or until you log out |
Your account data (name, email, projects, bookmarks) is stored in a SQLite database on the server running threatengine.sh. Server-level access to this data is limited to the service operator. We apply encryption at rest and in transit (TLS).
The threat intelligence data (CVEs, ATT&CK techniques, actors, etc.) is sourced from public datasets and is not personal data. It may be served from Cloudflare's CDN edge network.
We rely on the following as data processors or sub-processors:
No other third parties receive your personal data.
If you are in the UK or EEA, you have the following rights:
To exercise any right, email us (see section 10). We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority (in the UK: ICO; in the EU: your national DPA).
threatengine.sh is intended for security professionals and researchers. We do not knowingly collect data from anyone under 16. If you believe a minor has created an account, contact us and we will delete it.
We will update this page when the policy changes and update the "Last updated" date at the top. For material changes we will post a notice on the site. Continued use after changes constitutes acceptance.