Privacy Policy

• Free score checks: The email address you enter is sent to our breach-intelligence provider (HaveIBeenPwned-style data sources) in real time and is not retained on our servers after your score is returned.
• Paid reports & subscriptions: When you purchase a report or subscription, we store your email, payment reference (via our payment processor), and report metadata so you can access your report and we can deliver alerts.
• Technical data: IP address, browser type, device type, and timestamps for security, fraud prevention, and rate limiting.
• Optional contact info: Information you voluntarily submit through forms (e.g. support requests).

• To compute and return your Cyber Health Score and breach exposure results.
• To deliver paid reports, monitoring alerts, and account access.
• To process payments through our PCI-compliant payment processor.
• To detect abuse, prevent fraud, and secure our service.
• To comply with legal obligations.

We never sell your personal data. We never share your email with advertisers.

• Free scans: Email is processed in memory and discarded immediately after the score is returned.
• Paid reports: Retained for the duration of your account plus 12 months, after which they are permanently deleted.
• Technical logs: Retained for up to 90 days for security and diagnostics.

We rely on a small set of trusted providers to operate our service:

• Breach-intelligence data providers (HaveIBeenPwned-style sources).
• Payment processing (Stripe or equivalent).
• Email delivery for transactional messages and alerts.
• Cloud hosting and analytics (privacy-respecting, no third-party ad networks).

Each provider only receives the minimum data required to perform its function, and is bound by its own privacy and security obligations.

We use a small number of strictly necessary cookies to keep you signed in and to remember preferences. We do not use third-party advertising or cross-site tracking cookies. You can disable cookies in your browser, but parts of the service (such as accessing your paid report) may not work.

Depending on your jurisdiction, you have the right to:

• Access the personal data we hold about you.
• Request correction or deletion of your data.
• Object to or restrict certain processing.
• Data portability — receive your data in a portable format.
• Withdraw consent at any time, where processing is based on consent.
• For California residents: opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at the address below. We respond within 30 days.

Questions or requests about this policy or your data? privacy@threatridge.com