Privacy Policy
Last updated: March 9, 2026
// Overview
threat.gg ("we", "us", "our") operates the threat.gg platform, including the website, API, and honeypot agent software. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.
// Information We Collect
Account Information. When you create an account, we collect your email address and password (hashed). If you sign in via OAuth, we receive your name and email from the identity provider.
Honeypot Data. Our honeypot agents collect data from unauthorized access attempts, including IP addresses, credentials used, commands executed, payloads delivered, and connection metadata. This data originates from attackers interacting with honeypot services — not from legitimate users.
Usage Data. We collect standard web analytics: pages visited, browser type, device information, and IP address. We use this to improve the platform.
API & Agent Data. When you use the threat.gg API or deploy an agent, we log API requests and agent telemetry (connection status, protocol activity counts) to ensure service reliability.
// How We Use Your Information
We use the information we collect to:
- ▸ Provide, operate, and maintain the threat.gg platform
- ▸ Process and display threat intelligence data on the dashboard
- ▸ Send service-related communications (account verification, security alerts)
- ▸ Improve and develop new features
- ▸ Monitor for abuse and enforce our Terms of Service
- ▸ Generate aggregate, anonymized threat intelligence statistics
// Honeypot Data & Attacker Information
Honeypot data consists of information generated by unauthorized parties attempting to access honeypot services. This includes attacker IP addresses, credentials attempted, commands executed, and payloads. This data is collected for threat intelligence purposes and may be shared with the security community in aggregate or anonymized form.
IP addresses captured by honeypots are enriched with geographic data (country, city, coordinates) using third-party geolocation services. We do not attempt to identify individual attackers beyond their IP addresses.
// Data Sharing
We do not sell your personal information. We may share data in the following circumstances:
Service Providers. We use third-party services for hosting, analytics, and email delivery. These providers only access data necessary to perform their services.
Legal Requirements. We may disclose information if required by law, regulation, or legal process.
Threat Intelligence. Aggregate, anonymized honeypot data may be shared with the security research community to improve collective defense.
// Data Security
We implement industry-standard security measures including encrypted connections (TLS), hashed passwords, and access controls. All agent-to-server communication uses gRPC with TLS encryption. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
// Data Retention
Account data is retained for as long as your account is active. Honeypot attack data is retained indefinitely for threat intelligence purposes. You may request deletion of your account and associated personal data by contacting us at [email protected].
// Cookies
We use essential cookies for authentication and session management. We do not use third-party advertising cookies or cross-site tracking.
// Changes
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the platform after changes constitutes acceptance of the updated policy.
// Contact
Questions about this Privacy Policy? Contact us at [email protected].