Privacy Policy

Last updated: November 21, 2025

ThreatCluster ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at threatcluster.io. This policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Information We Collect

Personal Data You Provide:

  • Email Address: When you subscribe to our Daily Threat Bulletin or create an account
  • Account Information: If you create an account via Auth0, we receive your email and basic profile information
  • Preferences: Keywords and interests you set to personalize your threat feed

Information Collected Automatically:

  • Usage Data: Pages visited, time spent on pages, and general interaction patterns
  • Device Information: Browser type, operating system, and device type
  • IP Address: For security and fraud prevention purposes

2. How We Use Your Information

We use the information we collect to:

  • Send you the Daily Threat Bulletin if you subscribed
  • Personalize your threat intelligence feed based on your preferences
  • Provide and maintain our Service
  • Improve and optimize our platform
  • Communicate with you about service updates
  • Detect and prevent fraud or abuse

3. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: When you subscribe to our email digest or create an account
  • Contract: To provide the services you requested
  • Legitimate Interest: To improve our services and ensure security

4. Third-Party Services

We use the following third-party services that may process your data:

  • Auth0: Authentication and account management
  • Postmark: Email delivery for our Daily Threat Bulletin
  • DigitalOcean: Cloud hosting and database services
  • OpenAI: AI processing for generating threat summaries (no personal data is sent)
  • Google Ads: Advertising and conversion tracking to measure ad performance
  • Umami Analytics: Privacy-focused website analytics (only with your consent)

These providers have their own privacy policies and are GDPR-compliant. We only share the minimum data necessary for them to provide their services.

5. Data Retention

We retain your personal data only as long as necessary:

  • Email Subscriptions: Until you unsubscribe
  • Account Data: Until you delete your account
  • Usage Logs: Up to 90 days for security purposes

When you unsubscribe or delete your account, we will delete your personal data within 30 days, unless we are required to retain it for legal purposes.

6. Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time for consent-based processing

To exercise any of these rights, please contact us using the information below. We will respond to your request within 30 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL)
  • Encrypted database connections
  • Regular security assessments
  • Access controls and authentication

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

9. Cookies and Tracking

We use the following types of cookies and tracking technologies:

  • Essential Cookies: Necessary for authentication, session management, and core functionality. These cannot be disabled.
  • Analytics Cookies: Umami Analytics (privacy-focused, no personal data collected). Only loaded with your consent via the cookie banner.
  • Advertising Cookies: Google Ads conversion tracking to measure advertising effectiveness and improve our marketing. These cookies may track your browsing behavior across sites.

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may impact site functionality. For more information about Google's privacy practices, visit Google's Privacy Policy.

10. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. For significant changes, we may also notify you via email if you have an account.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Contact Page

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Back to Home