Theorycraft Security
Home Privacy Policy

Privacy Policy

Last updated: May 24, 2026

Introduction

At Theorycraft Security, LLC ("we," "our," or "us"), we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information across our activities.

This policy applies to:

This policy does not apply to third-party websites or services you reach through links on our Site (such as social media platforms). Those sites are governed by their own privacy policies.

Please read this Privacy Policy carefully. By accessing or using our Site, SITREP, or services, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

Information We Collect

Marketing Website (theorycraftsecurity.com)

What we do not collect on the Site: We do not operate user accounts, contact forms, first-party cookies, analytics tools, or behavioral tracking on the marketing website.

Hosting and infrastructure logs: Our Site is hosted on Cloudflare Pages. When you visit the Site, Cloudflare automatically processes standard request data needed to deliver content, including your IP address, browser user-agent, requested URL, timestamp, and referrer. This data is used for content delivery, security, and abuse prevention. We do not use this data for marketing analytics.

Client-side scripts: The Site loads static assets and JSON-LD structured data from our own servers. These scripts do not transmit personal information beyond normal HTTP requests.

Information You Provide Directly

We collect information that you voluntarily provide to us when you:

This information may include:

  • Your name
  • Email address
  • Phone number
  • Company or organization name
  • Message or inquiry content
  • Professional information related to cybersecurity needs
  • Contract, project, and deliverable information for consulting engagements

Our contact page uses mailto links only. When you click a mailto link, your email client opens and you choose what information to send. We receive only what you include in your message.

SITREP (sitrep.theorycraftsecurity.com)

SITREP is our tactical website security analyzer. When you use SITREP:

  • URLs and domains you submit are processed in real time to perform security checks (such as DNS, TLS, response headers, and related configuration analysis)
  • Analysis history is stored locally in your browser for your personal use
  • We do not sell or share analyzed website data with third parties for marketing purposes
  • Standard hosting and infrastructure logs (as described above) may apply to requests made to SITREP

We do not persistently store submitted URLs or scan results on our servers beyond what is needed for real-time processing. Analysis history remains in your browser until you clear it.

Important: When you submit a URL for analysis, that URL refers to a third-party website. Scanning may leave traces in the target site's server logs. Only analyze websites you are authorized to test.

Technologies We Use (Site Operation Only)

Our Site uses the following technologies to operate and display content. These technologies do not collect personal information:

  • Content Security Policy headers for security enforcement
  • Self-hosted web fonts (Sorts Mill Goudy)
  • Schema.org structured data (JSON-LD) for search engine understanding
  • Embedded SVG images and data URIs for visual elements
  • A web app manifest for basic home-screen installation metadata
  • Intersection Observer API for scroll-triggered animations on some pages
  • Smooth scrolling and back-to-top navigation scripts
  • Responsive design for mobile and desktop layouts
  • DNS prefetch for x.com on the homepage (resolves the domain name early; does not transmit personal data to X)

How We Use Your Information

We use the information we collect for the following purposes:

  • Respond to your email inquiries and provide the information or services you request
  • Deliver and operate our marketing website and SITREP product
  • Perform contracted cybersecurity consulting and related services
  • Detect and prevent security incidents, abuse, and cyber threats
  • Maintain the security and integrity of our systems and infrastructure
  • Provide technical support and troubleshooting
  • Comply with legal obligations and contractual requirements

Third-Party Services and Resources

We carefully select third-party services to minimize data collection while maintaining security and usability:

Cloudflare (Hosting and CDN)

Our marketing website and SITREP are hosted on Cloudflare Pages and delivered through Cloudflare's content delivery network. Cloudflare processes standard request data (such as IP address, user-agent, and requested URLs) to provide hosting, TLS, and security services. We do not use Cloudflare Web Analytics. For more information, see Cloudflare's Privacy Policy.

Self-Hosted Fonts

We serve the "Sorts Mill Goudy" font family from our own website at theorycraftsecurity.com. Font files are stored in assets/fonts/ and loaded via assets/css/fonts.css. Your browser downloads fonts directly from our servers — no third-party font services are used, and no font-related data is sent to external providers.

X (formerly Twitter)

Our Site contains outbound links to our X profile at @theorycraftsec. We do not embed X content, widgets, or tracking pixels. The homepage uses a DNS prefetch hint for x.com to resolve the domain name early; this does not transmit personal data to X. When you click a link and leave our Site, X's Privacy Policy applies to your activity on their platform.

Schema.org Structured Data

We implement Schema.org structured data markup to improve search engine understanding of our content. This markup helps search engines display rich snippets but does not collect personal information from visitors. Schema.org is a markup standard, not a third-party service that collects data.

Web App Experience

Our Site provides a web app-like experience through meta tags and a basic web app manifest. This allows users to add our site to their home screen for quick access. The manifest contains basic app metadata (name, theme colors) but does not include full Progressive Web App functionality such as offline caching or service workers. No personal information is collected through these features.

Content Security Policy

We implement strict Content Security Policy headers to limit unauthorized resource loading and enhance your privacy while using our Site. This security measure helps protect against data injection attacks.

Modern Web APIs

Our Site utilizes browser APIs that operate locally and do not collect or transmit personal data:

  • Intersection Observer API: Used for scroll-triggered animations on some pages. Monitors element visibility within your browser only.
  • Smooth scrolling: Enhanced navigation using native browser scrolling behavior.

Data Minimization: We implement strict Content Security Policies and only allow necessary connections. No tracking pixels, analytics scripts, or advertising networks are used on our marketing website.

Data Retention and Storage

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Email correspondence: Retained for up to 3 years after your last interaction with us
  • Consulting and client records: Retained for the duration of our service relationship plus 7 years for legal and compliance purposes
  • Hosting and CDN logs: Retained according to Cloudflare's standard rolling retention periods; we do not separately retain or use these logs for analytics
  • SITREP scan data: Not persistently stored on our servers beyond real-time processing; local analysis history remains in your browser until you clear it

We implement appropriate security measures to protect your data during storage and transmission.

We Do Not Sell Your Information

We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. Your privacy is important to us, and we are committed to using your information solely for the purposes described in this Privacy Policy.

Data Security

We implement appropriate technical and organizational security measures to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Secure HTTPS connections with TLS encryption
  • Content Security Policies to prevent data injection
  • Regular security assessments and vulnerability testing
  • Limited access to personal information on a need-to-know basis
  • Secure data transmission protocols
  • Regular security monitoring and incident response procedures
  • Employee training on data protection and privacy

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that any such transfers comply with applicable data protection laws and implement appropriate safeguards, including:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions for countries with equivalent data protection standards
  • Other appropriate safeguards as required by applicable law

Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

  • The right to access the personal information we have about you
  • The right to request correction of inaccurate information
  • The right to request deletion of your information
  • The right to restrict or object to processing
  • The right to data portability
  • The right to withdraw consent (where applicable)
  • The right to lodge a complaint with supervisory authorities

To exercise these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within 30 days, unless additional time is required.

Cookies and Tracking Technologies

Our marketing website does not set cookies for tracking, analytics, or site functionality.

We do not use analytics platforms, advertising networks, or tracking pixels on our marketing website.

SITREP local storage: SITREP may store analysis history in your browser's local storage for your convenience. This is not a cookie and is not transmitted to our servers. You can clear it at any time through your browser settings.

Third-party cookies: External sites you visit through links on our Site (such as X) may set their own cookies according to their privacy policies. We do not control third-party cookie behavior.

Children's Privacy

Our Site is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will take steps to delete such information.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect and how we use it
  • The right to delete personal information we have collected
  • The right to opt-out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

In the preceding 12 months, we may have collected the following categories of personal information:

  • Identifiers (such as name and email address) — from email correspondence and consulting engagements
  • Professional information — from consulting engagements and inquiries related to cybersecurity services
  • Internet or network activity — limited to standard hosting request logs (IP address, user-agent, requested URLs) processed by Cloudflare; not used for marketing analytics
  • URLs submitted for analysis — processed in real time through SITREP; not persistently stored on our servers

To exercise these rights, please contact us using the information below.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • The right to erasure ("right to be forgotten")
  • The right to restrict processing
  • The right to data portability
  • The right to object to processing
  • The right to withdraw consent

Our legal bases for processing your data include:

  • Legitimate interests: Operating our website and SITREP, maintaining security through infrastructure logs, and preventing abuse
  • Contractual necessity: Performing cybersecurity consulting and related services you have engaged us to provide
  • Consent: Where you have given explicit consent (not required for passive browsing of our marketing website)

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. The updated version will be indicated by an updated "Last Updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

For material changes that affect how we use your personal information, we will provide notice through our Site or by other means before the changes take effect.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Security email
[email protected] (for security-related privacy concerns)
Address
Theorycraft Security, United States
Response time
We aim to respond to all privacy inquiries within 30 days

Data Protection Officer

For privacy-related matters, you may also contact our designated privacy contact at [email protected].

© 2026 Theorycraft Security, LLC