Privacy Policy

ThreatAI collects only what is necessary to provide our service:

• Email address and password (for account creation)
• Domain names you choose to scan (not stored permanently)
• Basic usage analytics (page views, feature usage)

We do NOT collect, sell, or share your personal data with third parties for marketing purposes.

• To provide and improve the ThreatAI service
• To send you security alerts and product updates (opt-out available)
• To authenticate your account securely

Domain scans performed through ThreatAI are AI-simulated for educational purposes. Scan results are generated in real-time and are not stored on our servers after your session ends. We do not perform actual penetration testing or access any systems without authorization.

Account data is stored securely using Supabase, which is SOC 2 compliant. Passwords are hashed and never stored in plain text. We use industry-standard encryption (TLS 1.3) for all data in transit.

We use essential cookies only — for authentication and session management. We do not use advertising or tracking cookies.

• Request a copy of your data at any time
• Request deletion of your account and associated data
• Opt out of non-essential communications

To exercise these rights, contact us at: privacy@threatai.app

We use the following third-party services:

• Supabase — authentication and database
• Anthropic — AI analysis engine (scan prompts only, no PII shared)
• Vercel — hosting and infrastructure

We may update this policy from time to time. We will notify registered users of significant changes via email.