Privacy Policy

1. Information We Collect

We collect the following categories of data to operate the Luretrace platform:

• Account data: Email address and authentication credentials for console access.
• Sensor telemetry: Sensor identifiers, IP addresses, uptime, version, and module status.
• Attack event data: IP addresses, ports, payloads, credentials, and commands captured by honeypot sensors from unauthorized access attempts.
• Malware samples: Binaries uploaded to sensors and forwarded for analysis.
• Usage logs: Console access logs for security auditing.

2. How We Use Data

• To operate, maintain, and improve the Luretrace platform.
• To analyze attack patterns and generate threat intelligence reports.
• To send the Luretrace Intel Brief to subscribed users (with consent).
• To detect and prevent abuse of the platform.

3. Attack Data & Attacker Privacy

Data captured by honeypot sensors originates from systems attempting unauthorized access. This data is collected lawfully under the deception exception and honeypot doctrine recognized in U.S. federal case law. Attacker IP addresses and payloads may be shared in aggregated, anonymized threat intelligence feeds.

4. Data Retention

Event data is retained for 90 days by default. Malware samples and analysis results are retained for 1 year. Account data is retained for the lifetime of the account plus 30 days after deletion.

5. Third-Party Services

The Luretrace platform uses Vercel (hosting), Neon (database), AWS (sensor deployment and malware analysis), and Vercel Blob (file storage). Each provider's privacy practices apply to data processed by their infrastructure.

6. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. Submit requests to privacy@luretrace.com.

7. Contact

Privacy inquiries: privacy@luretrace.com