Privacy Policy

The data controller for this website is:

We act as the data controller for personal data collected through this website. This means we determine the purposes and means of processing your personal data and are responsible for its protection.

We collect minimal personal data, limited to what is necessary for operating this cybersecurity research blog. We do not collect data for advertising purposes.

Information you provide

• ▶Newsletter subscription: Your email address when you subscribe to our threat intelligence briefings.
• ▶Contact communications: Any information you provide when contacting us via email or social media.

Information collected automatically

• ▶Analytics data (Plausible): Aggregate page views, referral sources, country-level location, device type, and browser. Plausible is privacy-focused and does not use cookies, does not collect personal data, and does not track individuals across sites.
• ▶Analytics data (Google Analytics): With your consent, we collect page views, session duration, traffic sources, and general demographic data. Google Analytics uses cookies and may process data in the United States. This data is only collected if you accept analytics cookies via the consent banner.
• ▶Server logs: Standard web server logs maintained by our hosting provider (Vercel), which may include IP addresses, request timestamps, and user agent strings. These are retained for operational and security purposes.

Information we do not collect

• ▶We do not require account registration to read blog content.
• ▶We do not collect payment information, government IDs, or sensitive personal data from website visitors.
• ▶We do not use advertising trackers, retargeting pixels, or social media tracking widgets.

We process your personal data for the following purposes:

• ▶Delivering content: Serving blog posts, research articles, and threat intelligence briefings.
• ▶Newsletter delivery: Sending you cybersecurity briefings, CVE alerts, and research updates that you have subscribed to.
• ▶Analytics and improvement: Understanding how visitors use the site to improve content and user experience.
• ▶Security and integrity: Protecting the site against abuse, unauthorized access, and security threats.
• ▶Legal compliance: Meeting our obligations under applicable data protection laws.

Legal basis for processing (GDPR Art. 6)

• ▶Consent: For newsletter subscriptions and Google Analytics cookies. You can withdraw consent at any time.
• ▶Legitimate interests: For privacy-focused analytics (Plausible), security monitoring, and site operation. Our legitimate interest is to understand site usage and protect against threats.
• ▶Legal obligation: Where required by Swiss or EU law.

We take a minimal approach to cookies and tracking. Here is exactly what we use:

Plausible Analytics (no consent required)

Our primary analytics tool is Plausible Analytics, a privacy-focused, open-source analytics platform. Plausible:

• ▶Does not use cookies
• ▶Does not collect or store personal data
• ▶Does not track individuals across sites or devices
• ▶Processes data in the EU and is fully GDPR, CCPA, and PECR compliant without requiring consent
• ▶Collects only aggregate metrics: page views, referral sources, country, device type, and browser

Google Analytics (consent required)

We use Google Analytics to gain additional insights into site traffic and audience. Google Analytics uses cookies and may transfer data to the United States. This tracking is only activated if you accept cookies via the consent banner displayed on your first visit. If you reject cookies, Google Analytics is never loaded and no data is sent to Google.

You can opt out of Google Analytics at any time by clearing your cookies or using the Google Analytics Opt-out Browser Add-on.

Essential cookies

Our authentication provider (Clerk) may set strictly necessary cookies for admin users who sign in to the dashboard. These cookies are required for the site to function and do not track public visitors.

We do not use

• ▶Advertising or retargeting cookies
• ▶Social media tracking pixels
• ▶Third-party marketing trackers
• ▶Fingerprinting or cross-site tracking technologies

When you subscribe to our threat intelligence briefings, we collect your email address only. Emails are delivered through Resend, our email service provider.

• ▶Subscription is opt-in only. We will never add you to our mailing list without your explicit consent.
• ▶Every email includes an unsubscribe link. You can unsubscribe at any time with one click.
• ▶Your email address is not sold, rented, or shared with any third party for marketing purposes.
• ▶Upon unsubscribing, your email address is deleted from our subscriber list.

DFIR Lab operates security research infrastructure, including honeypots that collect data about cyber threats. This section explains how that data is handled. This data is entirely separate from website visitor personal data.

What is collected

Our honeypots (simulated vulnerable services) passively capture data from automated attacks and unauthorized access attempts directed at our research infrastructure. This includes:

• ▶Source IP addresses of attackers connecting to honeypot services
• ▶Credentials (usernames and passwords) used in brute-force login attempts
• ▶Commands executed during interactive sessions
• ▶Malware samples uploaded or downloaded by attackers
• ▶Network metadata (ports, protocols, user agent strings)

How it is used

This data is collected for legitimate security research purposes and is processed under the legal basis of legitimate interests (GDPR Art. 6(1)(f)). Specifically:

• ▶To analyze attack patterns, techniques, and trends for cybersecurity research
• ▶To enrich indicators of compromise (IOCs) via third-party threat intelligence providers (such as VirusTotal, AbuseIPDB, and Shodan)
• ▶To publish anonymized, aggregated findings in blog posts and research articles
• ▶To develop and test detection rules (YARA, Sigma)

Important distinctions

• ▶Honeypot-captured IP addresses belong to attackers, bots, and scanners — not legitimate users of this website. This data is treated as threat intelligence, not as end-user personal data.
• ▶When publishing research, attacker data is aggregated and anonymized. Individual IP addresses are not published in blog posts without defanging (e.g., 192.168.1[.]1).
• ▶IOC enrichment queries (e.g., IP lookups via VirusTotal) are performed server-side. Public visitors' IP addresses are never sent to threat intelligence providers.

We use the following third-party services to operate this website. Each has been selected for its reliability and privacy posture.

All third-party service providers are bound by their own privacy policies and, where applicable, data processing agreements. We do not share your personal data with these services beyond what is necessary for their stated purpose.

We do not sell your personal data. We do not share your personal data with third parties for marketing or advertising purposes.

We may disclose personal data only in these circumstances:

• ▶Service providers: With the sub-processors listed above, solely to operate this website and deliver our services.
• ▶Legal obligations: When required by law, court order, or governmental regulation.
• ▶Safety and security: To protect against fraud, abuse, or security threats to the site or its users.

DFIR Lab is operated from Switzerland. Our VPS infrastructure is hosted by Hetzner Cloud in Nuremberg, Germany, within the European Economic Area.

Some of our service providers (Vercel, Convex, Clerk, Resend, Google) are based in the United States. Where personal data is transferred outside Switzerland or the EEA, we rely on:

• ▶EU-U.S. Data Privacy Framework (DPF) and the Swiss-U.S. DPF for providers that are certified under these frameworks.
• ▶Standard Contractual Clauses (SCCs) approved by the European Commission where the DPF does not apply.
• ▶Switzerland's adequacy status under GDPR, which ensures data flows between the EEA and Switzerland are permitted without additional safeguards.

We retain personal data only as long as necessary for the purposes described in this policy:

• ▶Newsletter subscribers: Email addresses are retained until you unsubscribe. Upon unsubscription, your email is deleted promptly.
• ▶Plausible Analytics: Aggregate data is retained indefinitely. No personal data is stored.
• ▶Google Analytics: Data retention is set to 14 months, after which it is automatically deleted by Google.
• ▶Server logs (Vercel): Retained according to Vercel's data retention policy, typically up to 30 days.
• ▶Honeypot and threat intelligence data: Retained indefinitely for ongoing security research. This data relates to attackers and automated threats, not website visitors.
• ▶Contact communications: Retained as long as necessary to respond to your inquiry, then deleted.

Depending on your location, you may have the following rights regarding your personal data:

Under the Swiss FADP and EU/UK GDPR

• ▶Right of access: Request a copy of the personal data we hold about you.
• ▶Right to rectification: Request correction of inaccurate or incomplete data.
• ▶Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
• ▶Right to restrict processing: Request that we limit how we use your data.
• ▶Right to data portability: Receive your data in a structured, machine-readable format.
• ▶Right to object: Object to processing based on legitimate interests.
• ▶Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

Under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have the right to:

• ▶Know what personal information we collect and how it is used
• ▶Request deletion of your personal information
• ▶Opt out of the sale of personal information (we do not sell personal data)
• ▶Non-discrimination for exercising your privacy rights

How to exercise your rights

To exercise any of these rights, please contact us at privacy@dfir-lab.ch. We will respond to your request within 30 days.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or the relevant supervisory authority in your jurisdiction.

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include:

• ▶Encryption in transit (TLS/HTTPS) for all website traffic
• ▶Encrypted storage for sensitive configuration and credentials
• ▶Access controls and authentication for administrative functions
• ▶Regular security monitoring of our infrastructure
• ▶Minimal data collection as a first principle

No system is 100% secure. If you discover a security vulnerability on this site, please report it responsibly to security@dfir-lab.ch.

This website is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe that a child under 16 has provided us with personal data, please contact us at privacy@dfir-lab.ch and we will promptly delete it.

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Continued use of the site after changes constitutes acceptance of the updated policy.

If you have any questions about this privacy policy, your personal data, or would like to exercise your rights, please contact us:

We aim to respond to all privacy-related inquiries within 30 days.