Privacy Policy

1. Introduction

MalwareZero.org ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you visit our website at https://malwarezero.org (the "Site"). As an educational resource focused on WiFi security awareness, we are mindful of collecting minimal data and being transparent about any information that is collected.

By using the Site, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies, please do not use the Site.

2. Information We Collect

We do not actively collect personal information from visitors to our Site. The information we collect is limited to what is necessary to operate, secure, and improve the Site.

2.1 Automatically Collected Information

When you visit the Site, our web servers may automatically log standard technical information, including:

• Your IP address (anonymized where technically feasible)
• Browser type and version
• Operating system
• Pages visited and time spent on each page
• Referring website addresses
• Date and time of your visit

This information is collected in server logs and is used solely for the purpose of operating, securing, and improving the Site. It is not used to identify individual users and is not shared with third parties for marketing purposes.

2.2 Information You Provide

If you submit a WiFi security audit request through our Site, we collect the information you voluntarily provide, which may include your name, email address, company name, and other business information. This information is used solely to respond to your inquiry and provide the requested security assessment. We do not share this information with third parties for marketing purposes.

2.3 No Sensitive Data Collection

We do not collect sensitive personal information such as social security numbers, financial account information, health data, or any other specially protected categories of information through the Site.

3. How We Use Information

We use the information we collect for the following purposes:

• Site Operation: To operate and maintain the Site, including hosting, security, and technical infrastructure management
• Security: To detect, prevent, and respond to security threats, fraud, or unauthorized access
• Analytics: To understand how visitors use the Site and identify opportunities to improve the user experience (aggregate, non-personally-identifying data only)
• Communication: To respond to audit requests, inquiries, or support requests submitted through the Site
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests

4. Cookies

We use a minimal number of cookies, all of which are essential for site functionality.

4.1 Essential Cookies

The following essential cookies may be set when you visit our Site:

• cookie_consent: Set after you click "Accept" on our cookie consent banner. This cookie remembers that you have accepted our cookie notice so it does not display on every page load. It expires after 1 year.
• Navigation State: Some pages may set temporary session cookies to preserve your navigation state, such as collapsed or expanded content sections. These expire automatically when you close your browser.

4.2 No Analytics or Marketing Cookies

We do not use any of the following:

• Analytics cookies (Google Analytics, Mixpanel, Amplitude, etc.)
• Advertising or retargeting cookies
• Tracking pixels, beacons, or fingerprinting scripts
• Third-party marketing or advertising trackers
• Social media tracking cookies (Facebook Pixel, Twitter Pixel, LinkedIn Insight, etc.)

4.3 Managing Cookies

You can control and delete cookies as you wish. Most web browsers allow you to block or delete cookies through their settings. If you disable cookies, please note that some features of the Site may not function properly.

5. Third-Party Services

We use a limited number of third-party services, all of which have their own privacy policies:

5.1 Google Fonts

We use Google Fonts to load custom typography (Inter and JetBrains Mono) for improved readability of technical content. When you load a page that uses Google Fonts, your browser connects to Google's servers. Google may log your IP address as part of this process. For more information, see Google's Privacy Policy and Fonts FAQ.

5.2 GitHub (Links)

Our Site contains links to GitHub repositories for open source security tools. When you click these links, you are subject to GitHub's Privacy Statement.

5.3 External Links

Our Site contains links to external websites, research papers, and other resources. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any website you visit that collects personal information.

6. Data Sharing

We do not sell, trade, or otherwise transfer your personal information to outside parties for marketing or advertising purposes.

Information may be disclosed only in the following circumstances:

• Legal Requirements: When required by law, regulation, legal process, or governmental request
• Protection of Rights: To protect the rights, property, or safety of MalwareZero.org, our users, or the public
• Business Transfers: In connection with a merger, acquisition, sale of assets, or bankruptcy proceedings (with notice to affected users)

7. Data Retention

Automatically collected server log data is retained for a maximum of 30 days for security and operational purposes. Information provided through audit request forms is retained for up to 2 years or until you request its deletion, whichever comes first. Cookie consent preferences are retained for 1 year from the date of consent.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encrypted HTTPS connections for all Site traffic
• Server-level security configurations and access controls
• Regular security updates and patch management
• Limited access to personal information on a need-to-know basis

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security. If you believe your information has been compromised, please contact us immediately at security@malwarezero.org.

9. Children's Privacy

Our Site is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take immediate steps to delete that information.

10. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or a country with similar data protection laws, you have the following rights regarding your personal data:

• Right of Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request correction of inaccurate personal data.
• Right to Erasure: You have the right to request deletion of your personal data ("right to be forgotten"), where applicable.
• Right to Restrict Processing: You have the right to request that we restrict processing of your personal data.
• Right to Data Portability: You have the right to receive your data in a structured, commonly used, machine-readable format.
• Right to Object: You have the right to object to our processing of your personal data.
• Right to Lodge a Complaint: You have the right to file a complaint with a supervisory authority if you believe your rights have been violated.

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within 30 days.

11. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Request information about the categories and specific pieces of personal information we have collected about you
• Request deletion of your personal information
• Opt out of the sale of your personal information (we do not sell personal information)
• Not be discriminated against for exercising your privacy rights

We do not sell personal information and have not done so in the past 12 months. To make a request under the CCPA, please contact us at privacy@malwarezero.org.

12. International Data Transfers

Our Site is operated from servers that may be located in various countries. If you are accessing the Site from outside your home country, please be aware that your information may be transferred across international borders. We take appropriate safeguards to ensure that any such transfers comply with applicable data protection laws, including Standard Contractual Clauses where appropriate.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Significant changes will be communicated through a prominent notice on the Site.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

• Email: privacy@malwarezero.org
• Contact Form: https://malwarezero.org/about/contact/
• PGP Key: Available on our contact page
• Mail: MalwareZero Research Team — contact via the form above for mailing address