Privacy Policy

GrayscaleInsight is a publisher and aggregator of openly available intelligence and threat-monitoring information. We process a small amount of personal data only in connection with our own visitors and subscribers. We are not a data broker, we do not sell personal data, and we do not assemble profiles of individuals featured in our published content.

Where required by applicable law, the operator of the site acts as the controller for the limited account-holder data described below. For data appearing inside published intelligence content (such as names of organisations or actors mentioned in incident reports), see Threat Intelligence Disclaimer in our Terms — we publish such information as third-party reporting and do not warrant its accuracy.

We try to collect as little as practical:

• Account data: email address, hashed password, optional display name, language and theme preferences.
• Authentication artefacts: short-lived access and refresh tokens, email-verification codes, password-reset tokens. These are stored hashed and expire automatically.
• Subscription metadata: plan, status, period end date, order identifiers. Payments are processed by an upstream cryptocurrency payment processor; we never see card numbers, wallet keys or transaction signatures.
• OAuth profile (optional): if you choose a third-party login, we receive only the email and display name from that provider.

We do not run our own application-level access logs, advertising cookies, social-media pixels, retargeting tags or cross-site tracking identifiers. We do not build behavioural profiles of subscribers. Our hosting provider may keep its own short-lived infrastructure logs purely for security and abuse prevention; we do not have routine access to them.

Only what is strictly necessary to keep you signed in and to render pages without an auth flicker — plus whatever our CDN / bot-protection layer sets to verify that requests come from a real browser. No analytics, no behavioural tracking, no third-party trackers, no advertising tags. Full inventory in the Cookie Policy.

• To provide and maintain accounts and subscriptions;
• To process payments via our payment provider and to issue receipts;
• To send transactional emails (verification, password reset, billing notices, security alerts);
• To detect and prevent abuse, fraud, automated scraping and security incidents;
• To comply with legal obligations.

We do not sell or rent personal data. We share only the minimum needed with carefully selected service providers:

• Payment processing: an upstream cryptocurrency payment processor.
• Hosting and CDN: global cloud infrastructure used to deliver static pages and run our API.
• Transactional email: third-party email-delivery service for verification and notification messages only.
• Legal: when compelled by valid legal process, or where necessary to defend our rights or protect the safety of users.

Subject to applicable law, you may request access to, correction of, or deletion of your account data. Deletion is also available self-service from your account page. To make any other request, email [email protected].

We aim to respond to verified requests within 30 days. We may need to verify your identity before acting on a request, and we may decline requests that are unfounded, excessive, or that conflict with our legal obligations.

Our editorial output regularly references organisations, individuals and threat actors that appear in third-party reporting. We publish this material as a monitoring and research service; we do not independently verify each underlying claim, we do not endorse any actor, and we do not maintain dossiers on the subjects mentioned. If a published article references you and you believe the underlying public report is inaccurate, please raise the matter with the original source. You may also contact us with a correction request and we will consider it on a case-by-case basis.

The site is not directed at children under 16. We do not knowingly collect data from anyone under 16.

We use industry-standard safeguards: TLS in transit, password hashing with a modern KDF, hashed token storage, rate limiting on sensitive endpoints, security response headers, and dependency scanning. No system is perfectly secure; we provide the service "as is" without warranty (see Terms).

We may update this policy. Material changes will be announced on the site and, where appropriate, by email to registered users. Continued use after the effective date of an update is acceptance of the revised policy.

Email: [email protected]
Website: www.grayscaleinsight.com