Our Privacy Commitment
This is a cybersecurity education resource dedicated to helping people protect their digital privacy. We believe it would be hypocritical to teach privacy while simultaneously harvesting your data. Therefore, we operate with a privacy-first philosophy: we collect the absolute minimum data necessary to operate this website and nothing more.
This Privacy Policy explains exactly what data we collect, why we collect it, how long we retain it, and your rights regarding that data. Unlike many privacy policies that hide concerning practices in legal jargon, we aim for complete transparency. If you have questions after reading this policy, please contact us.
"Privacy is not something that I'm merely entitled to, it's an absolute prerequisite."
— Marlon Brando
We do not sell, rent, share, or otherwise monetize any user data. We have no advertisers, no marketing partners, and no data brokers requesting access to our visitors' information. Our funding model relies on educational value, not surveillance capitalism.
Data We Collect
We practice data minimization—we only collect what's technically necessary to serve web pages securely. Here's a complete list of data we collect:
Server Access Logs
Like virtually all web servers, our hosting infrastructure automatically logs basic request information. This data is essential for security monitoring, troubleshooting, and protecting against attacks.
| Data Type | Purpose | Retention |
|---|---|---|
| IP Address | Security, abuse prevention | 30 days |
| Timestamp | Security, troubleshooting | 30 days |
| Requested URL | Troubleshooting errors | 30 days |
| HTTP Status Code | Identifying errors | 30 days |
| User Agent | Browser compatibility issues | 30 days |
| Referrer | Understanding traffic sources | 30 days |
Server logs are automatically deleted after 30 days. We do not perform any analytics, behavioral tracking, or cross-session identification using this data. The logs exist solely for operational and security purposes.
What We Do NOT Collect
Many websites collect extensive user data for advertising, analytics, and profiling. CryptoCyber explicitly does not collect:
- No tracking cookies - We do not set any tracking cookies
- No analytics - No Google Analytics, no Plausible, no tracking pixels
- No fingerprinting - No canvas fingerprinting or device identification
- No user accounts - No registration, no login, no stored profiles
- No email collection - No newsletter signup, no mailing lists
- No social tracking - No Facebook pixel, no Twitter cards tracking
- No location data - Beyond what IP address implies
- No cross-site tracking - We do not track you elsewhere
You can verify our privacy practices using browser developer tools. Check the Network tab—you'll see no requests to analytics services. Check the Application/Storage tab—you'll see no tracking cookies. Privacy claims should be verifiable.
Cookies and Local Storage
CryptoCyber uses only essential functionality cookies, never tracking cookies. Here's exactly what cookies we may set:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| theme_preference | Remember dark/light mode selection | 1 year | Functional |
| PHPSESSID | Server session (if applicable) | Session | Essential |
Functional cookies improve your experience but are not required. We do not use any cookies for advertising, tracking, or analytics. You can block all cookies and the site will function normally—you'll just need to select your theme preference each visit.
Third-Party Services
We use minimal third-party services. Each service we use is carefully evaluated for privacy implications:
Content Delivery Networks
We may use CDNs (Content Delivery Networks) to serve fonts and icons. These services may log access requests according to their own privacy policies. The services we currently use:
- Google Fonts - Typography delivery. Google may log requests. You can block this with browser extensions like uBlock Origin or by using a privacy-focused browser.
- Phosphor Icons CDN - Icon delivery. Minimal logging.
We are working toward self-hosting all external resources to eliminate third-party requests entirely. Check back for updates to this policy as we implement these improvements.
Hosting Provider
This website is hosted on secure infrastructure. Our hosting provider may have access to server logs as part of their operational responsibilities. We select hosting providers with strong privacy practices and appropriate data processing agreements.
No Advertising Networks
We do not use any advertising networks. No ad servers receive data about your visit. We do not participate in real-time bidding, programmatic advertising, or any form of ad-tech surveillance.
International Visitors
We welcome visitors from around the world. Our servers are located in secure data centers, and data may be processed in different jurisdictions. We comply with applicable privacy regulations including:
- GDPR - European Union General Data Protection Regulation
- CCPA - California Consumer Privacy Act
- PIPEDA - Canadian privacy legislation
Given that we collect minimal data and retain it briefly, most privacy regulation requirements are satisfied by default. We don't have user accounts to delete, marketing lists to unsubscribe from, or profiles to export.
Your Privacy Rights
Depending on your jurisdiction, you may have specific privacy rights. We respect these rights for all visitors regardless of location:
| Right | Description | CryptoCyber Response |
|---|---|---|
| Right to Access | Know what data we have about you | Contact us; we'll provide any logged data |
| Right to Deletion | Request your data be deleted | Contact us; we'll purge relevant logs |
| Right to Portability | Receive your data in portable format | We can export any applicable logs |
| Right to Object | Object to data processing | We only process essential data; contact us with concerns |
| Right to Correction | Correct inaccurate data | Server logs aren't correctable but can be deleted |
To exercise any of these rights, please contact us using the information below. We aim to respond to all privacy requests within 30 days.
Security Measures
We implement appropriate technical and organizational measures to protect your data:
- HTTPS Everywhere - All pages served over encrypted connections
- Security Headers - Strict CSP, HSTS, X-Frame-Options, and other protective headers
- Regular Updates - Server software kept current with security patches
- Access Control - Limited administrative access with strong authentication
- Log Protection - Server logs protected from unauthorized access
We treat security as an ongoing practice, not a one-time implementation. We regularly review and improve our security posture.
Children's Privacy
Our educational content is appropriate for all ages. We do not knowingly collect any personal information from children under 13 (or applicable age of consent in your jurisdiction). Since we don't require accounts or collect personal information, this concern is largely moot—but we state it explicitly for regulatory compliance.
If you believe a child has somehow provided personal information to us, please contact us and we will investigate and delete any such data.
Policy Updates
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or services. When we make changes:
- We will update the "Last Updated" date at the top of this page
- Significant changes will be highlighted in a notice
- We will not reduce your privacy protections without clear notice
We recommend reviewing this policy periodically. Continued use of this site after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about our data practices, please contact us:
- Contact Page: cryptocyber.info/about/contact/
- Response Time: Within 30 days for privacy requests
We take all privacy inquiries seriously and will work to resolve any concerns promptly.
Data Retention Practices
Our approach to data retention follows the principle of storage limitation—data should only be kept for as long as necessary to fulfill its purpose. Server access logs serve specific operational and security functions, and once those functions are satisfied, the data is permanently deleted.
The 30-day retention period for server logs balances several considerations. Security incidents often aren't discovered immediately, so logs must be available long enough to investigate suspicious patterns. However, longer retention creates unnecessary privacy risks and storage costs. After careful analysis, 30 days provides adequate time to detect and investigate most security concerns while minimizing data accumulation.
When logs are deleted, they are permanently removed from our systems. We do not archive old logs to backup systems, transfer them to long-term storage, or retain them in any anonymized form. Deletion means complete removal with no possibility of recovery.
Log deletion is automated through server configuration. Human intervention isn't required, which eliminates the possibility of logs being retained due to oversight or administrative delays. The system enforces our retention policy consistently and reliably.
Browser Fingerprinting Prevention
Browser fingerprinting is a tracking technique that identifies users based on their device and browser characteristics—screen resolution, installed fonts, timezone, browser plugins, and dozens of other attributes. Combined, these create a unique "fingerprint" that can track users even without cookies.
This website does not implement any fingerprinting techniques. We don't use canvas fingerprinting, which extracts unique rendering characteristics from your graphics hardware. We don't query WebGL capabilities, enumerate installed fonts, or measure typing patterns. No JavaScript on this site collects device characteristics for identification purposes.
To protect yourself from fingerprinting on other websites, consider using browsers with built-in fingerprinting resistance like Firefox (with Enhanced Tracking Protection) or Brave. Browser extensions such as Canvas Blocker can prevent specific fingerprinting techniques. The Tor Browser provides the strongest protection by making all users appear identical, eliminating unique fingerprints entirely.
Advanced Cookie Management
While this website uses minimal cookies, understanding how to manage cookies across all websites you visit is essential for maintaining privacy. Modern browsers offer granular control over cookie behavior that most users never discover.
Browser Cookie Settings
Every major browser allows you to block third-party cookies—cookies set by domains other than the one you're visiting. Third-party cookies are primarily used for cross-site tracking by advertising networks. Blocking them significantly improves privacy with minimal impact on website functionality.
You can also configure browsers to clear cookies automatically when you close the browser, create exceptions for specific trusted sites, or operate in private/incognito mode where cookies are never saved. For maximum privacy, some users configure their browsers to block all cookies by default, only enabling them temporarily for sites that require them.
Cookie Extension Tools
Browser extensions provide additional cookie management capabilities. Extensions can automatically delete cookies from specific sites after a set time, categorize cookies by purpose, or provide detailed information about what each cookie contains. Some extensions maintain whitelists of essential cookies while automatically purging everything else.
For users who want to inspect cookies on any website, browser developer tools (typically accessed via F12) include a Storage or Application panel showing all cookies, their values, and expiration dates. This transparency allows you to verify that websites honor their stated privacy practices.