Evil-DB LogoEvil-DB

Privacy Policy

Last updated: December 8, 2024

1. Introduction

Evil-DB ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our threat intelligence platform and services.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (stored securely using bcrypt hashing)
  • Optional: Organization name, job title

Usage Data

We automatically collect:

  • API request logs (endpoints accessed, timestamps)
  • Search queries performed
  • IP addresses used to access our services
  • Browser type and version

Threat Data

When you submit threat reports, we collect the submitted indicators (IPs, domains, hashes) and any additional context you provide.

3. How We Use Your Information

We use collected information to:

  • Provide and maintain our threat intelligence services
  • Process and respond to your requests
  • Send service-related notifications and updates
  • Enforce our terms of service and prevent abuse
  • Improve our services and develop new features
  • Comply with legal obligations

4. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers who assist in operating our platform
  • Law enforcement when required by valid legal process
  • Other users (only aggregated, anonymized threat statistics)

Threat reports you submit may be shared with the security community to improve collective defense, but your personal information is not attached to these reports unless you explicitly consent.

5. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.3)
  • Encryption at rest for sensitive data
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • Two-factor authentication (2FA) support

6. Data Retention

We retain your account information for as long as your account is active. API logs are retained for 90 days. Threat data is retained indefinitely as part of our threat intelligence database.

You may request deletion of your account and associated personal data by contacting us at [email protected].

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Export your data in a portable format
  • Opt out of marketing communications

8. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: [email protected]