Privacy Policy
Last updated: February 14, 2026
Your Privacy Matters: At SecLookup, we are committed to protecting your privacy and being transparent about how we collect, use, and share your information. This Privacy Policy explains our data practices and your rights regarding your personal data.
1. Introduction
This Privacy Policy describes how SecLookup ("we," "us," or "our") collects, uses, discloses, and protects information when you use our threat intelligence platform, website, API services, and related offerings (collectively, the "Services").
By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.
2. Data Controller Information
SecLookup is the data controller responsible for your personal data. For any privacy-related inquiries, you may contact us at:
3. Information We Collect
We collect different types of information depending on how you interact with our Services:
3.1 Account Information
When you create an account, we collect:
- Registration Data: Name, email address, password (hashed), company name, and job title
- Profile Information: Optional profile details you choose to provide
- Authentication Data: Two-factor authentication preferences and backup codes (encrypted)
3.2 Billing Information
For paid subscriptions, we collect:
- Payment Details: Credit card information, billing address, and payment method (processed securely through our payment processor)
- Transaction Records: Invoice history, subscription status, and payment dates
Note: Full payment card numbers are never stored on our servers. Payment processing is handled by PCI-DSS compliant third-party processors.
3.3 Query and Usage Data
When you use our threat intelligence services, we collect:
- Domain Queries: The domain names, IP addresses, and other indicators you submit for analysis
- API Requests: API endpoint accessed, request parameters, timestamps, and response codes
- Search History: Your query history for personalization and audit purposes
- Feature Usage: Which features you use and how you interact with the platform
3.4 Technical and Device Data
We automatically collect:
- Device Information: Browser type, operating system, device type, and screen resolution
- Network Data: IP address, approximate geographic location, and ISP information
- Connection Data: Access times, pages viewed, referring URLs, and session duration
- Performance Data: Page load times, errors, and diagnostic information
3.5 False Positive Report Data
When you submit a false positive report, we collect:
- Reporter name, email address, and organization
- Domain(s) being reported
- Reason and supporting evidence
- IP address of submission (for fraud prevention)
3.6 Communications Data
We collect information from your communications with us:
- Support tickets and email correspondence
- Feedback and survey responses
- Newsletter subscription preferences
4. How We Collect Information
4.1 Direct Collection
We collect information directly when you:
- Create an account or update your profile
- Submit domain queries or API requests
- Subscribe to a paid plan
- Contact our support team
- Submit false positive reports
- Participate in surveys or promotional activities
4.2 Automatic Collection
We automatically collect information through:
- Cookies: Small text files stored on your device (see Section 10)
- Web Beacons: Pixel tags in emails and web pages
- Log Files: Server logs recording access patterns
- Analytics Tools: Third-party analytics services
4.3 Third-Party Sources
We may receive information from:
- Payment processors (transaction confirmations)
- Identity verification services
- Public databases and threat intelligence feeds
- Social media platforms (if you connect your account)
5. Legal Bases for Processing (GDPR)
For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions with similar data protection laws, we process your personal data based on the following legal grounds:
| Processing Activity |
Legal Basis |
| Account creation and management |
Contract performance |
| Processing payments |
Contract performance |
| Providing threat intelligence services |
Contract performance |
| Security monitoring and fraud prevention |
Legitimate interest |
| Service improvement and analytics |
Legitimate interest |
| Marketing communications |
Consent (where required) |
| Legal compliance |
Legal obligation |
| Responding to law enforcement |
Legal obligation / Legitimate interest |
6. How We Use Your Information
6.1 Service Provision
We use your information to:
- Create and manage your account
- Process your domain queries and deliver threat intelligence results
- Manage your subscription and process payments
- Provide customer support and respond to inquiries
- Process false positive reports and whitelist requests
- Send transactional emails (receipts, status updates, security alerts)
6.2 Service Improvement
We analyze usage data to:
- Improve our threat detection accuracy and reduce false positives
- Enhance platform features and user experience
- Develop new products and services
- Optimize API performance and reliability
- Conduct research and generate aggregate statistics
6.3 Security and Compliance
We use information to:
- Detect and prevent fraud, abuse, and unauthorized access
- Monitor for security threats against our infrastructure
- Enforce our Terms of Service and Acceptable Use Policy
- Comply with legal obligations and respond to lawful requests
- Maintain audit trails for compliance purposes
6.4 Marketing (with consent)
With your consent, we may:
- Send newsletters and product updates
- Notify you about new features and services
- Provide relevant industry news and threat alerts
You can unsubscribe from marketing emails at any time using the link in each email or by updating your account preferences.
7. Information Sharing and Disclosure
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:
7.1 Service Providers
We share information with trusted third-party vendors who assist us in operating our business:
- Cloud Infrastructure: Hosting and data storage providers
- Payment Processing: Secure payment gateways and billing systems
- Analytics: Usage analytics and performance monitoring
- Email Services: Transactional and marketing email delivery
- Customer Support: Help desk and ticketing systems
All service providers are contractually bound to protect your data and use it only for the purposes we specify.
7.2 Legal Requirements
We may disclose your information when required to:
- Comply with applicable laws, regulations, or legal processes
- Respond to valid legal requests from law enforcement or government agencies
- Protect our rights, property, or safety, or that of our users
- Investigate potential violations of our Terms of Service
7.3 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.
7.4 Aggregate and De-identified Data
We may share aggregate, anonymized, or de-identified data that cannot reasonably be used to identify you. This includes threat intelligence statistics, trend reports, and research findings.
7.5 With Your Consent
We may share your information in other circumstances with your explicit consent.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.
8.1 Transfer Safeguards
When we transfer data internationally, we implement appropriate safeguards including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all service providers
- Technical and organizational security measures
8.2 Data Localization
For Enterprise customers with specific data residency requirements, we offer regional data processing options. Contact [email protected] for details.
9. Data Retention
We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:
| Data Type |
Retention Period |
| Account Information |
Duration of account + 2 years after deletion |
| Query History |
12 months (configurable for Enterprise) |
| API Logs |
90 days |
| Billing Records |
7 years (legal requirement) |
| Support Tickets |
3 years after resolution |
| False Positive Reports |
5 years (audit purposes) |
| Marketing Preferences |
Until consent withdrawn |
After the retention period expires, we securely delete or anonymize your data. Some information may be retained longer if required by law or for legitimate business purposes.
10. Cookies and Tracking Technologies
10.1 Types of Cookies We Use
- Essential Cookies: Required for basic functionality (authentication, security, preferences). Cannot be disabled.
- Analytics Cookies: Help us understand how visitors use our website. Can be disabled.
- Functional Cookies: Remember your preferences and enhance your experience. Can be disabled.
10.2 Cookie Management
You can control cookies through:
- Our cookie consent banner (first visit)
- Browser settings (may affect site functionality)
- Account privacy settings
10.3 Do Not Track
We currently do not respond to "Do Not Track" browser signals, as there is no industry-wide standard for this feature. However, you can manage tracking preferences using the methods described above.
11. Data Security
We implement comprehensive security measures to protect your information:
11.1 Technical Safeguards
- Encryption: TLS 1.3 for data in transit; AES-256 for data at rest
- Access Controls: Role-based access with least-privilege principle
- Authentication: Multi-factor authentication and secure password policies
- Network Security: Firewalls, intrusion detection, and DDoS protection
- Monitoring: 24/7 security monitoring and anomaly detection
11.2 Organizational Safeguards
- Employee security training and background checks
- Confidentiality agreements with all staff
- Regular security audits and penetration testing
- Incident response and breach notification procedures
- Vendor security assessments
11.3 Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of discovery
- Report to relevant data protection authorities as required
- Provide information about the breach and recommended protective measures
12. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal data:
12.1 General Rights (All Users)
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data (subject to legal retention requirements)
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to certain processing activities, such as direct marketing
- Withdrawal of Consent: Withdraw consent for processing based on consent
12.2 Additional Rights for EEA/UK Residents (GDPR)
- Restriction: Request restriction of processing in certain circumstances
- Automated Decision-Making: Right not to be subject to solely automated decisions with legal effects
- Complaint: Right to lodge a complaint with a supervisory authority
12.3 California Residents (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to Know: Categories and specific pieces of personal information collected
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt out of sale or sharing of personal information (Note: We do not sell personal information)
- Right to Non-Discrimination: Equal service regardless of exercising privacy rights
- Right to Correct: Request correction of inaccurate information
- Right to Limit Use: Limit use and disclosure of sensitive personal information
12.4 Exercising Your Rights
To exercise your privacy rights, please:
We will respond to verifiable requests within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.
13. Children's Privacy
Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].
14. Third-Party Links and Services
Our Services may contain links to third-party websites, plugins, or services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.
We are not responsible for the privacy practices or content of external websites or services.
15. Query Data and Threat Intelligence
15.1 Domain Query Information
When you query a domain through our Services, we collect and process information about the queried domain (not your personal information). This includes:
- DNS records and WHOIS data for the queried domain
- SSL certificate information
- Threat indicators and reputation data
- Historical enrichment data
15.2 Distinction from Personal Data
Information about queried domains (such as WHOIS registrant details) belongs to the domain owners, not to you as the user performing the query. Our collection and processing of this publicly available or third-party data is governed by our Terms of Service and applicable data protection laws.
15.3 Your Query Logs
We maintain logs of your queries (which domains you searched) as part of your account activity. This is used for:
- Displaying your search history
- Usage analytics and billing
- Security monitoring and abuse prevention
You can request deletion of your query history through your account settings or by contacting us.
16. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
- We will update the "Last updated" date at the top of this page
- We will notify you via email or prominent notice on our website
- Material changes will take effect 30 days after notice (except where required by law)
We encourage you to review this Privacy Policy periodically. Your continued use of the Services after changes become effective constitutes acceptance of the updated policy.
17. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We are committed to resolving any complaints about your privacy and our collection or use of your personal information. We will respond to all inquiries within a reasonable timeframe.
18. Regulatory Information
For users in the European Economic Area or United Kingdom with regulatory inquiries, please contact us at [email protected].
If you are located in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.