Privacy Policy

This documents the data we collect and use for our service, updated on 14th February 2021.

(1) Introduction

This policy is used to inform our users, regarding our collection, use and disclosure of personal information if you decide to use our service ("CyberSniff"). By choosing to use our services, you agree to the collection and use of information in relation with this policy. The information we collect are used for functionality of our service. We will not use or share the information you provide with anyone except as described in this policy.

(2) Information Collection and Use

For basic functionality of our service, we require you to provide us with information that could be personally identifiable, including, but not limited to: username that can be updated or changed at your own wish, an email address and a password. The information we collect will be used to contact or identify you.

(3) Domains

We want to inform you what whenever you visit our service, we will not collect any information about you, the content delivery network ("CDN") we utilize, FluxCDN, Unipessoal Lda, may recieve that information, it may include information such as the IP address, page you visit and the date and time. Our server and web hosting software, Nginx, has its logs turned off meaning that the logs are stored on our CDNs servers, not ours. We do not sell or share this information and it is kept secret and is only accessible by the service operator (CEO).

(4) Information associated with your account

By making an account with us, you agree that the following information is collected and associated with your account, the information is stored on our servers, and will not leave our servers unless you decide to share this information. If you are under the age of 13 years, you must cease use of our service. You must also use the 'Delete all my data' feature on the 'Your data' page. We do not knowingly collect information from users under the age of 13 years. We store the following information, and will not share it with anyone but the account holder:
4a. Email addresses - These are collected to send communications via email and assist with account recovery, for more specific communications, we outline that in our terms of service;
4b. Passwords - We hash all passwords with an algorithm called Argon2 (the id variant), it was rated the best password hashing algorithm to date, and we deem it sufficient enough, we also improved upon it by salting them with a 50 bit randomly generated salt, and utilizing 15256 bit secret key, stored secretly off the database;
4c. Usernames - Only used for identifying your account, such as session authentication and signing into the website, you may update your username to anything you desire, as long as it does not violate the terms of service already outlined;
4d. Computer signature ("Hwid", "Hardware ID") - Used to make sure you are not violating the terms by sharing your account on to other people. Before it is sent to our API, it is hashed with SHA-256, then before stored, it is hashed with the same algorithm that is used for passwords;
4e. Discord account ID - This is only stored when you link your Discord account to join our Discord server, and is openly accessible by anyone who can see your account on Discord. You are unable to perform malicious activities or manage another Discord account with a Discord ID, unlike a Discord token, which we do not store;
4f. Computer name - This is a name that your computer is given, it can be anything and is usually defined during first-time setup of your PC, it is not personally identifiable unless you make it personally identifiable. We do allow you to opt out of having your device name stored in your account settings.

(5) Information that is sent, but we do not store

We believe that your privacy is a human right, therefore here is the information that is sent but we do not store:
5a. IP addresses; 5b. Browser data, including but not limited to: user agent, headers and/or request URL; 5c. Any other information we did not already outline that we collect.

(6) Payment information

We use our own in-house system, but our purchase handler, Stripe, Inc. may collect further information, its best to get a better grip of it to check out their privacy policy, but for us, heres what we collect, any other information we simply do not store:
6a. Order IDs; 6b. CyberSniff User ID (xxxxxx-xxxxxx-xxxxxx); 6c. Date and time of purchase.

(7) Security

We have previously let you down on this aspect but we promise to only improve on it. But please take into account that no method of transmission and data storage is 100% secure, we do strive to use the strongest methods out to protect your information, we cannot guarantee its absolute security.

(8) Cookies

We use cookies on our web based services for specifically authentication purposes, they usually store a small string of characters called a session ID. A cookie is a small file on your device that contains a small amount of data, they can store just about anything. Our content delivery network (CDN), FluxCDN, Unipessoal Lda, utilizes cookies when our service is under a DDoS attack to make sure that users are real users, and not bots.