Privacy Policy

Last updated: February 2026

Shellcode Labs LLC ("Shellcode Labs," "we," "us," or "our") respects your privacy. This policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

Information you provide directly:

• Name and email address (when you contact us)
• Company name and project details (during engagements)
• Payment information (processed through third-party payment providers — we don't store card numbers)
• Any files, data, or credentials you share for project purposes

Information collected automatically:

• Basic analytics data (page views, referral source) if we use an analytics tool
• IP address and browser type (standard web server logs)

We keep data collection minimal. We don't use tracking pixels, fingerprinting, or invasive analytics.

2. How We Use Your Information

• To communicate with you about your project
• To deliver the services you've engaged us for
• To send invoices and process payments
• To improve our website and services
• To comply with legal obligations

We do not sell your information. Period.

3. Third Parties

We may share information with:

• Payment processors (e.g., Stripe) to handle transactions
• Cloud/hosting providers (e.g., for project deployment) as part of delivering your project
• Legal authorities if required by law

We do not share your data with advertisers, data brokers, or any party not directly involved in delivering our services to you.

4. Cookies

Our website uses minimal or no cookies. If we add analytics in the future (e.g., Plausible, Umami), they will be privacy-respecting and cookie-free. We do not use advertising cookies or third-party trackers.

5. Data Retention

• Project data: Client files and credentials shared during an engagement are deleted within 30 days of project completion, unless you request otherwise.
• Communications: Emails and project correspondence may be retained for business records.
• Analytics: Aggregate, anonymized analytics data may be retained indefinitely.

6. Data Security

We use reasonable technical and organizational measures to protect your data, including encrypted communications, secure credential storage, and limited access. No system is 100% secure, but we take security seriously — it's literally what we do.

7. Your Rights (CCPA / GDPR)

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your personal data ("right to be forgotten")
• Opt out of the sale of your data (we don't sell it, but you can still ask)
• Data portability — receive a copy of your data in a standard format
• Object to processing based on legitimate interests

To exercise any of these rights, email us at [email protected]. We'll respond within 30 days.

California residents (CCPA): We do not sell personal information. We do not use personal information for purposes beyond what is disclosed here. You have the right to non-discrimination for exercising your privacy rights.

EU/UK residents (GDPR): Our legal basis for processing your data is contractual necessity (delivering services you've requested) and legitimate interest (improving our services). You may lodge a complaint with your local data protection authority.

8. Children

Our services are not directed to individuals under 18. We do not knowingly collect data from minors.

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with a new "Last updated" date. Material changes will be communicated via email to active clients.

10. Contact

Questions or concerns about your privacy? Reach out:

Shellcode Labs LLC
Email: [email protected]