Privacy Policy

Last updated: March 25, 2026

Who We Are

ExploitEye is a free security intelligence platform operated by Apphaz. We provide vulnerability tracking, security analysis tools, and AI-generated insights to the cybersecurity community at no cost.

What We Collect

Newsletter Subscribers

When you subscribe to our weekly digest, we store your email address in our database. We use this solely to send you the weekly security digest. We do not sell, share, or rent your email to third parties.

Recon Tool Usage

When you use our free recon tools (Header Checker, SSL Analyzer, DNS Lookup, etc.), we log the domain/URL/email you scanned, the tool used, the result grade, and your IP address. This data is used for:

  • Abuse prevention and rate limiting
  • Aggregate usage analytics (e.g., most-scanned domains)
  • Improving our tools

We do not use scan data to target, profile, or identify individual users. Scan logs are retained for 90 days and then automatically deleted.

Analytics

We use Google Analytics 4 to understand how visitors use ExploitEye. GA4 collects standard web analytics data including pages viewed, session duration, and approximate location (country level). We track custom events such as tool usage and page views to improve the platform.

We respect Do Not Track. If your browser sends a DNT header or you have Global Privacy Control enabled, we disable analytics tracking entirely. No data is sent to Google Analytics in this case.

What We Do NOT Collect

  • We do not require account creation or passwords
  • We do not use advertising trackers or sell data to advertisers
  • We do not store cookies beyond what Google Analytics requires
  • We do not fingerprint browsers or devices

Data Sources

ExploitEye aggregates publicly available security data from:

  • NIST NVD — National Vulnerability Database (public CVE records)
  • CISA KEV — Known Exploited Vulnerabilities catalog (public feed)
  • Reddit — Public posts from security subreddits
  • GitHub — Public repositories matching CVE patterns
  • RSS Feeds — Public security news from The Hacker News, BleepingComputer, Krebs on Security, Dark Reading

All data sources are publicly available. We do not scrape private or authenticated content.

AI-Generated Content

Our "Apphaz AI Insights" are generated by Claude (Anthropic) based on public CVE data. These insights are provided for informational purposes only and should not be considered professional security advice. Always verify findings independently.

Third-Party Services

  • Supabase — Database hosting (EU/US data centers)
  • Cloudflare — Frontend hosting and CDN
  • Render — Backend API hosting
  • Google Analytics — Web analytics (with DNT respect)
  • Resend — Email delivery for weekly digest
  • Anthropic — AI insight generation

Your Rights

  • Unsubscribe — Every digest email contains an unsubscribe link. Your email is deleted immediately.
  • Data deletion — Contact us at privacy@apphaz.com to request deletion of any data associated with your email or IP.
  • Opt out of analytics — Enable Do Not Track in your browser or use an ad blocker.
  • Access — Contact us to request a copy of any data we hold about you.

Contact

For privacy inquiries, contact privacy@apphaz.com.