Privacy Policy

1. Introduction

IntelSpec LLC ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our threat intelligence platform (collectively, the "Service").

IntelSpec LLC is a Massachusetts limited liability company located at 68 Harrison Ave Ste 605 #251425, Boston, MA 02111. Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

3. How We Use Your Information

We use the information we collect for the following purposes:

• •Service Delivery: To provide, maintain, and operate the IntelSpec platform, including account management, investigations, and threat intelligence analysis.
• •Billing & Subscription: To process payments, manage subscriptions, send invoices, and communicate about billing issues.
• •Product Improvement: To analyze usage patterns, identify feature requests, fix bugs, and optimize platform performance.
• •AI Training: To improve our AI threat analysis models. We do NOT train our models on user queries, investigation data, or findings. We only use aggregate, de-identified patterns about which OSINT sources are most valuable for specific threat categories.
• •Security: To detect fraud, prevent abuse, protect against attacks, and maintain platform security.
• •Support: To respond to your requests, troubleshoot issues, and provide customer service.
• •Legal Compliance: To comply with applicable laws, regulations, and court orders.
• •Communication: To send service updates, security alerts, policy changes, and (with your consent) marketing emails.

4. OSINT Data We Collect About Third Parties

Our platform collects and indexes publicly available threat intelligence about entities (domains, IP addresses, organizations, email addresses). This is the core of our service. Examples include:

• • Breach records (e.g., Have I Been Pwned)
• • Exposed credentials and password lists
• • Malware signatures and indicators of compromise (VirusTotal, GreyNoise)
• • CVE vulnerability data and severity scores
• • Open ports, services, and certificate information (Shodan, Censys)
• • DNS records, WHOIS data, and hosting information
• • Threat actor advisories and attack campaign data
• • Supply chain vulnerability scores

All of this data is publicly disclosed by the source (government agencies, researchers, security platforms). We do not conduct private surveillance, social engineering, or hacking. We are an OSINT aggregator, not a data broker. We do not sell or lease this third-party intelligence data to other parties.

5. AI Processing

IntelSpec uses AI (Claude language model via API) to:

• Generate confidence scores for findings (based on source count, corroboration, recency, specificity)
• Produce reasoning chains explaining how raw threat data connects to conclusions
• Identify and tag threat actors and attack patterns
• Summarize complex investigation findings

Important: We do not train our AI models on your queries, investigations, or findings. We do not retain your investigation data in the AI provider's systems. All AI analysis is performed with temporary session data and immediately discarded after the response is returned.

We use only de-identified, aggregate information to improve our models — such as which OSINT sources are most reliable for specific threat types. User privacy is protected at all stages of AI processing.

6. Data Sharing & Third-Party Services

We share certain information with trusted partners necessary to operate the platform:

7. Data Retention

We retain your data for as long as your account is active, plus:

• •Account Data: Deleted within 30 days of account closure.
• •Investigations & Findings: Retained in your account. Deleted when you delete them or 30 days after account closure.
• •Payment Records: Retained for 7 years for tax and accounting purposes.
• •Server Logs & Analytics: Retained for 90 days for security and performance analysis.
• •Legal Holds: If a legal claim is made, we retain data as required by law.

8. Data Security

We implement industry-standard security measures to protect your data:

• •Encryption in Transit: All data is transmitted via HTTPS/TLS 1.3.
• •Encryption at Rest: Databases use encryption at rest. Passwords are hashed with bcrypt.
• •Access Controls: Role-based access control (RBAC) limits who can view and modify data.
• •Audit Logging: All sensitive actions are logged for security audits.
• •Rate Limiting: API endpoints use rate limiting to prevent brute-force attacks.
• •SOC 2 Roadmap: We are working toward SOC 2 Type II compliance.

While we take security seriously, no system is 100% secure. If you discover a vulnerability, please report it to security@intelspec.io.

9. Your Privacy Rights

Depending on your location, you may have the following rights:

• •Access: Request a copy of all personal data we hold about you.
• •Correction: Correct inaccurate or incomplete information in your account.
• •Deletion: Request deletion of your account and associated data (subject to legal holds).
• •Export: Request your data in a portable, machine-readable format (CSV, JSON).
• •Opt-Out: Opt out of marketing communications and analytics cookies.
• •Appeal: In certain regions, appeal automated decision-making or profiling.

To exercise any of these rights, email privacy@intelspec.io with your request. We will respond within 30 days.

10. Cookies Policy

We use cookies to enhance your experience:

You can disable cookies in your browser settings, but some features may not work correctly.

11. Children's Privacy

IntelSpec is not intended for use by individuals under 18 years of age. We do not knowingly collect data from children. If we discover a child has provided personal information, we will delete it immediately. If you believe a child has registered an account, please contact us at privacy@intelspec.io.

12. International Data Transfers

Your data is stored in the United States. By using IntelSpec, you consent to the transfer and processing of your data in the U.S., which may have different privacy laws than your home country.

For EU/UK users, we rely on Standard Contractual Clauses (SCCs) to ensure adequate protection. For California residents, see Section 13 below. If you have concerns about international transfers, contact us at privacy@intelspec.io.

13. California Privacy Rights (CCPA)

If you are a California resident, you have specific privacy rights under the California Consumer Privacy Act (CCPA):

• •Right to Know: What personal information we collect, use, and disclose.
• •Right to Delete: Request deletion of your data (with exceptions for legal compliance).
• •Right to Correct: Correct inaccurate information.
• •Right to Opt-Out of Sale: We do not sell your data. This right does not apply.

To submit a CCPA request, email privacy@intelspec.io with proof of identity. We will respond within 45 days.

14. EU/UK General Data Protection Regulation (GDPR)

If you are located in the European Union or United Kingdom, the GDPR applies to your data. We process your data based on:

• Contract: Performance of our service agreement with you
• Consent: For marketing emails and optional analytics
• Legal Obligation: Compliance with laws and regulations
• Legitimate Interest: Security, fraud prevention, and service improvement

You have the right to withdraw consent, access your data, data portability, erasure, and restriction of processing. Contact privacy@intelspec.io to exercise these rights.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email or a notice on the Service. Your continued use of IntelSpec after changes constitutes acceptance of the updated policy. The "Last Updated" date at the top of this policy indicates the most recent revision.