Theorycraft Security
Home Privacy Policy

Privacy Policy

Last Updated: October 14, 2025

Introduction

At Theorycraft Security ("we," "our," or "us"), we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at theorycraftsecurity.com (the "Site").

Please read this Privacy Policy carefully. By accessing or using our Site, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

Information We Collect

Information You Provide to Us

We may collect information that you voluntarily provide to us when you:

  • Fill out and submit forms on our Site (such as our contact form)
  • Correspond with us by email
  • Request information or assistance
  • Interact with our cybersecurity services

This information may include:

  • Your name
  • Email address
  • Phone number
  • Company name
  • Message content
  • Professional information related to cybersecurity needs

Information Automatically Collected

When you visit our Site, we may automatically collect certain information about your device and usage patterns. This information may include:

  • IP address
  • Browser type and version
  • Operating system
  • Device type and screen resolution
  • Pages visited and time spent on those pages
  • Referral sources
  • Click patterns and navigation behavior
  • Language preferences

Technical Information

Our Site uses various technologies that may collect additional information:

  • Content Security Policy headers for security monitoring and enforcement
  • Web app manifest data for enhanced mobile experience
  • Structured data markup (Schema.org) for search engine optimization
  • Embedded SVG images, data URIs, and blob URLs for visual elements and downloadable content
  • Preconnect and DNS prefetch links for performance optimization
  • Modern JavaScript APIs (Intersection Observer, Clipboard, Download) for enhanced user experience
  • Responsive design technologies for mobile and desktop optimization
  • Smooth scrolling and animation libraries for improved navigation

How We Use Your Information

We may use the information we collect for various purposes, including to:

  • Respond to your inquiries and provide the information or services you request
  • Improve our Site and cybersecurity services
  • Understand how visitors use our Site
  • Detect and prevent security incidents and cyber threats
  • Comply with legal obligations and cybersecurity regulations
  • Provide technical support and troubleshooting
  • Analyze trends and optimize user experience
  • Maintain the security and integrity of our systems

Third-Party Services and Resources

Our Site uses certain third-party services and technologies to enhance functionality, security, performance, and user experience. We carefully select these services to minimize data collection while maximizing security and usability:

Google Fonts

We use Google Fonts to enhance the visual presentation of our Site. When you visit our Site, your browser may connect to Google's servers to download the "Sorts Mill Goudy" font family. This includes preconnect links for performance optimization. Google may collect certain information as described in their Privacy Policy. This may include your IP address, browser information, and font usage data.

X (formerly Twitter)

Our Site contains links to our X profile and may load resources from X's servers. We use DNS prefetch links to optimize connection performance to X.com. When you interact with these elements, X may collect information as described in their Privacy Policy. This includes any data you share when clicking on X links or visiting our X profile.

Schema.org Structured Data

We implement Schema.org structured data markup to improve search engine understanding of our content. This markup helps search engines display rich snippets but does not collect personal information from visitors. Schema.org is a markup standard maintained by a community of search engines and webmasters, not a third-party service that collects data.

Web App Experience

Our Site provides a web app-like experience through meta tags and a basic web app manifest. This allows users to add our site to their home screen for quick access, similar to a native app experience. The manifest file contains basic app metadata (name, theme colors) but does not include full Progressive Web App functionality like offline caching or service workers. No personal information is collected through these features.

Content Security Policy

We implement strict Content Security Policy headers to limit the data third parties can access and to enhance your privacy while using our Site. This security measure helps protect against data injection attacks and unauthorized data collection. The CSP is enforced both server-side and client-side to ensure comprehensive protection.

Modern Web APIs

Our Site utilizes several modern browser APIs to enhance user experience:

  • Intersection Observer API: Used for performance-optimized animations and scroll-triggered effects. This API monitors element visibility and does not collect or transmit personal data.
  • Clipboard API: Enables copying of text content to your clipboard. This functionality operates entirely within your browser and does not send data to external servers.
  • Download API: Facilitates secure download of files. Files are generated locally in your browser and do not involve external data transmission.

Performance and Security Technologies

Our Site implements various performance and security technologies:

  • DNS Prefetching: Pre-resolves domain names for faster loading of external resources
  • Preconnect Links: Establishes early connections to critical third-party resources
  • Data URIs and Blob URLs: Used for embedded images, icons, and downloadable content without external dependencies
  • Smooth Scrolling: Enhanced navigation experience using native browser APIs
  • Responsive Design: Mobile-first approach optimized for all device types

Data Minimization: All third-party services are selected with privacy in mind. We implement strict Content Security Policies and only allow necessary connections. No tracking pixels, analytics scripts, or advertising networks are used on our Site.

Data Retention and Storage

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Contact Information: Retained for up to 3 years after your last interaction with us
  • Technical Data: Retained for up to 1 year for security and analytics purposes
  • Service-Related Data: Retained for the duration of our service relationship plus 7 years for legal compliance

We implement appropriate security measures to protect your data during storage and transmission.

We Do Not Sell Your Information

We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. Your privacy is important to us, and we are committed to using your information solely for the purposes described in this Privacy Policy.

Data Security

We implement appropriate technical and organizational security measures to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Secure HTTPS connections with TLS encryption
  • Content Security Policies to prevent data injection
  • Regular security assessments and vulnerability testing
  • Limited access to personal information on a need-to-know basis
  • Secure data transmission protocols
  • Regular security monitoring and incident response procedures
  • Employee training on data protection and privacy

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that any such transfers comply with applicable data protection laws and implement appropriate safeguards, including:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions for countries with equivalent data protection standards
  • Other appropriate safeguards as required by applicable law

Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

  • The right to access the personal information we have about you
  • The right to request correction of inaccurate information
  • The right to request deletion of your information
  • The right to restrict or object to processing
  • The right to data portability
  • The right to withdraw consent (where applicable)
  • The right to lodge a complaint with supervisory authorities

To exercise these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within 30 days, unless additional time is required.

Cookies and Tracking Technologies

Our Site uses minimal tracking technologies:

  • Essential Cookies: Required for basic site functionality
  • Performance Cookies: Help us understand how visitors interact with our Site
  • Third-Party Cookies: Set by Google Fonts and X for their respective services

You can control cookie settings through your browser preferences. However, disabling certain cookies may affect site functionality.

Children's Privacy

Our Site is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will take steps to delete such information.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect and how we use it
  • The right to delete personal information we have collected
  • The right to opt-out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us using the information below.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • The right to erasure ("right to be forgotten")
  • The right to restrict processing
  • The right to data portability
  • The right to object to processing
  • The right to withdraw consent

Our legal basis for processing your data includes legitimate interests, contractual necessity, and consent where applicable.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. The updated version will be indicated by an updated "Last Updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

For material changes that affect how we use your personal information, we will provide notice through our Site or by other means before the changes take effect.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: contact@theorycraftsecurity.com

Security Email: security@theorycraftsecurity.com (for security-related privacy concerns)

Address: Theorycraft Security, United States

Response Time: We aim to respond to all privacy inquiries within 30 days

Data Protection Officer

For privacy-related matters, you may also contact our designated privacy contact at privacy@theorycraftsecurity.com.

© 2025 Theorycraft Security, LLC