PRIVACY POLICY - IoTSec Forum

Domain: iotsec.in

:clipboard: FOREWORD

This privacy policy is specifically tailored for IoTSec Forum - a technical security research community covering Android reverse engineering, Windows exploit development, and IoT/embedded security. Our policies reflect the unique needs of security researchers while protecting user privacy.

1. WHAT INFORMATION DO WE COLLECT?

We collect information to provide and improve our security research community platform.

1.1 Information You Provide

  • Account Information: Username, email address, password (encrypted)
  • Profile Information: Avatar, biography, website, GitHub/Twitter handles (optional)
  • Content: Posts, comments, direct messages, code snippets, exploit writeups
  • Uploads: Firmware samples, binary files, screenshots, log files (limited to 10MB)

1.2 Information Collected Automatically

  • IP Addresses: Collected with every post and page view
  • Browser Data: User agent, referrer, device type
  • Reading History: Topics viewed, time spent, scroll depth
  • Search Queries: Internal forum searches
  • Email Verification: Confirmation link timestamps

1.3 Legal Basis (GDPR)

We process your data under:

  • Consent: When you voluntarily register and post
  • Legitimate Interests: Forum security, spam prevention, community safety
  • Legal Obligation: Compliance with Indian IT Act 2000

2. HOW DO WE USE YOUR INFORMATION?

2.1 Core Operations

  • :white_check_mark: Account management - Registration, login, profile customization
  • :white_check_mark: Content delivery - Display your posts, code, and research
  • :white_check_mark: Notifications - Email alerts for replies, mentions, watched topics
  • :white_check_mark: Search functionality - Index your content for discovery
  • :white_check_mark: Spam prevention - Analyze posting patterns and IPs

2.2 Security Research Operations

  • :white_check_mark: Vulnerability coordination - Contact researchers about disclosed CVEs
  • :white_check_mark: Exploit verification - Validate proof-of-concept code
  • :white_check_mark: Abuse investigation - Review content flagged by community
  • :white_check_mark: Legal compliance - Respond to lawful requests

2.3 NEVER Used For

  • :cross_mark: Selling your data to third parties
  • :cross_mark: Advertising profiling
  • :cross_mark: AI training without explicit consent
  • :cross_mark: Marketing unrelated to forum operations

3. HOW DO WE PROTECT YOUR INFORMATION?

3.1 Technical Measures

  • Encryption: TLS 1.3 (HTTPS) for all connections
  • Hashing: Passwords bcrypted with work factor 12+
  • Data isolation: Strict database access controls
  • Backups: Encrypted, retained 30 days
  • DDoS protection: Cloudflare Enterprise

3.2 Organizational Measures

  • Staff training: Privacy and security protocols
  • Access logs: All admin actions audited
  • Breach notification: 72-hour disclosure policy
  • Vulnerability disclosure: security@iotsec.in

4. DATA RETENTION POLICY

Data Type Retention Period Rationale
Posts & Topics Indefinite Permanent research archive
Direct Messages Indefinite User communication history
IP Addresses (posts) Indefinite (linked to post) Abuse prevention, CVE attribution
Server Logs 30 days Performance monitoring
Deleted Content 30 days (soft delete) Accidental deletion recovery
Draft Posts 180 days Unfinished research
Email Addresses Until account deletion Account recovery, notifications
Banned Users 7 years (hash only) Ban evasion prevention

Note: Security researchers often reference forum posts years later in academic papers, conference talks, and exploit databases. We retain technical content indefinitely as a service to the security community.

5. COOKIES & TRACKING

5.1 Strictly Necessary

Cookie Purpose Duration
_t Session authentication Session
_forum_session Login state Session
dosp CSRF protection Session

5.2 Functional

Cookie Purpose Duration
theme_key Dark/light mode preference 1 year
bookmarks Saved topics 1 year
watched_tags Tag subscriptions 1 year

5.3 Analytics (Optional)

We use Plausible Analytics - privacy-focused, no cookies, no personal data collected. You cannot be identified.

Opt-out: No action needed - we don’t track across sites.

6. DATA DISCLOSURE

6.1 We Share With:

Recipient Purpose Data Shared
Cloudflare CDN, DDoS protection IP address (transient)
Hostinger Hosting infrastructure Server logs (30 days)
Hostinger Emial Email delivery Email address, username
Moderators Community management Posts, IP addresses

7. THIRD-PARTY LINKS

Our forum contains links to:

  • GitHub/GitLab - Exploit code repositories
  • Academic papers - arxiv.org, scholar.google.com
  • Vulnerability databases - CVE.org, NVD, Exploit-DB
  • Researcher websites - Personal blogs, company pages

We are not responsible for their privacy practices. Check their policies before submitting personal information.

8. YOUR RIGHTS

8.1 All Users

  • :white_check_mark: Access - Download your posts and data via Admin panel
  • :white_check_mark: Correction - Edit your profile and posts
  • :white_check_mark: Deletion - Delete individual posts or entire account
  • :white_check_mark: Objection - Opt out of non-essential emails

8.2 GDPR (EU Citizens)

  • Right to erasure (“right to be forgotten”)
  • Right to data portability (JSON export)
  • Right to restriction of processing
  • Lodge complaint with local DPA

8.3 Exercising Rights

Email: privacy@iotsec.in
Response time: Within 7 days
Identity verification: Required for sensitive requests

9. CHILDREN’S PRIVACY (COPPA)

Minimum age: 13 years

This is a technical security research forum discussing:

  • Exploit development
  • Reverse engineering
  • Hardware hacking

We do not knowingly collect information from children under 13. If you believe a child has registered, contact us immediately for deletion.

11. CHANGES TO THIS POLICY

We will notify users of material changes:

  • :white_check_mark: Banner on forum homepage - 14 days before
  • :white_check_mark: Email to registered users
  • :white_check_mark: Topic in “Announcements” category

Current version: v2.0

13. YOUR CONSENT

By using IoTSec Forum, you acknowledge that:

  1. You have read this Privacy Policy
  2. You are at least 13 years old
  3. You understand this is a public research archive
  4. Your published research may be cited indefinitely

Withdrawal of consent: Delete your account at any time.

This Privacy Policy is licensed under CC-BY-SA 4.0. Adapted from Discourse.org template with modifications for security research communities.

:white_check_mark: QUICK REFERENCE FOR USERS

I want to… How to do it
Delete my account Settings → Account → Delete
Download my data Settings → Export → JSON/CSV
Stop emails Settings → Notifications → Uncheck all
Report a privacy issue Email privacy@iotsec.in
Contact DPO Email dpo@iotsec.in