Security:Lab

Legal — Privacy Policy

Privacy Policy

Last updated: 2026-04-23

Security:Lab("Service") collects and processes only the minimum data required to operate. This policy explains what we collect, why, how long we keep it, and your rights.

1. What we collect

Automatically collected during a scan

  • Target domain / host: required to run the scan and produce the report.
  • Ownership verification token: proof of control over the domain.
  • Scan report (JSON): for display on the report page.
  • Client IP, User-Agent, timestamp: for abuse prevention (rate limiting) and security logs.

What we do not collect

  • Personal identifiers (name, address, government IDs, phone).
  • Payment information (processed by third-party payment providers only).
  • Behavioral tracking cookies (language preference cookie excepted).

2. Cookies

  • sl_locale: stores your language preference (ko / en). Valid for one year. You can delete it any time from your browser.

3. Retention

  • Ownership tokens: up to 7 days after scan completion.
  • Scan reports: up to 7 days, then automatically deleted.
  • Rate-limit records: in-memory, up to 1 hour.
  • Records subject to legal retention obligations are kept for the required period.

4. Third parties

We do not share your data with third parties. However, the following external services are called for the minimum required purpose:

  • OSV.dev: sends only the detected library name and version string (no user identifier). Purpose: CVE lookup.
  • HTTP/DNS requests to the target domain are made directly for the audit, with User-Agent: SecurityLabBot/0.1 in the request headers.

5. Your rights

You may request access to or deletion of collected data at any time. Please contact us using the email below. We will respond within a reasonable time (typically 7 days).

6. Deletion procedure

  • Database records: permanently deleted by automatic cleanup jobs.
  • Log files: discarded on restart or via periodic rotation.

7. Safeguards

  • HTTPS in transit · data minimization · least-privilege access.
  • We never collect reusable identifiers (e.g., passwords) from other services.

8. Contact

Operator: elab-studio · Email: gdode2080@gmail.com

9. Changes

This policy may be updated in response to changes in applicable law or the Service. Updates will be published on this page.

Home
TermsDisclosure