Privacy Policy

1. Purpose of Data Processing

ReconX processes publicly available internet data for informational and security research purposes. We provide open-source intelligence (OSINT) tools through our search engine and automated crawlers.

The primary purposes of our data processing include:

• Providing threat intelligence search capabilities
• Enabling security research and investigations
• Facilitating data breach monitoring services
• Supporting legitimate cybersecurity activities

2. Information Collected on Visitors

General Policy

ReconX minimizes data collection from visitors. We do not create user profiles or track visitors across websites.

Security Logs

We collect security logs to investigate and prevent attacks including DDoS attacks, SQL injections, abuse, fraud, and unauthorized access attempts. This information may be shared with law enforcement authorities when required.

Shadow Profiles

We do not create shadow profiles. We do not collect data about non-registered users beyond what is necessary for security purposes.

Search History

For non-registered users, search queries are not stored in our database. Guest searches are rate-limited by IP address, but this information is temporary and not used for profiling.

3. Information Collected on Registered Users

Required Information

When you create an account, we collect the following information:

• Username and password (password stored using bcrypt hashing)
• Email address
• Registration date and last login date
• IP address at registration and login

Payment Information

Payments are processed through third-party cryptocurrency payment providers (Cryptomus and NowPayments). We do not store cryptocurrency wallet addresses or payment details on our servers. Our payment providers handle all transaction data according to their respective privacy policies.

Cookies

We use essential cookies for session management and service functionality. These cookies are necessary for the proper operation of our platform and cannot be disabled while using our Services.

4. Your Data Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and similar privacy laws, you have the following rights:

5. Data Retention

We retain personal data for the following periods:

• Active account data: Retained while your account is active
• Post-termination: Personal data may be retained for up to three years after account termination for potential contractual claims
• Security logs: Retained as necessary for security and legal purposes
• Payment records: Retained as required by applicable tax and financial regulations

6. Indexed Data and Content Removal

Public Data Collection

Our automated crawlers index publicly available content and material that serves legitimate public interest. Crawled content is stored to enhance search results and provide historical context.

Content Removal Requests

You may request removal of content through our Abuse Policy page for:

• Personal data where no legitimate public interest exists
• Intellectual property violations
• Unlawful content (malware, phishing, illegal material)
• Content where your privacy interests outweigh public interest

Removal Considerations

Content may be removed when personal data is unnecessary for our service, when legitimate public interest is outweighed by privacy concerns, or when processing was unlawful. However, removal requests may be denied when legitimate public interest (such as information about public figures or institutions) outweighs individual privacy interests.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• All data is encrypted in transit using TLS/SSL
• Passwords are hashed using bcrypt algorithm
• Access to personal data is restricted to authorized personnel
• Regular security assessments and updates are performed
• We maintain incident response procedures for data breaches

8. Third-Party Services

We use the following third-party services that may process your data:

• Payment Providers: Cryptomus and NowPayments for cryptocurrency payments
• Infrastructure: Cloud hosting providers for service delivery

We do not sell your personal data to third parties. Data sharing is limited to what is necessary for service provision.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

10. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through our platform. We encourage you to review this policy periodically for any updates.