At DCYFR Labs, we believe in transparency and privacy by design. This policy explains how we collect, use, and protect your information when you visit our website.
Last Updated: January 16, 2026
Our Privacy Principles
- Minimal Data Collection: We only collect what's absolutely necessary
- Privacy-First Analytics: We use privacy-respecting analytics that don't track individuals or use cookies
- Transparent Processing: You know exactly what data we handle and why
- Secure Storage: All data is encrypted and protected
- Your Control: You can request deletion of your data at any time
Information We Collect
1. Contact Form Submissions
When you submit our contact form, we collect:
- Your name
- Email address
- Message content
Purpose: To respond to your inquiries and provide support.
Storage: Contact form data is processed via Inngest and not permanently stored. We only retain your email in our inbox for correspondence purposes.
2. Browser Data (localStorage)
We store preferences locally in your browser to enhance your experience:
- Search History: Recent searches in command palette
- Bookmarks: Saved blog posts and pages
- Likes: Activity engagement (blog posts, projects)
Purpose: Personalize your experience with saved preferences.
Storage: Client-side only (not shared with server unless you log in).
Control: Clear via browser settings or our UI.
3. Session Data
For certain interactive features, we create temporary encrypted sessions:
- Session identifier (randomly generated)
- Temporary preferences
Purpose: To maintain state for interactive features.
Storage: Encrypted in Vercel Redis (managed Redis service) with automatic expiration (24-48 hours).
Security: All session data is encrypted using industry-standard encryption (AES-256-GCM).
Provider: Vercel (powered by Upstash infrastructure, GDPR-compliant)
4. Server Logs
Our hosting provider (Vercel) automatically collects:
- IP address (anonymized)
- Browser type and version
- Pages visited
- Timestamps
Purpose: Security monitoring, error detection, and performance optimization.
Retention: Automatically deleted after 30 days (Vercel's standard retention).
5. Public Data (GitHub)
We display publicly available data from GitHub:
- Repository stars and forks
- Public activity feed
Source: GitHub's public API.
Note: This data is already publicly accessible on GitHub.
What We Don't Collect
We explicitly do not collect or use:
- Cookies: We don't use any cookies (first-party or third-party)
- Individual User Tracking: No cross-site tracking, user profiles, or behavioral analysis
- Invasive Analytics: No Google Analytics, Facebook Pixel, or similar tracking platforms that follow users across the web
- Advertising Data: No ad networks or retargeting pixels
- Social Media Tracking: No social media plugins that track you
- Fingerprinting: We don't create browser fingerprints or device identifiers
- Sensitive Personal Information: No SSN, payment info, health records, or similar sensitive data
Analytics (Privacy-First)
We use Vercel Analytics and Speed Insights to understand how our website performs. Unlike traditional analytics platforms, these are privacy-first services:
What We Collect
- Page Views: Aggregated visitor counts (no individual tracking)
- Performance Metrics: Page load times, Core Web Vitals
- Geographic Data: Country-level location (no precise location)
- Referrer Data: Where visitors come from (aggregated)
Privacy Protections
- No Cookies: Vercel Analytics does not use cookies
- No User Tracking: Does not track individuals across sessions or websites
- No User Profiles: Does not create profiles or behavioral data
- GDPR Compliant: Fully compliant with GDPR and privacy regulations
- Aggregated Only: All data is anonymized and aggregated
How This Differs from Traditional Analytics
Vercel Analytics is fundamentally different from Google Analytics, Facebook Pixel, and similar platforms:
- Does not track individual users or create identifiers
- Does not share data with advertisers or third parties
- Does not use cookies or persistent storage
- Does not follow users across different websites
- Uses edge computing to aggregate data before storage
Data Retention & Control
Retention: Analytics data is retained for 30 days (Vercel's standard retention).
Opt-out: You can opt out by enabling "Do Not Track" in your browser settings.
Learn More: Vercel Analytics Privacy Policy
Third-Party Services
We use the following trusted third-party services to operate our website:
Vercel (Hosting & Infrastructure)
- Purpose: Website hosting, content delivery, and performance optimization
- Data Processed: Server logs (IP addresses, user agents, page visits)
- Privacy Policy: Vercel Privacy Policy
- Location: Data centers in the United States
Inngest (Background Jobs)
- Purpose: Processing contact form submissions and scheduled tasks
- Data Processed: Contact form data (name, email, message) - transient only
- Privacy Policy: Inngest Privacy Policy
- Retention: Job data deleted after 7 days
Sentry (Error Monitoring)
- Purpose: Error tracking, performance monitoring, and uptime monitoring
- Data Processed: Error messages, stack traces, anonymized user context
- Privacy Policy: Sentry Privacy Policy
- PII Scrubbing: Automatically removes sensitive information from error reports
Axiom (Web Vitals Analytics)
- Purpose: Real-time performance monitoring and Web Vitals tracking
- Data Collected: Core Web Vitals metrics (LCP, FID, CLS, FCP, TTFB, INP), user agent, device type, connection type, geographic location (country-level), route path
- Privacy Policy: Axiom Privacy Policy
- Retention: Performance data retained for 30 days
- Privacy Features: No individual user tracking, aggregate metrics only
Vercel Redis
- Purpose: Encrypted session storage for interactive features
- Data Stored: Encrypted session identifiers and temporary preferences
- Privacy Policy: Vercel Privacy Policy | Vercel Redis Integration
- Infrastructure: Powered by Upstash, managed by Vercel
- Data Centers: Global regions (GDPR-compliant)
- Retention: Automatic expiration after 24-48 hours
GitHub (Public Data)
- Purpose: Displaying public repository activity and project information
- Data Accessed: Public repository data only (stars, forks, activity feed)
- Privacy Policy: GitHub Privacy Statement
How We Use Your Information
We use the minimal data we collect only for these purposes:
- Communication: To respond to your contact form inquiries
- Security: To protect against abuse, spam, and malicious activity
- Performance: To optimize website performance and fix errors
- Legal Compliance: To comply with applicable laws and regulations
We never sell, rent, or share your personal information with third parties for marketing purposes.
Data Security
We implement industry-standard security measures to protect your information:
- Encryption in Transit: All data transmitted via HTTPS/TLS 1.3
- Encryption at Rest: Session data encrypted using AES-256-GCM
- Access Control: Strict authentication and authorization for all systems
- Security Monitoring: 24/7 automated security scanning and alerts
- Regular Audits: Monthly security audits and vulnerability scanning
- Incident Response: Documented procedures for security incidents
Data Retention
We retain data only as long as necessary:
- Contact Form Data: Not stored (transient processing only)
- Session Data: Automatically deleted after 24-48 hours
- Server Logs: Deleted after 30 days (Vercel retention policy)
- Error Logs: Retained for 90 days for debugging (Sentry)
- Email Correspondence: Retained in inbox until conversation complete
Your Privacy Rights
You have the following rights regarding your personal information:
- Right to Access: Request a copy of the data we have about you
- Right to Deletion: Request deletion of your data
- Right to Correction: Request correction of inaccurate data
- Right to Object: Object to processing of your data
- Right to Portability: Request your data in a portable format
To exercise these rights, contact us.
International Users
DCYFR Labs operates from the United States. If you access our website from outside the United States, please be aware that:
- Your information may be transferred to and stored in the United States
- U.S. data protection laws may differ from those in your country
- By using our website, you consent to this transfer and processing
For users in the European Economic Area (EEA), we comply with GDPR requirements through our minimal data collection practices and transparent processing.
Children's Privacy
Our website is not directed to children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will delete it.
Changes to This Privacy Policy
We may update this privacy policy from time to time. When we do:
- We will update the "Last Updated" date at the top of this page
- For significant changes, we will provide prominent notice on our website
- We encourage you to review this policy periodically
Contact Us
If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us. We aim to respond within 48 hours.
Legal Basis for Processing (GDPR)
For users in the EEA, our legal basis for processing personal data is:
- Consent: When you submit a contact form or engage with interactive features
- Legitimate Interests: To operate our website, improve performance, and ensure security
- Legal Obligation: To comply with applicable laws and regulations