Who we are

Our website address is: https://honeypots.io.

What personal data we collect and why we collect it

Blog & Research Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string. This data is stored on the SQL database, as well as in httpd/nginx server logs and the Piwik database.

Contact forms

Any data submitted through the contact form is sent via TLS through our offshore SMTP provider where your email content is stored in our encrypted web server email inbox. Contact form data is not stored on this web server.

Our storage email servers are hardened roundcube/horde boxes only accessible by private key auth VPN and via SSH to prevent unauthorized access to said storage devices without proper authentication by us.

Every now and then, we may delete all copies of any data stored on our servers.

Cookies

If you visit our login page, we will set a temporary cookie on your browser or device to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Cookies are stored in your browser and they are not stored on our servers. When you delete those cookies, you have to log in again.

Embedded content from other websites

We try to host all content including videos on this web server. Articles on this site may very rarely include embedded content. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

We rarely use embedded content.

Analytics

We collect basic anonymized analytics using Google Analytics, as well as self-hosted Piwik analytics to see who visits HoneyPots.io. Only we use and read these analytics data for our own marketing purposes.

Who we share your data with

We don’t share personally identifiable data with anyone.

We do not share the contents of any exchanges with anyone other than ourselves.

After intial consult, you will be provided an alias that we may change at any time.

Customer service is provided in-house and we maintain a rigorous check on said staff (most often, family).

We don’t share any messages in full that you send to us because we want your details to remain private and confidential as the work we conduct is discreet and confidential in nature.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. Just ask us if you need anything deleted that you can see on this website.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. We might regularly delete your data without your consent anyway.

Additional information

How we protect your data

No customer data is stored on this web server. Most data is stored offline in LUKS encrypted drives with expiring access and necessary re-authentication to prevent unauthorized attacks, cold boot attacks, up to pretty much physical seizure of computer equipment during access of said data.