Privacy Policy

Threat Vectr (“we”, “us”, “our”) is an independent cybersecurity news publication operated by the imicus group. For the purposes of data protection law, we are the data controller for personal information processed through this website. You can reach us at any time via our contact page.

We collect three kinds of information, and no more than we need:

• Information you give us. If you subscribe to our newsletter we store your email address. If you contact us, we store the message you send and the contact details you choose to include.
• Information collected automatically. Like virtually every website, our servers record technical request data: your IP address, browser and device type (user-agent), the pages you request, referring URL, and timestamp. We derive an approximate country/region from your IP for security and traffic analytics. We do not use this to build advertising profiles.
• Information stored on your device. A small number of first-party cookies and local-storage values needed to run the site — for example, remembering your light/dark theme preference, and (for our own staff) keeping an administrator signed in.

We do not ask for, or knowingly collect, sensitive personal information, and we do not require an account to read the site.

We use the information above only to:

• deliver, maintain, and improve the website and its content;
• send the newsletter you asked for, and let you unsubscribe;
• respond to messages you send us;
• keep the site secure — detecting abuse, blocking attacks, rate-limiting, and investigating suspicious activity;
• understand, in aggregate, what content is read and how the site performs (which stories are popular, broad traffic trends, crawler vs. human traffic).

Where the EU/UK GDPR applies, we rely on the following legal bases: your consent for the newsletter (given via double opt-in, withdrawable at any time); our legitimate interests in running, securing, and analysing our own website; and compliance with legal obligations where we are required to retain or disclose information by law. Where Australian law applies, we handle personal information in line with the Australian Privacy Principles.

We use only first-party cookies and local storage, strictly for things the site needs to work — your theme preference and, for our own administrators, an authenticated session. We do not use third-party advertising or cross-site tracking cookies, and we do not embed third-party trackers or marketing pixels.

You can clear or block cookies in your browser settings. Doing so may reset preferences such as your chosen theme, but you can still read the site.

Any advertising on Threat Vectr is served by our own first-party ad system. We measure ad impressions and clicks in aggregate to understand performance — we do not use third-party ad networks, behavioural tracking cookies, or cross-site profiling to do it. If we ever introduce third-party advertising, we will update this policy to disclose it before it goes live.

Our newsletter is strictly opt-in. When you subscribe, we send a confirmation email and only add you once you confirm (double opt-in). Every email we send includes a one-click unsubscribe link, and you can opt out at any time. We use Resend as our email delivery provider; your email address is shared with them solely to deliver the messages you requested.

We do not sell, rent, or trade your personal information. We share data only with the service providers we rely on to operate the site, and only to the extent they need it:

• Hosting & infrastructure — our servers, which process request data to serve pages.
• Email delivery — Resend, to send newsletter and transactional emails.
• Geolocation — an IP-to-country lookup service used to approximate visitor region for security and analytics.

We may also disclose information if required to do so by law, or where necessary to protect our rights, our users, or the security of the service.

We keep information only as long as we need it. Newsletter subscriptions are kept until you unsubscribe. Contact messages are kept while we deal with your enquiry and for a reasonable period afterwards. Technical request logs are retained in identifiable form for a limited period for security and analytics, after which they are deleted or aggregated into non-identifying statistics.

We take reasonable technical and organisational measures to protect your information: the site is served exclusively over encrypted HTTPS, access to administrative systems is restricted and protected with strong authentication and multi-factor login, and we monitor for and automatically block abusive traffic. No method of transmission or storage is ever completely secure, but we work hard to keep the small amount of data we hold safe.

Depending on where you live, you may have the right to access the personal information we hold about you, to correct it, to have it deleted, to object to or restrict certain processing, and to receive a copy in a portable format. To exercise any of these rights, contact us via the contact page and we will respond within the timeframe required by applicable law. You also have the right to lodge a complaint with your local data protection authority.

Threat Vectr is operated from, and its servers are located in, the United States, and the imicus group is based in Australia. If you access the site from elsewhere, your information will be transferred to and processed in those locations, which may have different data protection laws than your own. Where required, we put appropriate safeguards in place for such transfers.

Threat Vectr is intended for a professional, adult audience. The site is not directed at children, and we do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

We may update this policy from time to time as our practices or the law change. When we do, we will revise the “last updated” date at the top of this page, and for material changes we will give prominent notice. Continuing to use the site after an update means you accept the revised policy.

Questions about this policy or about how we handle your information? Reach us through our contact page, or report a security issue via our security.txt. We're a small team and we read everything.