Privacy Policy

01. Why We Process Data

We process personal data based on clear and legitimate grounds. Here's a simple breakdown:

Legitimate Interest We have a genuine interest in providing cybersecurity intelligence and breach detection services. These tools are designed to help security professionals, researchers, and individuals protect themselves.

Public Interest Our services support important societal goals — from helping law enforcement investigate cybercrime to enabling individuals to check if their own data has been exposed in a breach.

Contract Performance When you sign up, we process data to fulfill our agreement with you — managing your account, delivering services, and processing payments.

Your Consent For optional things like marketing emails, we only act with your explicit permission — and you can withdraw it anytime, no questions asked.

💡 Important Distinction Leaksyr provides two main types of services: Breach Intelligence Services (accessing publicly disclosed breach data to help identify compromised credentials) and General OSINT Services (IP lookups, domain analysis, and other investigative tools using publicly available data). The breach data we process has already been publicly disclosed — we don't create, commission, or facilitate any breaches.

02. Information We Collect

Account Essentials Basic details like username, email, and profile info. Passwords are cryptographically hashed and never stored in plain text.

Service Data Minimal technical data needed to keep the platform running smoothly and to prevent abuse.

Payment Info Handled by regulated third-parties. We do not store or access full credit card or banking details on our servers.

03. How We Use Your Information

We use collected information to operate, maintain, and improve our services. Here's what that looks like in practice:

Provide and deliver the services you've requested
Optimize platform performance and safeguard security
Analyze usage trends to improve and innovate our product
Send service-related communications and security alerts
Prevent abuse, fraud, and unauthorized access
Comply with legal obligations when required by law
Support business continuity and operational scaling

04. Third-Party Services

We work with trusted third-party providers to deliver the best experience. Here's what you should know:

Payment Processing Payments are handled by regulated payment processors. We never store your credit card numbers, bank account details, or crypto wallet info on our servers.

Data Providers We rely on reputable third-party APIs and data providers for breach intelligence. These operate under their own privacy policies.

Error Monitoring We use error tracking tools to identify and fix technical issues quickly, collecting anonymized error logs and performance metrics.

Hosting & Infrastructure Our platform is hosted on secure servers with encryption at rest and in transit, processing only the standard server logs necessary for operation.

All third-party service providers are selected based on their security standards.

05. Data Security

Security is at the core of everything we do. Here's how we protect your data:

Encryption All data transmission is encrypted using TLS/SSL protocols. Sensitive database fields are encrypted at rest.

Password Hashing Passwords are stored using industry-standard bcrypt hashing. We never store passwords in plain text or reversible formats.

Access Controls Strict access controls limit data access to authorized personnel only. We implement CSRF protection and rate limiting against abuse.

Monitoring Regular security monitoring, audit logs, and vulnerability assessments help us detect and respond to threats promptly.

No system is 100% bulletproof. While we implement commercially reasonable security measures, we can't guarantee absolute security against every possible threat. But we constantly work to stay ahead.

06. Content Removal Requests

If your personal data appears in our search results, removal requests can be submitted under specific conditions. To protect everyone's privacy and prevent abuse, the process requires proper verification:

Requests must be submitted from an official institutional or organizational email address (e.g., a government, law enforcement, or corporate domain)
The request must include specific details about the data in question and the reason for removal
Each request is evaluated individually, balancing privacy considerations with public interest
We aim to respond within a reasonable timeframe with a clear explanation of our decision

Requests from personal email addresses (Gmail, Outlook, etc.) will not be processed. This policy exists to ensure the integrity and legitimacy of all removal requests.

07. Data Retention & Cookies

We practice data minimization. Your personal information is retained only for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements. Once data is no longer needed, it is securely deleted or anonymized.

Cookies We use essential cookies necessary for the secure operation of the site (such as keeping you logged in). You can control cookie preferences directly through your browser settings.

Account Data Your account data is kept while your account is active. If you delete your account, your personal data is permanently removed from our systems.

08. Your Rights

You have full control over your data. Here are your rights — no fine print, no tricks:

Access You can request a copy of any personal data we hold about you.

Correction You can ask us to correct any inaccurate or incomplete data about you.

Deletion You can request deletion of your personal data. Use our account deletion feature or contact us.

Restrict Processing In certain cases, you can ask us to pause or limit how we process your data.

Data Portability Get your data in a structured, commonly used format to transfer to another service.

Withdraw Consent Where we rely on your consent, you can withdraw it anytime through your account settings.

To exercise any of these rights, simply contact our privacy team. We aim to respond within one month.

09. International Users

We welcome users from around the world. Depending on your location, additional privacy rights may apply under local laws such as:

EU/EEA: Full GDPR rights including access, rectification, erasure, portability, and more
United States: Rights under CCPA (California), VCDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), and other state privacy laws
United Kingdom: Rights under UK GDPR and the Data Protection Act 2018
Canada: PIPEDA protections for personal information
Brazil: LGPD rights including access, correction, and deletion
Australia: Australian Privacy Principles under the Privacy Act 1988

10. International Data Transfers

Our services may involve transferring data across borders. When this happens, we ensure your data remains protected through:

Strong technical and organizational security measures
Encryption of data in transit and at rest
Strict access controls limiting data to authorized personnel only
Contractual commitments with third-party providers to maintain high data protection standards

11. Children's Privacy

Our platform is designed for users who are 18 years of age or older. While we don't actively verify ages, our services and content are intended for an adult audience. If you're a parent or guardian with concerns, feel free to reach out to us — we're happy to help.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll post the updated version on this page and refresh the "Last Updated" date at the top. We encourage you to check back periodically. No sneaky changes — if anything major shifts, we'll make sure it's clearly visible.

Privacy Questions?

If you have any questions about our privacy practices or wish to exercise your rights, don't hesitate to reach out. We're here to help.

[email protected] Telegram

Our Commitment to Privacy