Exploit Database Privacy Statement
Holding onto your private information is a serious responsibility, and we want you to know how we're handling it.
Summary
We only collect the information you choose to give us and we process it with your consent, or on another legal basis. We only require the minimum amount of personal information that is necessary to fulfill the purpose of your interaction with us. We don't sell it to third parties and we only use it as this Privacy Statement describes. No matter where you are, where you live, or what your citizenship is, we provide the same standard of privacy protection to all our users around the world, regardless of their country of origin or location.
What Information we Collect and Why
Information from Website Browsers
If you are just browsing the website, we collect the same basic information that most websites collect. We use common Internet technologies such as cookies and web server logs. This is stuff we collect from everybody, whether they have an account or not.
The information we collect about all visitors to our website includes the visitor’s browser type, language preference, referring site, additional websites requested, and the date and time of each visitor request. We also collect potentially personally- identifying information like Internet Protocol (IP) addresses.
Why we collect this information
We collect this information to better understand how our website visitors use The Exploit Database and to monitor and protect the security of the website.
Information from Users with Accounts
If you create an account, we require some basic information at the time of account creation. You will create your own user name and password and we will ask you for a valid email address. You also have the option to give us more information if you want to, and this may include "User Personal Information."
"User Personal Information" is any information about one of our users which could, alone or together with other information, personally identify them. Information such as a user name and password, an email address, a real name, and a photograph are examples of “User Personal Information.” User Personal Information includes Personal Data as defined in the General Data Protection Regulation.
User Personal Information does not include aggregated, non-personally identifying information. We may use aggregated, non-personally identifying information to operate, improve, and optimize our website and service.
Why we collect this information
- We need your User Personal Information to create your account and to provide the services you request or to respond to support requests
- We use your User Personal Information, specifically your user name, to identify you on The Exploit Database
- We will use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay
- We use your User Personal Information for internal purposes, such as to maintain logs for security reasons, for training purposes, and for legal documentation
- We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first
Our Legal Basis for Processing Information
Under certain international laws (including GDPR), The Exploit Database is required to notify you about the legal basis on which we process User Personal Information. The Exploit Database processes User Personal Information on the following legal bases:
- When you create an Exploit Database account, you provide your user name and an email address. We require those data elements for you to enter into the Terms of Service agreement with us and we process those elements on the basis of performing that contract. We also process your user name and email address on other bases. If you have a paid account with us, there will be other data elements we must collect and process on the basis of performing that contract. The Exploit Database does not collect or process a credit card number, but our third-party payment processor does
- Generally, the remainder of the processing of personal information we perform is necessary for the purposes of our legitimate interests. For example, for security purposes, we must keep logs of IP addresses that access The Exploit Database and in order to respond to legal process, we are required to keep records of users who have sent and received DMCA takedown notices
What Information The Exploit Database does not Collect
We do not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information. Although The Exploit Database does not request or intentionally collect any sensitive personal information, we realize that you might store this kind of information in your account, such as in your public profile. If you store any sensitive personal information on our servers, you are responsible for complying with any regulatory controls regarding that data.
If you're a child under the age of 13, you may not have an account on The Exploit Database. The Exploit Database does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will unfortunately have to close your account. Other countries may have different minimum age limits and if you are below the minimum age for providing consent for data collection in your country, you may not use The Exploit Database without obtaining your parents' or legal guardians' consent.
How we Share the Information we Collect
We do share User Personal Information with your permission, so we can perform services you have requested or communicate on your behalf.
We do not share, sell, rent, or trade User Personal Information with third parties for their commercial purposes.
We do not host advertising on The Exploit Database. We may occasionally embed content from third party sites, such as YouTube, and that content may include ads. While we try to minimize the amount of ads our embedded content contains, we can't always control what third parties show.
We do not disclose User Personal Information outside The Exploit Database, except in the situations listed in this section or in the section below on Compelled Disclosure.
We do share User Personal Information with a limited number of third party vendors who process it on our behalf to provide or improve our service, and who have agreed to privacy restrictions similar to our own Privacy Statement by signing data protection agreements. Our vendors perform services such as payment processing, customer support ticketing, network data transmission, and other similar services.
How you can Access and Control the Information we Collect
If you have an Exploit Database user account, you may access, update, alter, or delete your basic user profile information by editing your user profile. You can control the information we collect about you by limiting what information is in your profile and by updating out of date information.
Data Retention and Deletion of Data
Generally, The Exploit Database will retain User Personal Information for as long as your account is active or as needed to provide you services.
We may retain certain User Personal Information indefinitely unless you delete it or request its deletion. For example, we don’t automatically delete inactive user accounts, so unless you choose to delete your account, we will retain your account information indefinitely.
If you would like to cancel your account or delete your User Personal Information, you may do so in your user profile. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. You may contact us to request the erasure of the data we process on the basis of consent within 30 days.
Cookies and Tracking
Cookies
The Exploit Database uses cookies to make interactions with our service easy and meaningful. We use cookies (and similar technologies, like HTML5 localStorage) to keep you logged in, remember your preferences, and provide information for future development of The Exploit Database. We also use cookies to identify a device, for security reasons. By using our website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept cookies, you will not be able to log in or use Exploit Database services.
The Exploit Database sets the following cookies on our users for the following reasons:
-
laravel_token
- Authentication cookie -
XSRF-TOKEN
- CSRF token -
laravel_session
- Session cookie
Tracking and Analytics
We use a number of third party analytics and service providers to help us evaluate our users' use of The Exploit Database, compile statistical reports on activity, and improve our content and website performance. We only use these third party analytics providers on certain areas of our website, and all of them limit the type of personal information they can collect and the purpose for which they can process the information.
We do not permit third parties other than our analytics and service providers to track user activity over time on The Exploit Database. We do not track your online browsing activity on other online services.
How The Exploit Database Secures your Information
The Exploit Database takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction, maintain data accuracy, and help ensure the appropriate use of User Personal Information.
In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected users without undue delay.
Compelled Disclosure
The Exploit Database may disclose personally-identifying information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar government order.
In complying with court orders and similar legal processes, The Exploit Database strives for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so.
How we Communicate with You
We will use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay. For example, if you contact our Support team with a request, we will respond to you via email.
Please note that you can not opt out of receiving important communications from us, such as mails from our Support team or system emails
Contacting The Exploit Database
If you have any questions about our Privacy Policy or our data practices, please contact us.