Privacy Policy
Effective: May 1, 2026
This Privacy Policy describes how SilentFox Labs ("we", "us") collects, uses, and shares information when you use BlackLeak Intel (the "Service") at blackleakintel.io.
1. Information we collect
To operate the Service we collect:
- Account data — email address, company name, optional profile information you provide at signup or in your dashboard.
- Authentication data — hashed passwords, refresh-token hashes, and login history (IP, user agent, country, timestamp).
- Usage data — search queries, the API endpoints you call, response timings, and aggregate row counts. Used for quota enforcement and abuse detection.
- Payment data — handled by our payment processor (Stripe). We never see or store card numbers; Stripe returns a customer ID and a subscription ID, which is what we keep.
- Cookies — strictly-necessary HttpOnly session cookies (
bl_access,bl_refresh) for authentication. We do not use marketing or analytics cookies.
2. How we use information
- To provide and operate the Service (authenticate you, run queries, enforce plan limits).
- To detect and prevent abuse (anomalous IP changes, credential-stuffing, quota evasion).
- To bill you and provide receipts via Stripe.
- To communicate with you about your account (activation, password reset, security alerts).
We do not sell your data, ever. We do not use your data to train any external AI model.
3. How we share information
We share data only with the processors required to run the Service:
- Stripe — payment processing and Customer Portal (subject to Stripe's Privacy Policy).
- SMTP provider — to deliver activation, password-reset, and security-alert emails.
- Infrastructure providers — the cloud and hosting providers running the Service.
We will share data when legally compelled (subpoena, court order). We will notify you unless prohibited from doing so.
4. Data retention
- Account data is kept for as long as your account is active and for 90 days after deletion.
- Usage logs are retained for 12 months for billing and abuse-investigation purposes.
- Login history is retained for 12 months.
- Stripe billing records are retained per Stripe's and applicable tax-law requirements (typically 7 years for invoices).
5. Your rights
You can access, export, correct, or delete your personal data at any time by emailing privacy@silentfoxlabs.com. EU/EEA, UK, and California residents have additional rights under GDPR and CCPA — those rights are honored on request, free of charge.
6. Security
Passwords are hashed with bcrypt. Access tokens are HttpOnly cookies signed with HMAC. Refresh tokens are pepper-hashed before storage so a read-only DB leak alone does not yield session tokens. The Service is delivered over HTTPS only.
7. Changes
We will post material changes on this page and notify active users by email at least 14 days before the new terms take effect.
8. Contact
Privacy questions or data-rights requests: privacy@silentfoxlabs.com.
BlackLeak Intel is a product of SilentFox Labs. Questions? Email legal@silentfoxlabs.com.