Privacy Policy
Same content as /privacy on intreys.com — included here for offline / docs-only access.
Privacy Policy
Last updated: April 10, 2026
CyberShelt LLC ("Company", "we", "us") operates the Intreys deep packet inspection platform and the intreys.com website. This Privacy Policy describes how we collect, use, and protect your information.
1. Our Privacy Principles
Intreys is built for security professionals who handle sensitive network data. Our core principle is: your packet data stays on your machine. We designed Intreys to work fully offline, and we never collect, transmit, or have access to your PCAP files, analysis results, or network captures.
2. Information We Collect
2.1 Account Information
When you create an account in the desktop application:
- Username and email address — used for authentication and communication
- Password — stored as a salted PBKDF2-SHA256 hash; we never store or see your plaintext password
- Account role — for access control within the application
Account data is stored locally on your machine in the application data directory. It is not transmitted to our servers unless you initiate a license activation or trial signup.
2.2 License and Billing Information
When you purchase a license or activate a trial:
- Email address — to deliver your license key and billing communications
- Machine fingerprint — a one-way hash of hardware identifiers used to bind licenses to machines; we cannot reverse this to identify your hardware
- License key and tier — stored on our license server to validate your subscription
- Stripe customer ID — we do not store credit card numbers; all payment processing is handled by Stripe
2.3 Website Analytics
The intreys.com website uses Cloudflare Web Analytics, which is privacy-first, cookie-free, and does not track individual users. We collect aggregate page view and visit data only.
2.4 Information We Do NOT Collect
- PCAP files or network capture data
- Analysis results, threat findings, or intelligence reports
- IP addresses of hosts in your captures
- API keys you configure for third-party services
- Any data processed within the desktop application
3. How We Use Information
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | License delivery, account verification, billing notifications, security alerts | Contract performance |
| Machine fingerprint | License binding and seat enforcement | Contract performance |
| Stripe customer ID | Subscription management and billing | Contract performance |
| Aggregate website analytics | Improve website content and performance | Legitimate interest |
4. Third-Party Services
We use the following third-party services:
- Stripe — Payment processing. See Stripe's Privacy Policy
- Resend — Transactional email delivery. See Resend's Privacy Policy
- Cloudflare — Website hosting, license server infrastructure, and web analytics. See Cloudflare's Privacy Policy
The desktop application may optionally connect to third-party threat intelligence APIs (AbuseIPDB, VirusTotal, GreyNoise, Shodan, OTX, URLScan) if you enable online enrichment and provide your own API keys. These connections are initiated by you and governed by those services' privacy policies. We do not act as an intermediary for these requests.
5. Data Storage and Security
- Local application data (accounts, analysis, settings) is stored on your machine in the application data directory and encrypted at rest where applicable
- License data on our server is stored in Cloudflare Workers KV with encryption at rest
- We use Ed25519 digital signatures to prevent license tampering
- Authentication tokens use HMAC-SHA256 with 24-hour expiry
- All communications with license.intreys.com use TLS 1.3
6. Data Retention
- Local application data: Retained until you delete the application or clear its data
- License records: Retained for the duration of your subscription plus 90 days
- Audit logs: Local audit logs auto-prune after 90 days
- Billing records: Retained per Stripe's policies and applicable tax law requirements
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access — Request a copy of the personal data we hold about you
- Correction — Request correction of inaccurate data
- Deletion — Request deletion of your data (subject to legal obligations)
- Portability — Request your data in a machine-readable format
- Objection — Object to processing based on legitimate interest
To exercise these rights, email [email protected]. We will respond within 30 days.
8. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information:
8.1 Right to Know
You have the right to request that we disclose what personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it. The categories of personal information we collect are described in Section 2 above.
8.2 Right to Delete
You have the right to request that we delete the personal information we have collected about you, subject to certain exceptions provided by law (such as legal compliance obligations or completing a transaction you requested).
8.3 Right to Opt-Out of Sale or Sharing
You have the right to opt out of the sale or sharing of your personal information. We do not sell your personal information, nor do we share it for cross-context behavioral advertising. We only disclose personal information to third-party service providers as described in Section 4 for the purposes of operating our business.
8.4 Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, provide a different level or quality of service, or suggest that you will receive any of these as a consequence of exercising your privacy rights.
8.5 Exercising Your Rights
To submit a request to know, delete, or exercise any other right under the CCPA/CPRA, contact us at [email protected]. You may also designate an authorized agent to make a request on your behalf.
8.6 Verification Process
When you submit a request, we will verify your identity by matching information you provide against the data we have on file (such as your email address associated with your account or license). We may ask you to confirm additional details if needed. For requests submitted by an authorized agent, we require written authorization from you along with identity verification.
8.7 Response Timeframe
We will acknowledge your request within 10 business days and provide a substantive response within 45 calendar days of receiving your verified request. If we need additional time, we will notify you of the extension and the reason, for a maximum total response period of 90 calendar days.
9. International Transfers
Our license server runs on Cloudflare's global network. License validation requests are routed to the nearest Cloudflare data center. If you are located outside the United States, your license data (email and machine fingerprint) may be processed in the US. We rely on Cloudflare's data processing agreements and standard contractual clauses for international transfers.
10. Children's Privacy
The Service is not directed to children under 16. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify existing subscribers of material changes via email at least 30 days in advance. The "Last updated" date at the top indicates the most recent revision.
12. Contact
For privacy questions or data requests:
CyberShelt LLC
Email: [email protected]
Support: [email protected]