We collect only what is necessary: (a) Contact form submissions (name, email, message); (b) API usage metadata (request counts, timestamps, endpoint accessed — no packet content); (c) Account registration data (email, hashed password).
We do not read, store, or analyze the content of SMAC packets beyond what is required for delivery. We do not sell, rent, or share your data with third parties for marketing purposes.
All SMAC packet data is encrypted at rest using AES-256-GCM with per-user keys derived via HKDF-SHA256. Encryption is applied before storage. Plaintext packet content is never written to disk.
API usage logs are retained for 90 days. Account data is retained until you request deletion. Contact form submissions are retained for 12 months.
You have the right to: request a copy of your data; request deletion of your account and all associated data; correct inaccurate information. Send requests to [email protected].
If you are in the EU or California, you have additional rights under GDPR and CCPA respectively. We honor all lawful data subject requests within 30 days.
We use Render.com for infrastructure hosting and Cloudflare for DNS and CDN. Both are bound by their own privacy policies. We do not embed tracking pixels, analytics scripts, or advertising SDKs on this site.
We implement industry-standard security practices including encrypted storage, rate limiting, and authentication on all API endpoints. For security disclosures, email [email protected].
We may update this policy. Material changes will be posted on this page with an updated effective date.