Platform Pricing Blog Research PALLADIUM Contact
Legal

Privacy Policy

ThreatFight — Effective March 2026

Scope

This policy covers threatfight.com and MalCloud (malcloud.threatfight.com), both operated by ThreatFight. It explains what data we collect, why we collect it, and what happens to it.

Data We Collect

We collect only what you explicitly give us. The contact form at threatfight.com asks for:

  • Name
  • Work email address
  • Area of interest (optional)

We do not run behavioral tracking, advertising pixels, or session recording tools. Cloudflare provides aggregate traffic analytics (page views, referrers, geographic region) as part of our hosting infrastructure. This data is anonymized — no individual user is identified.

Why We Collect It

Contact form submissions are used for two purposes only:

  • Responding to your inquiry
  • Providing relevant product information about MalCloud

We do not send unsolicited marketing email. We do not add you to mailing lists without your consent.

Data Retention

Contact form submissions are retained for as long as the business relationship is active or reasonably anticipated. If you request deletion, we will remove your records within 30 days.

Third Parties

Your data is not sold, rented, or traded to any third party. We use Resend to deliver contact form notifications to our internal team. Resend processes your submission data solely to deliver that email. No other third-party data processors handle contact form data.

MalCloud — Self-Hosted

If you run MalCloud on your own infrastructure, all threat intelligence data, indicators, and configurations remain on your infrastructure. ThreatFight has no access to that data. The self-hosted Community edition does not phone home.

MalCloud — Cloud-Hosted Tiers

For organizations on paid cloud tiers, data is isolated per organization — no cross-tenant access is possible by design. All data is encrypted at rest and in transit. ThreatFight staff access to customer data requires explicit authorization and is logged. We do not use customer threat data for any purpose other than delivering the service.

Your Rights (GDPR)

If you are in the EU or UK, you have the right to access, correct, or delete the personal data we hold about you. To exercise any of these rights, email contact@threatfight.com. We will respond within 30 days.

Security

Contact form submissions are transmitted over TLS. Access to stored submissions is restricted to ThreatFight personnel who need it to respond to inquiries. We do not store payment information — billing is handled by our payment processor and governed by their security practices.

Changes to This Policy

If we make material changes, we will update the effective date at the top of this page. Continued use of our services after a policy update constitutes acceptance of the revised terms.

Contact

Questions about this policy: contact@threatfight.com