Privacy Policy — IoTSploit

01 Information We Collect

IoTSploit only collects limited information required for account and service operation.

Category	Examples	Purpose
Account	Username, phone number, login credentials, account status	Account creation and access
Technical	IP address, browser type, device type, OS, access time, security event logs	Security, troubleshooting, abuse prevention
Communication	Name or account ID, phone/contact details, support message content	Responding to support requests
Never	Scan results, exploit results, target device info, network packet contents, vulnerability reports, payloads, local files	Not collected

02 Information We Do Not Collect

IoTSploit does not collect, upload, monitor, sell, or share users' security testing data. Specifically, we do not collect:

IoT device credentials or target device information
Network packet contents or scan results
Exploit results or vulnerability reports generated by users
Payloads used in testing or test environment data
Local files from users' devices
Sensitive personal information such as race, religion, political opinions, health information, biometric data, or precise location data

Unless explicitly stated otherwise, data generated by IoTSploit tools remains entirely under the user's control.

03 Local and Self-Hosted Tool Data

IoTSploit tools may be used in local, private, or self-hosted testing environments. For local or self-hosted use, IoTSploit does not have access to:

Your local test environment or target devices
Your scan outputs or test logs
Your exploit results or vulnerability analysis data

Users are responsible for managing, protecting, and lawfully using any data generated in their own testing environments.

04 How We Use Information

We use the limited information we collect only for the following purposes:

Creating and managing user accounts
Verifying login or account ownership
Providing access to IoTSploit services
Maintaining website and account security
Preventing abuse, unauthorized access, fraud, or attacks
Responding to user support requests
Improving service stability and reliability
Complying with applicable legal obligations

We do not sell personal information. We do not use user testing data for advertising, profiling, or third-party marketing.

05 Cookies and Tracking

IoTSploit may use essential cookies or similar technologies for basic website functionality, such as:

Login sessions and account authentication
Security protection and service availability

We do not use advertising cookies. We do not sell tracking data. If analytics tools are introduced in the future, this Privacy Policy will be updated to explain what data is collected and how it is used.

06 Data Sharing and Disclosure

IoTSploit does not sell, rent, or trade personal information. We may disclose limited information only in the following situations:

When required by law, regulation, legal process, or government request
When necessary to protect the security, rights, or integrity of IoTSploit, our users, or the public
To trusted service providers who help operate our website or account system, under appropriate confidentiality and security obligations
With your explicit consent

We do not share users' scan results, exploit results, target information, or vulnerability testing data with third parties.

07 Data Retention

We retain personal information only for as long as necessary for the purposes described in this Privacy Policy.

Account information — retained while the account is active
Security logs — retained for a limited period for abuse prevention and security investigation
Support communications — retained as needed to respond to requests and maintain support history

Users may request deletion of their account information by contacting us.

08 Security

We use reasonable technical and organizational measures to protect the limited personal information we collect. These measures may include:

Access control and secure credential storage
Encryption in transit where applicable
Security logging and abuse detection
Data minimization and regular review of security practices

However, no internet-based service or software system can be guaranteed to be completely secure. Users are responsible for protecting their own accounts, passwords, devices, test environments, and authorization scope.

09 User Responsibilities

IoTSploit is intended only for lawful and authorized security testing. Users are responsible for ensuring that they have proper permission before using IoTSploit tools against any device, system, network, firmware, or application.

IoTSploit is not responsible for unauthorized, illegal, or improper use of its tools.

10 Your Rights

Depending on your location and applicable law, you may have the right to:

Access your personal information
Correct inaccurate information
Request deletion of your personal information
Withdraw consent where processing is based on consent
Object to or restrict certain processing
Request information about how your data is used

To exercise these rights, please contact us using the contact information below.

11 Children's Privacy

IoTSploit is not intended for children. We do not knowingly collect personal information from children. If you believe that a child has provided personal information to us, please contact us and we will take appropriate action.

12 Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this page. Significant changes may be communicated through the website or other appropriate means.

13 Contact Us

If you have any questions about this Privacy Policy or how IoTSploit handles personal information, please contact us:

The IoTSploit Authors

Website: iotsploit.org
Email: support@iotsploit.org