Privacy Policy

OSINT Library ("we," "us," or "our") operates the website osintlibrary.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Service. We are committed to protecting your privacy and handling your data in an open and transparent manner.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access the Service.

2.1 Account Information

When you create an account, we collect your email address and a hashed password. We never store passwords in plaintext. If you enable two-factor authentication (TOTP), the TOTP secret is encrypted at rest.

2.2 User-Generated Content

When you interact with the Service, we may collect data you voluntarily provide, including:

• Tool suggestions (tool name, URL, description)
• Reviews and ratings of tools
• Votes on tools
• Bookmarked tools
• Tool reports and feedback

2.3 API Keys

If you generate API keys to access our public API, we store a hashed version of each key along with metadata such as the key name, creation date, and usage statistics. The full API key is shown to you only once at creation time.

2.4 Usage Data

We automatically collect certain information when you visit the Service, including your IP address (which may be hashed for anonymization in reports and rate limiting), browser type, operating system, referring URLs, pages visited, and timestamps. This data helps us understand how the Service is used and improve it.

2.5 Cookies and Local Storage

We use minimal cookies and browser storage to operate the Service:

• Session cookie (essential) — maintains your authenticated session
• Theme preference (functional) — remembers your light/dark mode choice
• Cookie consent (functional) — remembers your cookie preference

We do not use third-party tracking cookies or advertising cookies.

We use the information we collect to:

• Provide, operate, and maintain the Service
• Authenticate your identity and manage your account
• Process tool suggestions and user contributions
• Enforce rate limits and prevent abuse (using hashed IP addresses)
• Improve the Service based on aggregated, anonymized usage patterns
• Respond to your comments, questions, and support requests
• Send important notices about changes to the Service or this policy

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

• Service providers — We use third-party services for hosting (cloud infrastructure) and database management. These providers only access data as needed to perform their functions.
• Legal requirements — We may disclose information if required by law, court order, or governmental regulation.
• Protection of rights — We may disclose information to protect the safety, rights, or property of our users or the public.

We implement appropriate technical and organizational measures to protect your personal data, including:

• Passwords are hashed using bcrypt
• TOTP secrets are encrypted at rest
• API keys are stored as hashes
• All data is transmitted over HTTPS
• Rate limiting and IP hashing protect against brute-force attacks
• Parameterized database queries prevent injection attacks

While we strive to use commercially acceptable means to protect your data, no method of transmission over the Internet or method of electronic storage is 100% secure.

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy. Account data is retained while your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or security purposes.

Anonymized, aggregated data (such as usage statistics) may be retained indefinitely as it cannot be used to identify you.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you
• Rectification — Request correction of inaccurate or incomplete data
• Erasure— Request deletion of your personal data ("right to be forgotten")
• Data portability — Request your data in a structured, machine-readable format
• Objection — Object to the processing of your personal data
• Withdrawal of consent — Withdraw your consent at any time where processing is based on consent

To exercise any of these rights, please contact us at the email address below.

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this page periodically for any changes.

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at: