Privacy Policy

At XPWD, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website.

1. Information We Collect

Information You Provide

We may collect information that you voluntarily provide to us when you:

• Fill out the contact form (name, email address, subject, message)
• Subscribe to our newsletter (email address)
• Download resources or materials
• Interact with our website features

Automatically Collected Information

When you visit our website, we automatically collect certain information through our privacy-focused analytics service (Plausible Analytics):

• Page views and navigation patterns
• Referral sources
• Device type and browser information
• Geographic location (country-level only)

Important: We use Plausible Analytics, which is GDPR, CCPA, and PECR compliant. Plausible does not use cookies and does not collect any personal data or personally identifiable information.

2. How We Use Your Information

We use the information we collect to:

• Respond to your inquiries and provide customer support
• Send newsletters and updates (only if you've subscribed)
• Improve our website and user experience
• Analyze website usage and trends
• Detect and prevent security issues or fraud
• Comply with legal obligations

3. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

• Service Providers: We may share information with trusted third-party service providers who assist in operating our website (e.g., email service, hosting provider)
• Legal Requirements: We may disclose your information if required by law or in response to valid legal requests
• Protection of Rights: We may disclose information to protect the rights, property, or safety of XPWD, our users, or others

4. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• HTTPS encryption for all data transmission
• CSRF (Cross-Site Request Forgery) protection on all forms
• Input sanitization to prevent XSS (Cross-Site Scripting) attacks
• Rate limiting to prevent abuse
• Regular security audits and updates

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Cookies and Tracking

Our website does not use cookies for tracking purposes. We use Plausible Analytics, a cookie-free, privacy-first analytics platform that:

• Does not use cookies or local storage
• Does not collect personal data
• Does not track users across websites
• Is fully compliant with GDPR, CCPA, and PECR

6. Third-Party Links

Our website may contain links to third-party websites (GitHub, Twitter, Instagram, Blue Team Labs Online, etc.). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Objection: Object to our processing of your personal information
• Portability: Request transfer of your information to another service
• Withdrawal: Withdraw consent for data processing (where applicable)

To exercise any of these rights, please contact us at privacy@xpwd.org

8. Children's Privacy

Our website is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last Updated" date at the top of this policy. Continued use of our website after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@xpwd.org
• Contact Form: https://xpwd.org/contact

12. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on consent, legitimate interests, or contractual necessity
• Data Protection Officer: For GDPR-related inquiries, contact privacy@xpwd.org
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

13. CCPA Compliance (California Users)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to deletion of personal information
• Right to non-discrimination for exercising your rights

This privacy policy is designed to be transparent and comprehensive. If you have any questions or concerns, please don't hesitate to reach out.