Privacy Policy

Data Collection

Lycan Security collects and processes the following types of information:

Account Data

  • Name and email address
  • Payment information (processed by PayPal - we do not store card data)
  • Subscription plan and payment status

Usage Data

  • Scanned domains and analysis results
  • Generated API keys
  • Platform activity logs
  • Usage metrics (number of scans, API calls)

Forensic Data (Neuro-Toxin™)

If you use Lycan Neuro-Toxin™, the system captures 44 forensic characteristics of attackers:

  • IP address and geolocation
  • User-agent and browser fingerprint
  • Detected attack patterns
  • Network information (ASN, ISP)

For more details about Neuro-Toxin™, see our Ethical Use Policy.

Data Use

We use your data to:

  • Provide and improve our services
  • Process payments and manage subscriptions
  • Send security alerts (only critical/high attacks)
  • Essential service communications
  • Comply with legal obligations

We DO NOT sell or share your data with third parties for marketing purposes.

Data Retention

Data TypeRetention Period
Account dataWhile account is active
Scan logs (Free)7 days
Scan logs (Pro)90 days
Neuro-Toxin logs (Pro+)1 year

Security

We implement technical and organizational security measures:

  • TLS 1.3 encryption for all traffic
  • Encryption at rest for sensitive data
  • Secure authentication via Supabase
  • SHA-256 hashed API keys
  • Role-based access control (RBAC)

User Rights (GDPR/CCPA)

You have the right to:

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Deletion: Request deletion of your account and data
  • Portability: Export your data in CSV format
  • Objection: Object to processing for certain purposes

To exercise these rights, contact us at [email protected]

Cookies

We use essential cookies to:

  • Maintain your user session
  • Remember language/theme preferences

Neuro-Toxin™ also uses "toxic" cookies to mark detected attackers. These are NOT used on legitimate users.

Third-Party Services

We use the following external services:

  • Supabase: Database and authentication (USA)
  • Vercel: Hosting and CDN (USA)
  • PayPal: Payment processing
  • ipapi.co: IP geolocation

Changes to this Policy

We may update this policy occasionally. Significant changes will be notified by email to paid plan users 30 days in advance.

Contact

For privacy inquiries: [email protected]