PRIVACY PROTOCOL

01. DATA COLLECTION

CROSSFYRE operates with a minimal footprint philosophy. We collect only the data strictly necessary for the operation of our offensive security control plane. This includes:

• User authentication credentials (hashed and salted).
• Audit logs of scanning activities for compliance and debugging.
• Configuration profiles for installed extensions.

We do NOT sell, trade, or otherwise transfer your data to outside parties. Your reconnaissance data stays your own.

02. OPERATIONAL SECURITY

All data in transit is encrypted via TLS 1.3. Data at rest is protected using industry-standard AES-256 encryption. Our infrastructure utilizes ephemeral instances where possible to minimize data persistence risks.

03. USER RESPONSIBILITY

While we protect the platform, the confidentiality of your target data depends on your operational security practices. You are responsible for maintaining the secrecy of your API keys and access tokens.

04. THIRD-PARTY INTEGRATIONS

CROSSFYRE integrates with various third-party security tools (e.g., Nmap, Nuclei). Data sent to these tools is subject to their respective privacy policies. We recommend reviewing the documentation of any extension you install.

05. COOKIES & TRACKING

We use a single session cookie for authentication. No third-party tracking pixels or analytics cookies are employed. We respect the Do Not Track (DNT) signal.