Privacy Policy

Last updated: April 9, 2026

CyberShelt LLC ("Company", "we", "us") operates the Intreys deep packet inspection platform and the intreys.com website. This Privacy Policy describes how we collect, use, and protect your information.

1. Our Privacy Principles

Intreys is built for security professionals who handle sensitive network data. Our core principle is: your packet data stays on your machine. We designed Intreys to work fully offline, and we never collect, transmit, or have access to your PCAP files, analysis results, or network captures.

2. Information We Collect

2.1 Account Information

When you create an account in the desktop application:

• Username and email address — used for authentication and communication
• Password — stored as a salted PBKDF2-SHA256 hash; we never store or see your plaintext password
• Account role — for access control within the application

Account data is stored locally on your machine in the application data directory. It is not transmitted to our servers unless you initiate a license activation or trial signup.

2.2 License and Billing Information

When you purchase a license or activate a trial:

• Email address — to deliver your license key and billing communications
• Machine fingerprint — a one-way hash of hardware identifiers used to bind licenses to machines; we cannot reverse this to identify your hardware
• License key and tier — stored on our license server to validate your subscription
• Stripe customer ID — we do not store credit card numbers; all payment processing is handled by Stripe

2.3 Website Analytics

The intreys.com website uses Cloudflare Web Analytics, which is privacy-first, cookie-free, and does not track individual users. We collect aggregate page view and visit data only.

2.4 Information We Do NOT Collect

• PCAP files or network capture data
• Analysis results, threat findings, or intelligence reports
• IP addresses of hosts in your captures
• API keys you configure for third-party services
• Any data processed within the desktop application

3. How We Use Information

Data	Purpose	Legal Basis
Email address	License delivery, account verification, billing notifications, security alerts	Contract performance
Machine fingerprint	License binding and seat enforcement	Contract performance
Stripe customer ID	Subscription management and billing	Contract performance
Aggregate website analytics	Improve website content and performance	Legitimate interest

4. Third-Party Services

We use the following third-party services:

• Stripe — Payment processing. See Stripe's Privacy Policy
• Resend — Transactional email delivery. See Resend's Privacy Policy
• Cloudflare — Website hosting, license server infrastructure, and web analytics. See Cloudflare's Privacy Policy

The desktop application may optionally connect to third-party threat intelligence APIs (AbuseIPDB, VirusTotal, GreyNoise, Shodan, OTX, URLScan) if you enable online enrichment and provide your own API keys. These connections are initiated by you and governed by those services' privacy policies. We do not act as an intermediary for these requests.

5. Data Storage and Security

• Local application data (accounts, analysis, settings) is stored on your machine in the application data directory and encrypted at rest where applicable
• License data on our server is stored in Cloudflare Workers KV with encryption at rest
• We use Ed25519 digital signatures to prevent license tampering
• Authentication tokens use HMAC-SHA256 with 24-hour expiry
• All communications with license.intreys.com use TLS 1.3

6. Data Retention

• Local application data: Retained until you delete the application or clear its data
• License records: Retained for the duration of your subscription plus 90 days
• Audit logs: Local audit logs auto-prune after 90 days
• Billing records: Retained per Stripe's policies and applicable tax law requirements

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate data
• Deletion — Request deletion of your data (subject to legal obligations)
• Portability — Request your data in a machine-readable format
• Objection — Object to processing based on legitimate interest

To exercise these rights, email privacy@cybershelt.com. We will respond within 30 days.

8. International Transfers

Our license server runs on Cloudflare's global network. License validation requests are routed to the nearest Cloudflare data center. If you are located outside the United States, your license data (email and machine fingerprint) may be processed in the US. We rely on Cloudflare's data processing agreements and standard contractual clauses for international transfers.

9. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify existing subscribers of material changes via email at least 30 days in advance. The "Last updated" date at the top indicates the most recent revision.

11. Contact

For privacy questions or data requests:

CyberShelt LLC
Email: privacy@cybershelt.com
Support: support@cybershelt.com