Effective Date: November 27, 2025
This Privacy Policy outlines how Hostile Intent LLC ("we," "us," or "our") collects, uses, protects, and shares data related to your use of our service. This service is strictly intended for authorized business users.
Data Controller: Hostile Intent LLC is the Data Controller, responsible for the collection and processing of Personal Data.
Privacy Inquiries: Please direct all privacy inquiries, questions, or requests regarding your rights to HostileIntent.com.
We collect various types of Personal Data to provide and secure our service:
We treat the following as highly sensitive data:
The primary purpose for collecting all data, including personal and fingerprinting data, is to fulfill the core contractual service, manage user accounts, and, fundamentally, for better understanding our users and improving security (including detecting anomalies, fraud, and ensuring account integrity).
Users are authenticated by passwords with Multi-Factor Authentication (MFA), keystrokes, and other behaviors (profiling based on user movement, mouse behavior, and other user, device, or access patterns).
We explicitly use automated systems, artificial intelligence (AI), and human review to determine access, lockouts, and investigations. These processes may involve automated decision-making and human oversight to assess user behavior, detect anomalies, prevent fraud, and maintain the security and integrity of the service.
Our legal basis for processing Personal Data is based on Contractual Necessity (to perform the services you have requested) and our Legitimate Interests, which include, but are not limited to, the critical protection of the service, fraud prevention, and internal auditing.
We do NOT use cookies for session management or persistent tracking. We also do NOT use local storage, session storage, or other browser storage methods for user identification. We do not directly use third-party cookies.
Instead, we rely on advanced tracking techniques including browser fingerprinting and network fingerprinting for session management, user authentication, security, and access monitoring.
For all users outside of California:
Due to the nature of the service and the contractual requirements for high assurance, the persistent identification provided by device and network fingerprinting is mandatory for access control. Users outside of California cannot opt-out of the fingerprinting/behavioral tracking data collection as it is essential for security, fraud prevention, and maintaining the contractual integrity of the service.
For California Residents:
California residents may exercise their right to opt-out of the sharing and/or sale of Personal Data, including fingerprinting data, as outlined in Section 5.A. A user exercising this right may be unable to access or utilize the service due to the fundamental requirement for high-assurance access control.
We may share data with third-party service providers (e.g., cloud hosting platforms, identity management services, or payment processors) to the minimum extent necessary for them to perform technical or operational services on our behalf.
Crucially, we may share or sell data (including related Fingerprinting/Network Metadata) to databrokers or security researchers for purposes related to enhancing security, intelligence analysis, and the benefit of the company.
Business Transactions: All collected data, including the long-retained Account Data, are considered proprietary assets of Hostile Intent LLC. In the event of a merger, acquisition, restructuring, sale of assets, or other change in control (M&A), this data will be transferred to the successor entity. In the event of bankruptcy, the data may be treated as a corporate asset and transferred or sold as legally permissible.
Legal Requirements: We may disclose data if required by law or in response to valid legal processes (e.g., search warrant, court order). We also reserve the right to disclose data at our sole discretion to US and other foreign law enforcement agencies to protect our interests, enforce our terms of service, or in emergencies to protect safety.
We will retain Account Data for as long as we deem necessary, up to and including for the life of Hostile Intent LLC, to meet long-term regulatory, security, audit, and research requirements.
We implement security controls aligned with applicable federal and industry standards, including the National Institute of Standards and Technology (NIST) Special Publication 800 series (such as NIST SP 800-53, NIST SP 800-171, and related guidance) and Federal Information Processing Standards (FIPS), including FIPS 140-2/140-3 validated cryptographic modules where required. Our technical, administrative, and physical safeguards are designed to meet or exceed the baseline security and risk management practices for high-assurance environments. These measures include continuous monitoring, strong encryption controls, identity and access management, vulnerability management, system integrity monitoring, audit logging, and periodic third-party assessments to validate the effectiveness of our security posture.
In accordance with applicable regulations, users have rights including the Right to Access/Know, Right to Deletion, Right to Correction, and the Right to Opt-Out of the sale or sharing of Personal Data. Requests to exercise these rights must be submitted to Hostile Intent LLC in writing along with identifying information to verify the request.
For California residents exercising the Right to Opt-Out of the Sale or Sharing of Personal Data:
This right can be exercised by clicking the "Do Not Sell or Share My Personal Information" link provided on the homepage and within the Service dashboard.
Data is processed and stored on servers located in the United States and potentially other jurisdictions. No data is directly transferred outside of the United States.
The service is not intended for, nor marketed to, individuals under the age of 18.
We will notify users of any material changes to this policy through one or more of the following methods: by posting a notice on the Service's dashboard or website, sending an email notification, or other reasonable communication methods at our discretion. Minor changes will be reflected by updating the Effective Date.