Defused, LLC - Privacy Policy

Effective Date: Monday 10th November 2025

Last Updated: Monday 10th November 2025

This Privacy Policy describes how Defused, LLC (“Defused,” “we,” “our,” or “us”) collects, uses, and protects information when you use our website, services, and products - including our Honeypot-as-a-Service and associated data feeds (collectively, the “Services”).

Defused is committed to transparency and responsible handling of all data, particularly the sensitive telemetry captured through our honeypot systems. We collect attack traffic and related metadata strictly for defensive cybersecurity, research, and intelligence purposes.

1. Information We Collect

1.1 Customer Information

When you create an account, subscribe, or interact with our Services, we collect limited personal or business information such as:

  • Account identifiers (name, organization name, email address)
  • Billing and payment information (processed securely via Stripe)
  • Authentication and login data
  • Support and communication records

This information is used to deliver your subscription, provide support, and maintain account security. We do not sell, rent, or trade this data to third parties.

1.2 Honeypot and Telemetry Data

Defused’s systems deliberately collect data from malicious or unauthorized activity directed at deployed honeypot instances. This may include:

  • Network connection metadata (source IP, timestamps, protocols)
  • Exploit payloads, malware samples, and intrusion attempts
  • Command sequences and session transcripts

This Honeypot Data is not “personal data” as defined under most privacy laws. It is collected for security research and defensive intelligence purposes only. Defused applies automated sanitization to remove any incidental personal identifiers that might appear in captured payloads.

All Honeypot Data is the exclusive property of Defused, LLC, as stated in our Terms & Conditions / Master Service Agreement.

2. How We Use Information

Defused uses collected information to:

  • Operate and improve our honeypot and data analytics services
  • Provide customers access to relevant data feeds and dashboards
  • Enhance system performance, reliability, and threat detection accuracy
  • Conduct research, product development, and intelligence analysis
  • Respond to inquiries, billing requests, or support issues
  • Comply with applicable laws and regulatory obligations

Defused may aggregate and anonymize telemetry data for statistical, educational, or commercial research purposes. Aggregated data cannot be used to identify individual customers.

3. Data Sharing and Disclosure

Defused does not sell or lease customer or telemetry data. We may share information only in the following cases:

  • Service Providers: With trusted vendors who assist with hosting, analytics, or payment processing (e.g., AWS, Stripe) under confidentiality agreements.
  • Legal Compliance: When required by law, regulation, or valid legal process.
  • Security Collaboration: With research partners or CERT/CSIRT entities for threat intelligence sharing, after ensuring all shared data is anonymized or sanitized.

4. Data Ownership and Retention

All Honeypot Data collected through Defused systems remains the exclusive property of Defused, LLC. Customers receive a limited license to access their relevant feeds. Resale or redistribution rights require a separate written agreement.

Customer account and billing information is retained only as long as necessary to maintain the account, fulfill legal requirements, and manage billing records.

5. Security

We use industry-standard administrative, technical, and physical safeguards to protect both customer data and honeypot telemetry. These include network segmentation, encryption, access controls, and continuous monitoring.

However, no online service is completely immune from risks. By using Defused, you acknowledge that attack data collection and honeypot operations inherently involve exposure to malicious content, which we mitigate to the fullest reasonable extent.

6. International Data Processing

Defused may process and store data on servers located in the United States or other regions. By using our Services, you consent to such cross-border data transfers.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access or update your account information
  • Request deletion of your account or data (excluding Honeypot Data)
  • Opt out of marketing communications
  • Request clarification about our data practices

To exercise any of these rights, contact us at simo@defusedcyber.com.

8. Cookies and Analytics

Defused’s website uses minimal cookies necessary for authentication, performance measurement, and user experience. We do not use third-party advertising or tracking cookies.

Basic usage analytics may be collected via privacy-respecting tools (e.g., self-hosted analytics) to help us understand website performance and improve our services.

9. Changes to This Policy

Defused may update this Privacy Policy from time to time. The latest version will always be available at /privacy with an updated “Effective Date.” Continued use of the Services after changes are posted constitutes acceptance of the updated terms.

10. Contact Us

Defused, LLC

Email: simo@defusedcyber.com
Website: https://defusedcyber.com
Mailing Address: 1309 Coffeen Ave Sheridan, WY, 82801-5777 United States

Defused collects and processes attack data strictly for legitimate defensive cybersecurity purposes. No personally identifiable information is intentionally gathered, and all telemetry is handled in accordance with the principles of necessity, proportionality, and responsible research.