CTI Platform
Threat Intelligence
Request access Login →
Privacy Policy

Your privacy, explained clearly.

This page explains what information CTI Platform collects, why it is collected, how it is used, how long it is kept, and what rights users have. It is written to describe the platform as it operates today: account access, operational logging, security controls, notifications, and threat intelligence workflows.
Last updated: 4 May 2026

1. Overview

CTI Platform is a threat intelligence and operational monitoring system. It supports source monitoring, indicators, alerts, items, assets, notifications, and administrative workflows.

The platform is designed primarily for authorized organizational users such as analysts, operators, and administrators. It is not intended as a public consumer service.

Short version: we collect account, access, and operational data that is necessary to run the platform securely and to deliver platform features. We do not describe the policy in vague marketing terms. The purpose of each category is listed below.

2. What we collect

The platform may collect the following categories of information:

Account information
User name, display name, email address, role, client/tenant association, password hash, account status, approval state, MFA state, avatar file name if used.
Authentication and security data
Login attempts, IP address, user agent, session identifiers, device identifiers, MFA state, failed login counters, session metadata, and security-related timestamps.
Operational platform data
Sources, runs, collected items, alerts, extracted indicators, artifacts, client assets, notification channel settings, and operator action history.
User-submitted data
Registration requests, justification text for access requests, notes entered into the platform, manual settings, and other content explicitly entered by authorized users.
Technical metadata
Request metadata, timestamps, route access, system health checks, and service-level logs required for troubleshooting, audit, and abuse prevention.

The platform may also process data collected from monitored sources as part of threat intelligence workflows. That content is operational intelligence data, not necessarily personal account profile data, but it may still contain identifiers, usernames, emails, or other exposed information depending on the monitored source.

3. How we use information

Information is used only for platform operation, security, administration, and intelligence workflows.

  • To create, manage, approve, disable, and secure user accounts.
  • To authenticate users, maintain sessions, enforce MFA, and prevent abuse or unauthorized access.
  • To run monitoring, enrichment, indicators, alerts, notifications, and review workflows.
  • To support client asset matching, triage state management, and operator review actions.
  • To investigate incidents, detect misuse, troubleshoot failures, and maintain platform integrity.
  • To send operational notifications such as alerting, approval requests, or configured channel deliveries.
The platform is an operations system. That means some logging and metadata collection is not optional if secure access, auditing, and incident review are required.

4. Sharing and access

Platform data is not presented as a public feed. Access is limited to authorized users and configured platform components.

  • Administrators may access account and operational data needed to approve users, manage roles, review login history, and maintain the system.
  • Notification providers or external services may receive limited data only when a configured feature requires it, for example Telegram or webhook delivery.
  • Infrastructure components such as the database, Redis, storage, reverse proxy, or container runtime may process data as part of normal platform operation.
  • Data may be disclosed when required for security response, legal compliance, or protection of the platform and its users.

The platform should not be understood as selling user profile data for advertising. Its purpose is operational threat intelligence, not consumer profiling.

5. Security and retention

The platform applies security controls such as password hashing, session controls, MFA support, CSRF protection for authenticated web actions, and operational audit logging.

Data retention depends on the type of information:

  • Account records are retained while the account remains relevant to platform operations.
  • Login and security data may be retained for audit and abuse-prevention purposes.
  • Operational records such as items, alerts, indicators, runs, and artifacts may be retained as long as they remain useful for investigation, review, and historical context.
  • Some data may be deleted earlier through platform administration or operational cleanup.
No security statement should be read as a promise of absolute immunity from risk. The policy describes intent and operating behavior, not a warranty that every threat can be eliminated.

6. Cookies and sessions

The web interface uses only cookies and local storage that are necessary for secure authentication, session protection, request validation, and remembering the cookie notice state.

cti_session
Authentication session cookie used to keep authorized users logged in. It is stored for 12 hours by default, or up to 30 days when "remember me" is enabled. Type: strictly necessary.
cti_device
Device/session security cookie used to help protect sessions and detect same-device login state. It is stored for up to 90 days. Type: strictly necessary.
CSRF token
Server-side request validation token associated with the active session. It helps prevent unauthorized form submissions. Type: strictly necessary.
cti_cookie_consent
Browser local storage value used only to remember that the cookie notice was dismissed. It remains until browser storage is cleared. Type: notice preference.

The platform does not use analytics, advertising, marketing, or cross-site tracking cookies.

Disabling these mechanisms may prevent the login flow or authenticated platform features from working correctly.

7. Your rights and choices

Depending on the applicable rules for your organization or jurisdiction, users may have rights related to access, correction, deletion, or restriction of personal data.

  • You may request correction of inaccurate account profile information.
  • You may request review or deletion of account data where deletion is operationally and legally appropriate.
  • You may ask what categories of account and security information are associated with your use of the platform.

Because this is a security operations platform, some data may need to be retained for legitimate audit, incident review, abuse prevention, or legal reasons even after an account change or removal request.

8. Contact

If you need changes to this policy, a custom legal version for your organization, or a more formal controller/processor statement, this page should be reviewed by the organization that operates the platform and adapted to its legal requirements.

For product or access questions, use the platform administrator or operator contact that manages your deployment.

To report a security vulnerability, see our Responsible Disclosure page.

CTI Platform · Privacy Policy