SniffSec

Privacy Policy

Last updated: April 2025

1. What we collect

We collect only what is necessary to operate SniffSec Drill:

  • Slack User IDs — to identify drill participants and match completion records.
  • Email addresses — encrypted at rest using AES-256-CBC. Collected via Slack profile with user consent. Used only to send admin reports if requested.
  • Drill scores and completion timestamps — per-question accuracy, module scores, and UTC-timestamped completion records for compliance reporting.
  • Audit logs — HMAC-SHA256 signed records of training events. Cannot be retroactively modified.

2. What we do NOT collect

SniffSec does not collect, store, or process:

  • Message history from any Slack channel (public, private, or DM)
  • File contents or attachments
  • Private channel names or membership lists
  • Workspace member lists beyond what Slack provides for role detection
  • Any data from channels we do not post into

3. How we use your data

Data collected is used exclusively to:

  • Deliver drill questions to authenticated Slack users
  • Generate compliance reports (PDF) for administrators
  • Maintain tamper-evident audit logs for regulatory purposes
  • Detect job function for role-based training track assignment

We do not sell, rent, or share your data with third parties. We do not use your data to train AI models.

4. Data retention

All workspace data is permanently deleted within 30 days of uninstalling the SniffSec Slack app. Immediate deletion is available by contacting drill@sniffsec.com.

5. Data security

All PII is encrypted at rest using AES-256-CBC with workspace-specific keys. All data is transmitted over HTTPS/TLS 1.3. We use Slack Socket Mode — no public webhook endpoints are registered. Audit logs are HMAC-SHA256 signed.

6. GDPR rights

If you are located in the European Economic Area, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to processing
  • Withdraw consent

To exercise these rights, email drill@sniffsec.com. We will respond within 30 days.

7. Cookies

The SniffSec Slack app does not use cookies. Our marketing website (sniffsec.com) does not use tracking cookies or analytics scripts.

8. Changes to this policy

We will notify workspace administrators of material changes to this privacy policy by email at least 30 days before changes take effect.

9. Contact

Privacy questions: hello@sniffsec.com

Security reports: drill@sniffsec.com