Information we collect
We may collect contact details, company details, service requests, asset descriptions, authorization records, screenshots, logs, evidence files, and communications needed to scope or deliver cybersecurity services.
Legal Policy
Privacy Policy
This policy explains how EthicalCracker Security handles inquiries, authorization records, engagement evidence, reports, and communications connected to cybersecurity services.
Data minimizationEvidence handlingConfidentialityClient rights
Privacy Notice
How we handle cybersecurity service information
Cybersecurity work often includes sensitive facts, so privacy needs to be clear before the first consultation. This notice is written for clients, prospects, business owners, technical teams, and individuals who contact EthicalCracker about authorized security help.
How we use information
We use information to respond to inquiries, verify authorization, scope engagements, deliver reports, preserve necessary records, improve service quality, and meet legal or contractual duties.
Sensitive evidence
Cybersecurity work can involve sensitive facts. We ask clients to share only what is needed, use approved channels for sensitive material, and avoid sending passwords or unnecessary private data during initial intake.
Retention
We retain inquiry records, authorization notes, reports, and evidence only as long as needed for delivery, legal review, dispute handling, security, or agreed client requirements.
Sharing
We do not sell client information. We may share limited information with service providers, legal advisors, or authorities where required by law or necessary to protect clients and systems.
Security controls
We use access controls, data minimization, least-privilege handling, and reasonable administrative and technical safeguards for client information.
Client rights
Clients may request correction, deletion, or access to records where applicable law and engagement obligations allow.
Contact
Questions about privacy or evidence handling can be sent to contact@ethicalcracker.info.
Evidence Handling
How to share sensitive material safely
Initial contact should describe the situation without exposing passwords, private keys, unnecessary personal records, or unrelated third-party data. If logs, screenshots, device details, account alerts, transaction records, or cloud evidence are needed, we agree on the safest transfer method before you send them.
Security evidence should stay tied to a purpose: scoping, authorization review, incident response, recovery guidance, legal review, remediation, or validation. We avoid collecting material that does not help answer the security question. When a report is delivered, it should explain what evidence was used, why it mattered, and what should be retained or removed after the engagement.
If a request involves another person, another company, a financial institution, a platform account, or a device you do not own, privacy and legal boundaries may prevent us from reviewing it. In those cases, we can often suggest safer documentation or escalation steps instead of accepting unsafe access.
Client Responsibilities
Privacy works best when scope is clear
Clients should share accurate ownership details, avoid sending unnecessary sensitive material, remove unrelated personal data where possible, and tell us about any legal, regulatory, employment, insurance, or contractual restrictions that affect the work. If the request changes after intake, the privacy and evidence-handling expectations may also need to change.
Share only what matters
Send enough information to scope the issue, but avoid broad archives, passwords, private keys, or unrelated third-party material.
Name decision-makers
Tell us who can approve access, who can receive reports, and who should be contacted if sensitive evidence appears.
Update us when facts change
If new alerts, legal instructions, platform responses, or business impacts appear, share those updates so the record stays accurate.
Authorization Boundary
Privacy does not override lawful scope
We do not provide credential theft, unauthorized access, hidden surveillance, social media hacking, extortion, bank manipulation, review-platform hacking, malware creation, or instructions for illegal activity. Every engagement requires proof of ownership or written authorization.
Important note
This policy is a practical website privacy notice, not legal advice. Production launch should include review by counsel based on your operating location, client locations, payment methods, analytics tools, hosting stack, and data-processing vendors.
Questions
Need privacy or evidence-handling details?
Contact us before sharing sensitive files so we can agree on the right channel.