Skip to main content
blackhat.ie

Privacy Policy

How we handle data at blackhat.ie

1. Data Controller

blackhat.ie is operated from Ireland. For the purposes of the General Data Protection Regulation (GDPR), the data controller is blackhat.ie.

2. What We Collect

  • Analytics: We use Plausible Analytics, which is cookie-free and collects no personal data. No tracking cookies are set, and no individual visitors are identified.
  • API usage logs: IP addresses are logged for rate limiting purposes and retained for 24 hours, after which they are permanently deleted.

3. Indicators of Compromise (IOC) Data

We process IP addresses, domain names, email addresses, and file hashes as indicators of compromise (IOCs) for cybersecurity threat intelligence purposes.

Lawful basis: Legitimate interest under GDPR Article 6(1)(f), as supported by Recital 49 — processing for network and information security constitutes a legitimate interest. This data is sourced from publicly available threat intelligence feeds.

4. AI Processing

Articles are processed by AI systems (OpenAI GPT-4o, Cloudflare Workers AI) for threat classification, MITRE ATT&CK mapping, compliance tagging, and enrichment. No personal data is intentionally sent to AI processors beyond what appears in published cybersecurity articles.

5. Sub-processors

ProviderPurposeLocation
CloudflareHosting, edge network, Workers AIEU
NeonDatabase (PostgreSQL)EU
OpenAIAI processing (GPT-4o)US (with EU DPA)
PlausibleAnalyticsEU (self-hosted)

6. Data Retention

  • IOC indicators: retained for 12 months
  • Article data: retained for 24 months
  • Analytics data: retained by Plausible (anonymised, no personal data)

7. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectification of inaccurate data
  • Erasure of your data
  • Restriction of processing
  • Data portability
  • Object to processing

To exercise any of these rights, contact us at privacy@blackhat.ie.

8. International Data Transfers

OpenAI processing involves the transfer of data to the United States. This transfer is conducted under Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring an adequate level of data protection.

9. Updates to This Policy

This policy may be updated from time to time. We will note the date of the most recent revision below.

Last updated: 2026-04-09