Privacy & Security Notice

How ThreatKit handles your data

ThreatKit is a learning-focused security tool designed to help users understand potential risks in passwords, URLs, emails, and files. We treat your inputs carefully, but this tool is not a replacement for enterprise-grade security products.

  • Inputs are processed for the duration of the request and are not intentionally stored in a database.
  • We may log aggregated metadata (e.g., scores, timestamps, anonymized results) to improve the system.
  • We do not log raw passwords, full email bodies, or uploaded files for long-term storage.

ThreatKit partners with Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

Limitations & No Guarantees

ThreatKit uses heuristics and models to estimate risk, but no automated system is perfect.

  • We cannot guarantee that every malicious link, file, or phishing email will be detected.
  • A “safe” or “low risk” score does not mean the item is guaranteed to be harmless.
  • You should always use up-to-date antivirus software and follow your organization’s security policies.
  • ThreatKit and its developers are not responsible for any loss, damage, or incident that occurs if a threat is missed or misclassified by the tool.

What you should (and shouldn’t) submit

  • Do not submit highly sensitive personal data (e.g., full SSNs, full credit card numbers).
  • Do not submit regulated or confidential data that you are not allowed to share.
  • Use the tool with sample or anonymized data when possible, especially for demos and testing.

Educational Use

This project is part of an educational capstone and is provided “as-is” for learning and demonstration purposes only. It is not a production security product and should not be relied on as your sole line of defense.

Not Legal Advice

This page is a general explanation of how the project handles data and its limitations. It is not legal advice. For real-world deployments, consult with your institution or legal counsel to define formal privacy and terms of use policies.

Quick Summary

  • No long-term storage of raw passwords or email bodies.
  • Some anonymized metadata may be logged for testing.
  • No guarantee of catching all threats.
  • Use alongside antivirus and security best practices.

Best Practices

  • Keep your OS and browser updated.
  • Use a password manager.
  • Enable multi-factor authentication where possible.
  • Be skeptical of unsolicited emails and links.