Privacy Policy

Effective Date: April 9, 2026 • Last Updated: April 9, 2026

🔒 Privacy Policy

Antibody Cyber Technology, LLC ("we", "us", "our") operates the To8CA threat identification tool. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

Data You Submit for Analysis: When you use To8CA's analyzers, you submit data such as URLs, domain names, CVE identifiers, input strings, or access log excerpts. This data is processed in real-time to generate threat analysis results.

We do not store, log, or retain the content you submit for analysis.
Analysis is performed in-memory and results are returned immediately.
No submitted data is shared with third parties.

Automatically Collected Information:

IP Address: Used solely for rate limiting to prevent abuse. IP addresses are held in-memory only and are not written to persistent storage by the application.
Web Server Logs: Standard nginx access logs (IP, timestamp, request path, status code, user agent) are retained for security monitoring and are rotated automatically.

Information We Do NOT Collect:

No cookies, tracking pixels, or analytics scripts are used.
No personal accounts, registration, or login is required.
No advertising or third-party marketing trackers are present.
No fingerprinting or cross-site tracking is performed.

2. Third-Party API Calls

Certain analyzers make outbound requests to public government APIs on your behalf:

CISA KEV Feed (cisa.gov) — To check if a CVE is in the Known Exploited Vulnerabilities catalog.
NIST NVD API (nvd.nist.gov) — To retrieve CVSS scores and vulnerability descriptions.

These requests are made server-side. Your IP address is not forwarded to these services — only the To8CA server's IP is visible to them. The data returned is subject to the respective privacy policies of CISA and NIST.

3. DNS Analysis

The DNS Spoofing analyzer queries public DNS resolvers (Google 8.8.8.8, Cloudflare 1.1.1.1, Quad9 9.9.9.9, OpenDNS 208.67.222.222) to cross-validate domain resolution. These queries contain only the domain name you submit — no personal information is included. DNS resolver privacy policies apply to those queries.

4. Data Security

All analysis is performed server-side in isolated memory — no data is written to disk.
Rate limiting protects against abuse (30 requests per minute per IP).
Security headers (CSP, X-Frame-Options, X-Content-Type-Options, HSTS) are enforced.
The application backend only binds to localhost; all external traffic is proxied through nginx.

5. Data Retention

Analysis data: Not retained. Processed in-memory and discarded after response.
Rate limit data: In-memory only, cleared when the service restarts.
Web server logs: Retained per standard server log rotation policies (typically 14 days).

6. Children's Privacy

To8CA is a cybersecurity tool intended for professional and educational use. We do not knowingly collect information from children under 13.

7. Your Rights

Since we do not collect or store personal data beyond standard server logs, there is minimal personal data to manage. If you have questions about data associated with your use of To8CA, contact us at:

Email: info@antibodycyber.com

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated "Last Updated" date.