Privacy Policy

Last updated: April 21, 2026

Overview

AppSec.fyi ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect information when you use the AppSec.fyi mobile application ("the App"). Browser visitors to the appsec.fyi website should also see the Website (appsec.fyi) section below.

Key Points:

• We collect minimal, anonymous usage data to improve the app
• No personal information or accounts required
• All data collection can be disabled in app settings
• Content and bookmarks stay on your device

Information We Collect

1. Anonymous Usage Analytics

What We Collect:

• Anonymous identifier (randomly generated on first app install)
• Screen views and navigation patterns
• Feature usage (searches performed, bookmarks added, manual syncs)
• App version and device platform (iOS/Android)
• Timestamps of interactions

What We DON'T Collect:

• No personal information or device identifiers
• No IP addresses or precise location data
• No content of your searches or bookmarked items
• No account information (the app doesn't require accounts)
• No contact information or demographics

Your Control:

• Analytics can be disabled anytime in Settings → App Preferences → Usage Analytics
• Opting out immediately stops all future data collection
• The app functions identically with analytics disabled

2. Content Synchronization

What We Process:

• Requests to our content API (links.json, explore.json, glossary.json, changelog.json)
• Temporary caching of security resources for offline access

Local Storage Only:

• Your bookmarks and app preferences remain on your device
• No personal content is transmitted to our servers

How We Use Information

Anonymous Analytics

• Understand which security topics are most valuable to users
• Improve app performance and user experience
• Guide development of new features
• Monitor app stability and identify technical issues
• Generate aggregate usage statistics

Content Delivery

• Provide curated cybersecurity resources
• Ensure offline access to security information
• Deliver app updates and new content

Data Storage and Security

Our Servers

• Anonymous analytics data stored on appsec.fyi infrastructure
• Industry-standard encryption for data in transit and at rest
• Regular security monitoring and updates
• No data shared with third-party analytics services

Your Device

• All personal content (bookmarks, settings) stored locally
• Uses iOS/Android secure storage mechanisms
• Data removed when app is deleted

Data Retention

• Anonymous analytics: Retained for 2 years to identify trends
• Content cache: Updated automatically, older versions removed
• User settings: Stored locally until app deletion

Your Rights and Choices

Analytics Control

• Disable collection: Settings → App Preferences → Usage Analytics (OFF)
• No retroactive deletion: Anonymous data cannot be tied to specific users

Data Access

• Anonymous analytics data cannot be attributed to individual users
• Local bookmarks and settings accessible through app export (if implemented)

Account Deletion

• No accounts required — simply delete the app to remove all local data
• Anonymous analytics data remains in aggregate form

Legal Basis (GDPR)

For users in the European Economic Area:

• Analytics collection: Legitimate interest in improving the app
• Content delivery: Performance of service provision
• User consent: Explicit opt-in for analytics through settings

Children's Privacy

AppSec.fyi is designed for cybersecurity professionals and students. We do not knowingly collect information from children under 13. If we learn we have collected such information, we will delete it promptly.

International Data Transfers

Anonymous analytics data may be stored on servers in the United States. By using the app, you consent to this transfer. We implement appropriate safeguards to protect your information.

Third-Party Services

Expo/React Native Platform

• Uses standard mobile app frameworks
• No additional data collection beyond what's disclosed here
• Subject to Apple App Store and Google Play privacy policies

No External Analytics (Mobile App)

• The mobile app does not use Google Analytics, Facebook SDK, or similar tracking services
• All in-app analytics are handled by our own privacy-focused system
• Website analytics (for browser visits to appsec.fyi) are covered separately in the Website section below

Changes to This Policy

We may update this Privacy Policy periodically. We will:

• Post the updated policy at https://appsec.fyi/privacy-policy
• Update the "Last Updated" date
• Notify users of material changes through app updates

Contact Us

Questions about this Privacy Policy?

• Email: chs@chs.us
• Website: https://appsec.fyi
• Developer: Carl Sampson

Data Protection Requests:
For any privacy-related requests or concerns, please contact us using the information above. We will respond within 30 days.

Website (appsec.fyi)

The sections above cover the mobile app. When you visit the appsec.fyi website in a browser, the following also applies:

• Server logs. Standard web server access logs (IP address, user agent, requested URL, referrer, timestamp) are retained for a limited time for security and troubleshooting.
• Analytics. The website uses Clicky and Google Analytics to measure aggregate traffic. These requests are proxied through our own domain as first-party requests. No personal data is collected beyond what these services normally record (approximate location derived from IP, browser/OS, referring site).
• Click tracking. When you click a resource link on a topic page, an anonymous beacon is sent to our server to count clicks. No user identifier is attached.
• Local storage. We store your theme preference (dark/light) in your browser's localStorage. It stays on your device.
• Newsletter. If you voluntarily subscribe to the email newsletter, your email address is stored with Buttondown, our newsletter provider. You can unsubscribe at any time from any newsletter email.

The website does not require an account, and does not collect names, phone numbers, or any other personal information. You can block analytics in your browser and the site will continue to function.

California Privacy Rights (CCPA)

California residents have the right to:

• Know what personal information is collected (see "Information We Collect" above)
• Request deletion of personal information (anonymous data cannot be individually identified)
• Opt-out of data collection (disable analytics in app settings)
• Non-discrimination for exercising privacy rights

Compliance

This Privacy Policy is designed to comply with:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Apple App Store Guidelines
• Google Play Store Policies
• Children's Online Privacy Protection Act (COPPA)

This privacy policy reflects our commitment to transparency and user privacy. AppSec.fyi is built to respect your privacy while providing valuable cybersecurity resources.