0xE310 CDFD 0x427B 3DF8 0xBA79 3DAE 0x8181 F30E 0x4780 3B02 0xE78D 0C8C 0xFFF8 638D 0x5D31 B6E0 0xE063 1D58 0x1DE4 9BC4 0x62F8 6363 0xC42B 025D 0xBE22 A3DA 0x6A13 4D7D 0x4402 4342 0x47EF 0AE9 0xDD93 7C08 0x8D57 24BD 0x4734 4A24 0x902C 38E8 0x03BF F869 0x851C 7F01 0xDAFF 0033 0x8114 F84F 0x82B3 86CC 0x2D03 3FE9 0x9D01 5B50 0xDAB1 3EF3 0x3D50 A774 0xD7F0 76D0 0x838A 1EFA 0x25C6 3F72 0xFB61 3190 0x99C0 A9AE 0x7525 530C 0xE299 1AB2 0xA759 D93F 0x9992 F738 0x87DA 8130 0x7F58 CABE 0xC1E0 D6D6 0x61DA 3F8D 0xCAC5 3EE8 0x2FB4 8196 0x9C38 7AC5 0x21E2 3770 0xA4AD D928 0x775F 4038 0x96AB D46E 0x3089 17CC 0x9019 15D4 0xF798 2505 0x6D6B 8A6D 0x5460 8B45 0xC623 B8CB 0xEA66 057F 0x02D1 5A90 0x642A B401 0x713B 6740 0x795A 9355 0x45A7 8F98 0x6386 ED72 0x56B1 E70E 0x3DD0 D796 0xD1D6 9998 0x9F8F CE84 0xBD16 EE3A 0xD884 B87A 0x4274 0A8D 0x03B8 E6F8 0x534E 149F 0xD9BE 5378 0xC99A DB70 0xF4FF 55EB 0x6EEE 8C94 0x9506 CE6E 0x0B4C D835 0xED39 2823 0xEC89 6131 0xA0CD 4E81 0xE310 CDFD 0x427B 3DF8 0xBA79 3DAE 0x8181 F30E 0x4780 3B02 0xE78D 0C8C 0xFFF8 638D 0x5D31 B6E0 0xE063 1D58 0x1DE4 9BC4 0x62F8 6363 0xC42B 025D 0xBE22 A3DA 0x6A13 4D7D 0x4402 4342 0x47EF 0AE9 0xDD93 7C08 0x8D57 24BD 0x4734 4A24 0x902C 38E8 0x03BF F869 0x851C 7F01 0xDAFF 0033 0x8114 F84F 0x82B3 86CC 0x2D03 3FE9 0x9D01 5B50 0xDAB1 3EF3 0x3D50 A774 0xD7F0 76D0 0x838A 1EFA 0x25C6 3F72 0xFB61 3190 0x99C0 A9AE 0x7525 530C 0xE299 1AB2 0xA759 D93F 0x9992 F738 0x87DA 8130 0x7F58 CABE 0xC1E0 D6D6 0x61DA 3F8D 0xCAC5 3EE8 0x2FB4 8196 0x9C38 7AC5 0x21E2 3770 0xA4AD D928 0x775F 4038 0x96AB D46E 0x3089 17CC 0x9019 15D4 0xF798 2505 0x6D6B 8A6D 0x5460 8B45 0xC623 B8CB 0xEA66 057F 0x02D1 5A90 0x642A B401 0x713B 6740 0x795A 9355 0x45A7 8F98 0x6386 ED72 0x56B1 E70E 0x3DD0 D796 0xD1D6 9998 0x9F8F CE84 0xBD16 EE3A 0xD884 B87A 0x4274 0A8D 0x03B8 E6F8 0x534E 149F 0xD9BE 5378 0xC99A DB70 0xF4FF 55EB 0x6EEE 8C94 0x9506 CE6E 0x0B4C D835 0xED39 2823 0xEC89 6131 0xA0CD 4E81

PRIVACY_POLICY

Privacy Policy

Last updated: March 24, 2026

Threat Terminal is a free research platform operated by Scott Altiparmak. This policy explains what data we collect, how we use it, and your rights.

What we collect

Account data

Sign-in requires an email address. We use Supabase Auth with passwordless one-time codes — no passwords are stored. Your email is used solely for authentication and is never shared with third parties.

Research data

When you play, we record:

▸Your answer (phishing or legit) and whether it was correct
▸Confidence level (guessing, likely, or certain)
▸Response time per card
▸Whether you inspected URLs, sender details, or attachments
▸Session position (which card in the session)
▸Self-reported background (if provided)
▸Game mode (research, freeplay, daily, expert, head-to-head)

What we do NOT collect

▸Geographic location
▸Device fingerprints
▸Browser history
▸Cookies beyond the authentication session

Transient processing

▸IP addresses are temporarily processed for rate limiting (to prevent abuse) and are automatically discarded within 1 hour. IP addresses are not stored in our database or linked to your account.

Analytics

We use Vercel Analytics, a privacy-friendly, first-party analytics service. It collects anonymous page-view data with no cross-site tracking and no cookies.

How we use your data

▸Research analysis: Anonymized and aggregated answers are used to study how humans detect AI-generated phishing when linguistic quality is no longer a reliable signal.
▸Game features: Your answers power XP, leaderboards, achievements, and progression.
▸Platform improvement: Aggregate usage patterns help us improve the game experience.

We do not sell, rent, or share your individual data with anyone.

Data storage

All data is stored in Supabase (PostgreSQL) with row-level security policies. Rate limiting uses Upstash Redis. Both are hosted on infrastructure with industry-standard encryption at rest and in transit.

Data retention

Your account and gameplay data are retained for the duration of the research study. You may request deletion at any time (see below).

Your rights

Regardless of where you are located, you may:

▸Access your data — view your stats, answers, and profile in-app
▸Correct your data — update your display name, bio, and background in your profile
▸Delete your data — email scott@scottaltiparmak.com to request full account and data deletion
▸Export your data — email to request an export of your gameplay records

If you are in the EU/EEA (GDPR) or California (CCPA), you have additional rights including the right to object to processing and the right to non-discrimination for exercising your rights.

Children

Threat Terminal requires users to be at least 16 years old. We do not knowingly collect data from anyone under 16.

Changes to this policy

We may update this policy as the platform evolves. Material changes will be noted in the changelog. Continued use of the platform after changes constitutes acceptance.

Contact

For privacy questions or data requests:

Scott Altiparmak scott@scottaltiparmak.com