Privacy Policy
Last updated: February 2026
Overview
VulnPlugs is a security research dashboard. We collect minimal data to understand how the site is used and to maintain service quality. We do not use third-party analytics services, advertising networks, or tracking pixels. We do not sell or share data with third parties.
What We Collect
When you visit a page on VulnPlugs, we record a basic page view event containing:
| Data Point | Purpose |
|---|---|
| Page path | Understand which pages and plugins are most viewed |
| IP address | Rate limiting and approximate visitor counts |
| User agent | Browser and device statistics |
| Referrer URL | Understand how visitors find the site |
| Session ID | A random identifier stored in your browser's session storage. It is generated client-side, not linked to any account, and is automatically cleared when you close your browser tab. |
What We Do Not Collect
- No names, email addresses, or account information
- No persistent cookies or cross-session tracking
- No third-party analytics scripts (no Google Analytics, no Meta Pixel, etc.)
- No fingerprinting or advertising identifiers
- No search query contents beyond the page path visited
Data Retention
Page view records are automatically and permanently deleted after 90 days. This cleanup runs daily. There is no manual retention override or archival process.
Data Storage & Security
All data is stored on a single server. The site is served exclusively over HTTPS with TLS 1.2+. Security headers (HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy) are enforced on all responses.
Third-Party Services
The VulnPlugs blog section is powered by WordPress. WordPress itself may set session cookies when you visit blog pages. The blog does not include any third-party tracking or advertising scripts.
Fonts (Geist Sans, Geist Mono) are self-hosted via Next.js and are not loaded from external CDNs.
Contact
For privacy-related questions or data deletion requests, contact contact@vulnplugs.com.