Privacy Policy

Thank you for your interest in Delphos Labs (“Delphos Labs,” “we,” “our,” and “us”) and our website, products, services, and tools (collectively, the “Service”). This Privacy Policy is intended to help you understand the information we collect, why we collect it, how we use it, and how you can update, manage, export, or delete your information. This policy also details how we leverage this information to enhance global cybersecurity, including protecting individuals, partners, and security-minded organizations that contribute to our Service (collectively, the “Community”).

When you create an account or interact with the Service, you acknowledge that this Privacy Policy was made available to you. By continuing to use our Service, you consent to the practices outlined here. While you retain the ability to delete your personal information, we may use aggregated and anonymized data derived from your information prior to its deletion. This data will not identify you personally or include any of your personal information.

Delphos Labs is an American Limited Company with a registered Employer Identification Number 99-3202686. This Privacy Policy applies to all aspects of our Service, including our website, APIs, analytics tools, and any associated features where results from our Service are used or displayed.

Please read this Privacy Policy carefully. By accessing or using the Service, you agree to the practices outlined below. If you do not agree with this Privacy Policy, please do not use the Service. For questions or concerns, feel free to contact us.

Your Privacy Rights at a Glance

Your privacy matters to us at Delphos Labs. This section provides a straightforward overview of your fundamental privacy rights and how to exercise them. While we encourage you to read our complete Privacy Policy for detailed information, here are the key rights and controls you have over your personal information:

Access to Your Information You have the right to request access to the personal information we hold about you. This includes details about what data we collect, how we use it, and who we share it with. We will provide this information in a clear, electronic format within 30 days of your request.

Control Over Your Data You maintain control of your information in several important ways. You can request corrections to inaccurate data, ask us to delete your personal information, or temporarily restrict how we process your data. For premium account users, you can also access additional privacy controls through your account settings.

Communication Preferences While we send essential messages about security and account administration, you control other communications. You can opt out of marketing emails at any time, and you can adjust your notification preferences within your account settings.

Data Collection

Delphos Labs collects information, including personal data, from visitors to our Site, as well as from registered users, customers, and partners. We also gather certain details about how users interact with the Site and Services, along with data derived from any materials—such as text, files, URLs, or other content—that are uploaded to, downloaded from, or otherwise submitted through our Services (“Samples”).

Specifically, we may collect information under the following circumstances:

  • Account Registration: When you create an account, we collect your name, email address, IP address, and a unique username. This information allows you to participate in the Community and engage with the Services, including posting comments, voting, or interacting with Samples and other Community members.

  • Direct Communications: If you contact us with a question, request, or other inquiry, we may collect personal information provided via email or web forms on the Site.

  • Payments: For any premium services offered by Delphos Labs, we may collect payment information, such as credit card details, to process transactions.

  • Sample Submissions: When you submit Samples to the Services, we collect all information contained in the Sample and information related to the submission itself. We create a unique code for each sample that doesn't identify you personally. This coded version is what we share with our security research community. This identifier enables pattern detection while reducing the risk of threat actors exploiting the Services. By submitting Samples, you confirm you either own the Sample or have the necessary rights and permissions for all its content, including any personal information it may contain. Metadata within executables or packaged software may also include personal information related to others.

  • Device Information: We collect device-specific data as visible by our services, such as unique device identifiers, and network details, through various web analytics tools. For each Sample submitted to or accessed from the Services, we log the User-Agent (browser and operating system version) and the submitter’s IP address. This information helps optimize our Services, detect abuse, and prevent misuse. All collected data is analyzed in aggregate for statistical purposes and is not linked to individual users.

  • Automatic Data Collection: When you interact with the Services, we automatically log certain information in server logs. This may include details about how the Services are used, IP addresses, system activity, browser type, HTTP request headers, referral URLs, language preferences, timestamps, and cookies that may uniquely identify your browser or account. Additional storage mechanisms, such as browser web storage (e.g., HTML5) and application data caches, may also be utilized.

  • Browser Extension Usage: If you use a Delphos Labs browser extension, we may collect Passive Domain Name System (pDNS) data, which includes domain names your browser resolves and their associated IP addresses. This information is shared through the Services to assist the Community in identifying malicious domains. Collected pDNS data is distinct from browsing history and is never tied to individual users. Existing extension users must opt-in to share pDNS data, while new users may opt-out via the extension’s settings.

These practices are designed to enhance the functionality of the Services, ensure security, and support the Community’s mission to improve global cybersecurity.

Cookies and Similar Technologies To provide you with a secure and personalized experience, Delphos Labs uses various tracking technologies, including cookies, web beacons, and local storage. We want to be transparent about how these technologies work and give you control over their use.

A cookie is a small text file stored on your device when you visit our website. These files contain information that helps us recognize your device, remember your preferences, and understand how you interact with our services. Beyond cookies, we may use other technologies like web beacons (small image files) or local storage (data stored directly in your browser) to enhance your experience.

Types of Cookies We Use

Essential Security Cookies
These cookies are strictly necessary for the security and basic functionality of our service. They enable core features like user authentication, session management, and fraud prevention. Because these cookies are essential for the secure operation of our service, they cannot be disabled. They are automatically deleted when you close your browser.

Analytics and Performance Cookies
We use these cookies to understand how visitors interact with our service, identify technical issues, and measure the effectiveness of our security features. These cookies collect aggregated data that helps us improve our service but does not identify you personally. The information gathered includes:

  • Pages visited and features used
  • Time spent on different sections
  • Technical errors encountered
  • Basic device information like browser type and operating system

Functional Preference Cookies
These cookies remember choices you make while using our service, such as:

  • Language preferences
  • Interface customizations
  • Previous analysis selections
  • Authentication status

We store these preferences to provide a more personalized experience and eliminate the need to reconfigure settings on each visit.

Managing Your Cookie Preferences
Most web browsers allow you to control cookies through their settings. You can typically:

  • View and delete existing cookies
  • Block third-party cookies
  • Clear cookies automatically when closing your browser
  • Browse in "private" or "incognito" mode

When logged into your Delphos Labs account, you can access additional privacy controls through your account settings. These controls let you manage how we use data from cookies and similar technologies to customize your experience.

Please note that limiting cookies may impact the functionality of our service and may reduce the functionality of your experience. Essential security cookies cannot be disabled as they are necessary for the secure operation of our platform.

Third-Party Services

We partner with select security and analytics providers who may set their own cookies when you use our service. These partners are listed under our subprocessor list located on our website.

We carefully select these partners and require them to follow strict data protection standards. However, we do not control their cookies directly. You can manage third-party cookies through your browser settings or the respective providers' privacy controls.

Data use

Delphos Labs uses the information we collect to manage platform users, respond to requests for support or information, enable participation in the Community, and fulfill contractual obligations to customers and partners. Additionally, we leverage collected information to deliver, maintain, secure, and enhance the Services, develop new features, and advance our mission of improving global cybersecurity. This includes the use of Samples and other data for the following purposes:

  • Enabling Threat Research: Providing verified security professionals, companies, and researchers—many of whom are Delphos Labs customers or partners—with access to Samples for threat detection and research purposes.

  • Generating and Publishing Reports: Analyzing and scanning Samples submitted by the Community to produce detailed security reports, updating these reports, and making them available through the Services, including associated Comments, mentions, and trusted ratings.

  • Improving the Services: Developing and refining features to optimize the functionality and utility of the Services for users.

  • Account Management: Creating and administering user, trial, customer, or partner accounts.

  • Analytics: Understanding how users interact with the Services and using that knowledge to improve performance and usability.

  • Site Security: Protecting and securing the Site, including the underlying networks and systems used to deliver the Services.

  • Processing Payments: Managing transactions for premium services offered by Delphos Labs.

  • Legal and Regulatory Compliance: Ensuring adherence to applicable laws and regulations, supporting corporate responsibility activities, managing accounts and records, and conducting legal, regulatory, and internal investigations.

When you contact Delphos Labs about the Services, we may retain a record of the communication to resolve issues and safeguard the Community and Services against fraud and abuse. We may also send administrative messages related to your account or use of the Services. These administrative messages are essential and cannot be opted out of.
Additionally, if you inquire about or express interest in the Services, we may use your email address to provide relevant information or updates. With your permission or at your request, we may send marketing, promotional materials, or personalized information about our offerings. You can unsubscribe from such messages at any time by following the provided instructions or contacting us directly.

Sharing and Disclosure

  • Delphos Labs shares information related to Samples uploaded to the Services, including raw data, associated metadata, and submitter details (such as a ciphered ID, city, and country) under specific circumstances.

  • With our security partners, Samples uploaded for analysis may be stored in our Data Repository and shared with security industry partners. These partners are contractually bound to use Samples exclusively for internal security purposes, in compliance with our Terms of Use. For example, partners may receive Samples undetected by their antivirus engines but flagged as malicious by at least one other partner. This collaboration supports an industry-wide effort to address vulnerabilities and enhance threat detection.

  • Our customers, including security researchers, academic institutions, government bodies, and corporate entities with advanced security needs, may also access shared Samples as part of our Services. Premium offerings may include Samples shared with verified participants who are actively engaged in threat detection and prevention. These entities are required by contract to use the Services and associated data solely for internal security purposes, adhering to our Terms of Use.

  • When participating in the Community, registered users will have their public profiles, including name, nickname, and any additional profile information (such as a profile picture), visible to other Community members. Activities, such as comments on Samples, mentions, and trusted connections with other users, will also be included as part of the public profile.

  • If you access the Services through your employer’s premium account, your employer may receive information about your access and the number of organization members utilizing the Services.

  • Delphos Labs may share your information with its affiliates when you request information about Services or opt to receive promotional materials. Affiliates may use this information to fulfill your requests.

  • We may also share personal information with trusted third-party processors, including affiliates or contracted entities, to perform tasks on our behalf. These processors are required to handle your data in compliance with this Privacy Policy and applicable confidentiality and security terms.

  • In certain situations, Delphos Labs may disclose personal information to comply with laws, regulations, or legal processes, enforce our Terms of Use, investigate potential violations, detect and prevent fraud or technical issues, or protect the rights, property, or safety of Delphos Labs, its affiliates, users, or the public.

  • In the event of a merger, acquisition, or asset sale, personal information may be disclosed to the prospective buyer or seller as part of the transaction.

  • Aggregated and anonymized information may also be shared publicly and with customers and partners. For instance, we may publish statistical trends regarding Service usage to provide insights into the broader cybersecurity landscape.

  • The Site may include links to websites operated by affiliates, partners, or Community members. These third-party sites have their own privacy policies, and Delphos Labs does not accept responsibility for their content, privacy practices, or policies. We encourage users to review these policies before submitting personal information to third-party websites.

  • Delphos Labs is committed to responsible data sharing practices that enhance global cybersecurity while protecting user privacy and maintaining compliance with contractual and legal obligations.

Retention, Deletion & Export

Delphos Labs retains personal information only for as long as necessary to fulfill the purposes for which it was collected. In certain circumstances, business or legal requirements may necessitate retaining information for extended periods. This could include reasons such as ensuring security and preventing fraud, maintaining financial records, complying with legal obligations, or ensuring the continuity of our Services. Community members have the option to delete their accounts or specific elements of their accounts, including comments made in the Community, using tools provided within the Services. If an account is deleted, any comments not explicitly removed by the user will no longer be attributed to them but may still be retained to preserve the security and integrity of the Community. Users also have the ability to request and export of their profile information and comments via account tools.

Delphos Labs processes personal information based on several legal grounds. In cases where users request information, sign up for a trial, or agree to receive marketing updates, their consent serves as the basis for processing. Delphos Labs may also process personal information to perform or prepare for contracts, such as evaluating potential customers for premium Services. Additionally, we process data to comply with legal obligations and to advance our legitimate interests as a provider of threat detection services. By analyzing Samples, including those that may contain incidental personal information, we enhance the global security industry’s ability to detect, analyze, and prevent threats. Sharing these Samples with security partners and customers ensures the effectiveness of the Services and benefits the global Community.

While processing information, including incidental personal data, is essential for the operation of our Services, Delphos Labs implements a range of safeguards to protect individual privacy. Our Terms of Use require users to confirm they have the rights and permissions to any personal information in submitted Samples, and users are expected to verify that their Samples conform to these requirements before submission. If a Sample is identified as containing personal information, we investigate and take appropriate action, particularly in cases where the potential harm to an individual outweighs the benefits to the Community. Our Corpus is secured using advanced technical and operational protections, and metadata containing personal information is anonymized or partially anonymized wherever possible. Public access to personal information is restricted; the public cannot search for personal information, download Samples, or access them directly from the Corpus. Only searches by specific hashes are permitted. Partners and customers may access raw data within Samples to generate verdicts or perform advanced security analytics, contributing to the collective effort to protect the Community from emerging threats.

By implementing these measures, Delphos Labs strives to balance the incidental processing of personal information with its mission to enhance global cybersecurity, ensuring that the Services remain effective and beneficial to the broader Community.

Data Retention Periods

We retain different categories of personal information for specific timeframes based on business needs and legal requirements:

  • Account and Profile Information: Duration of active account plus 180 days after account deletion
  • Security Incident Data: Up to 2 years from collection date
  • Payment Records: 7 years from transaction date (as required by financial regulations)
  • Communication Records: 3 years from last interaction
  • Technical Logs: 180 days from collection
  • Sample Data: Retained indefinitely in anonymized form for security research

After these periods expire, data is either deleted or anonymized unless a longer retention period is (a) required by law, (b) necessary for legal claims, (c) essential for security and fraud prevention purposes.

Compliance & DPO

Delphos Labs processes personal information on servers located in multiple countries worldwide. This means your personal information may be processed, transferred, and stored on servers outside the country where you reside. For example, we may transfer your personal information to our affiliates in the United States or to other jurisdictions where the servers supporting our Services are based. We regularly review our compliance with this Privacy Policy to ensure we adhere to relevant standards.

International Data Transfer Safeguards
For transfers of personal data outside your region, we implement the following protections:

Technical Measures:

  • End-to-end encryption for data in transit
  • Data pseudonymization where feasible
  • Access controls and authentication
  • Regular security assessments

Legal Framework:

  • Standard Contractual Clauses (SCCs) as approved by the EU Commission
  • Binding Corporate Rules where applicable
  • Privacy Shield certification for US transfers
  • Data Processing Agreements with vendors

We conduct transfer impact assessments for each data flow and implement supplementary measures as needed.

U.S. State Law Requirements

Certain U.S. state privacy laws, such as the California Consumer Privacy Act (CCPA) and the Virginia Consumer Data Protection Act (VCDPA), require specific disclosures for residents of those states. These laws grant rights to individuals regarding the collection, use, and disclosure of their personal information. Under these laws, individuals have the right to access their personal information, request its deletion, and opt out of certain types of profiling and targeted advertising. Additionally, these laws protect individuals from discrimination for exercising their privacy rights. This Privacy Policy is intended to provide clarity on how Delphos Labs handles your information, including what we collect, how it is used, and with whom it may be shared.

Delphos Labs does not sell your personal information. Any sharing of information is strictly in line with the practices described in this Privacy Policy. The personal information we process is used for purposes that align with the CCPA definition of “business purposes.” These include activities such as protecting against security threats and illegal activity, auditing and measurement to understand Service usage, maintaining Service functionality, conducting research and development, and engaging service providers to perform functions on our behalf.

For instance, we may use and disclose information to detect and prevent malicious activity, such as responding to security incidents or protecting against fraudulent behavior. We also use analytics to track how the Services are used, identify issues such as outages or bugs, and develop new features and technologies that improve cybersecurity. Service providers may process your information on our behalf, such as assisting with customer support, and we ensure that they adhere to appropriate confidentiality and security measures.

For additional transparency, the CCPA requires disclosures about data practices using specific categories. Delphos Labs collects identifiers such as names, passwords, email addresses, and unique device identifiers. We also collect information related to payment methods for premium accounts, internet activity such as search terms and IP addresses, geolocation data, and any content you create, upload, or provide. This data is used for purposes like protecting against threats, auditing usage, maintaining the Services, and supporting research and development efforts. Information may also be disclosed to service providers, premium account administrators, law enforcement, or other authorized third parties as needed.

Exercising Your Privacy Rights

Delphos Labs is committed to complying with relevant privacy laws and ensuring that users have control over their personal information.

You may submit requests regarding your privacy rights by contacting us at [email protected]. When submitting a request, please provide a) a clear description of what you are seeking, such as accessing your data, requesting deletion, or correcting your information. b) To help us verify your identity and process your request efficiently, include your full name, the email address associated with your account, and any relevant details about your request.

Our privacy team will acknowledge receipt of your request within 7 business days and provide a comprehensive response within 30 days. In cases where additional time is needed due to the complexity of your request, we will notify you and may extend our response time by up to 60 additional days.

When we respond to your request, we will explain any actions taken, provide the relevant information you requested, and detail how we fulfilled your request.

If you disagree with our response, you may submit an appeal within 30 days. Your appeal should explain why you believe our initial response was inadequate and include any additional information supporting your request. We will review your appeal and provide a final determination within 30 days, including information about your right to file a complaint with relevant data protection authorities if you remain unsatisfied with our decision.

We process all requests free of charge unless they are manifestly unfounded, excessive, or repetitive. We reserve the right to deny requests that cannot be verified, would pose a risk to others' privacy, or would require disproportionate technical effort.

For security purposes, if we cannot verify your identity based on the information provided, we may request additional verification. This could include responding to security questions associated with your account or providing other forms of identification. We implement these measures to protect your privacy and ensure that personal information is only disclosed to authorized individuals.

If you are acting as an authorized agent on behalf of another individual, you must provide documentation of your authority to make requests on their behalf, along with verification of both your identity and the identity of the individual you represent.

Changes and Updates

Delphos Labs reserves the right to update this Privacy Policy periodically. However, we will not reduce your rights under this Privacy Policy without your explicit consent. The date of the latest update will always be indicated, and if any changes are significant, we will provide prominent notice of the revisions, such as via email or an announcement on our Site.

The revised Privacy Policy will apply going forward from the date it becomes effective, as outlined in our Terms of Service. However:

  • Unless you provide explicit agreement, we will continue to use your personal information in accordance with the Privacy Policy in effect at the time the information was collected.

  • If you do not agree with the changes to the Privacy Policy, you must terminate your Delphos Labs account and discontinue use of the Services. Continuing to use the Services after an updated Privacy Policy becomes effective indicates that you have read, understood, and agreed to the revised terms.

Contact

If you have questions or comments about this Privacy Policy, your personal information, or our data use practices, please contact Delphos Labs at:
Email: [email protected]
Website: www.delphoslabs.com

For inquiries from law enforcement, please use the contact details provided specifically for legal requests.