Sleuth Kit Labs Privacy Policy

v2.0, 12/2025

 

INTRODUCTION

Sleuth Kit Labs LLC (“SKL,” “we,” “our” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard information when you:

• Purchase, use, or evaluate our software products (e.g., Cyber Triage, Autopsy)
• Attend our training programs, webinars, or courses
• Request customer support or technical assistance
• Provide your contact information at conferences or industry events
• Visit or use our websites
• Engage our professional services (e.g., digital forensics investigations)
• Otherwise interact with SKL

Throughout this policy, we refer to software products, training, professional services, and websites collectively as “Products and Services.”

We may update this Privacy Policy periodically. If we make material changes to how we use personally identifiable information, we will post the changes here or email you a notice. Your continued use of our Products and Services after such notice constitutes acceptance of the modified Privacy Policy.

1. INFORMATION WE COLLECT

The information we collect depends on how you interact with SKL.

1.1 Contact Information

Through various interactions with SKL (such as registering for training, requesting product evaluations, purchasing software, engaging professional services, attending conferences, or requesting customer support), we may collect basic contact information.

Information collected may include: 

• Name
• Email address
• Phone number
• Postal address
• Employer and job title
• Billing information (credit card details, billing address)
• Training course progress and attendance

1.2 Software Usage and Data

While our software is self-hosted and you are responsible for storing data, SKL does collect data when the following happens: 

• You authenticate your software license
• Data is added to the software and usage telemetry data is uploaded.
• You choose to use SKL-hosted services to analyze and score artifacts, which may result in content also going to third-party analysis services (e.g., ReversingLabs, Recorded Future).

Information collected may include:

• License Enforcement:
  • License ID numbers (without personal names) for authentication
  • Daily hash lookup counts per license for enforcing license limits
• Usage Telemetry:
  • Anonymized list of artifact signatures to be used for quality control, frequency statistics, error identification, and improving analytics. 
  • Anonymized usage information, such as which features are used. 
• Artifact Analysis:
  • Anonymized list of artifact hashes and signatures to be scored
  • File content to be scored
• Public IP addresses of computers that connect to our servers

Note: When you choose to send content to third-party services, those services have their own privacy policies and we are not responsible for their data handling practices. 

1.3 Customer Service Communications

When reporting issues, requesting support, or suggesting improvements, that information will be stored and used to improve our products and services. We reserve the right to use this information in anonymized or aggregated form, including for marketing purposes (such as displaying testimonials or usage statistics), without attribution to you or your organization.

1.4 Website Usage Data

When you visit our websites, we collect: IP addresses, browser type and version, device information, pages visited, time spent on pages, search queries, referring websites, and analytics data. 

1.5 Professional Services Investigation Data

When you engage our investigation services, we collect and process the data you provide for analysis.

2. HOW WE USE YOUR INFORMATION

Core Services:

• Deliver software licenses and manage license authentication
• Provide training programs, webinars, and send course materials
• Perform professional investigation services with strict confidentiality
• Provide customer support and technical assistance

Account and Transaction Management:

• Process payments and manage your account
• Communicate about your purchases, training registrations, or service engagements
• Enforce our Terms of Use and license agreements

Product Improvement and Analytics:

• Improve our software products and identify bugs or errors
• Create de-identified analytics to improve our offerings
• Usage data may be used or disclosed without restriction for analytics and product improvement

Marketing and Communications:

• Notify you about product updates, new features, and software releases
• Inform you about upcoming training programs, webinars, and educational opportunities
• Share relevant industry news and best practices
• Promote our products and services that may be of interest to you

You may opt out of marketing communications at any time by contacting support@SleuthKitLabs.com. We will continue to send essential communications about your purchases, training registrations, and account.

3. HOW WE STORE YOUR INFORMATION

3.1 Storage and Hosting

Your information is stored by third-party vendors who host our API management, analysis systems, account systems, and billing services. We rely on these vendors’ security measures and certifications to protect your data. Your information may be stored in the United States or other countries where our service providers maintain facilities. Upon written request, SKL will provide you with the names of these vendors.

3.2 Retention Periods

Unless specified otherwise, we may retain your information indefinitely for business purposes, legal compliance, and record-keeping. 

Investigation data is stored for up to 1 year after completion, or longer if the investigation is ongoing.

4. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information (exchange it for money). We never share investigation data or results with third parties other than service providers required to perform the work. We may share other types of information with trusted partners in the following circumstances:

4.1 Service Providers

We share information with vendors who help us operate our business:

• Payment processors (for software purchases and training fees)
• Hosting providers (for online services, website infrastructure, and analysis systems)
• Email and communication platforms (for training confirmations and updates)
• Customer support tools (for technical assistance)

These providers are prohibited from using your information except to provide services to us and must maintain confidentiality.

4.2 Business Transfers and Affiliates

If SKL is involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice of any such transfer. We may also share information with our affiliated entities (subsidiaries and parent companies).

4.3 Legal Requirements

We may access, use, preserve, or disclose your information if we have a good-faith belief it is necessary to:

• Comply with applicable laws, regulations, legal process, or government requests (subpoenas, court orders)
• Enforce our agreements and investigate potential violations
• Detect, prevent, or address fraud, security, or technical issues
• Protect against imminent harm to rights, property, or safety of SKL, our users, or the public

4.4 Marketing and Advertising Partners

We may share your information with partners for marketing purposes:

• Training and event co-hosts: When we co-host training events or webinars with partners, we may share your registration information (name, email, employer) with those partners, and they may contact you about their own products or services
• Joint marketing partners: We may contact you on behalf of business partners about relevant offerings, or we may share your registration information with them for jointly promoted products, services, or contests. These partners may also contact you about their other products, services, promotions, or contests
• Advertising networks: We may share certain demographic information (such as age, zip code, or industry) with ad networks to help deliver more relevant advertisements

4.5 Aggregated and Public Information

We may share aggregated, non-personally identifiable information publicly to show trends about software usage or training attendance. When you share information publicly (such as in forums or community spaces), that information may be indexable by search engines, and may be copied, forwarded, saved, or archived by others. Even if you later delete or update publicly shared content, it may not be removed from search engine caches or third-party archives.

5. DATA SECURITY

5.1 Our Security Measures

We take appropriate organizational and technical measures to protect your data, relying on security certifications from our third-party vendors. However, no internet transmission is completely secure, and we cannot guarantee absolute protection against unauthorized access.

5.2 Your Responsibilities

You are responsible for maintaining the security of your passwords and API Keys. Never share your password or respond to emails requesting sensitive account information. Legitimate emails from SKL will never ask for your password.

5.3 Reporting Security Issues

If you believe your password has been compromised, change it immediately in your account settings. Report unauthorized access to support@SleuthKitLabs.com. Treat any email requesting your password or linking to non-SleuthKitLabs.com URLs as suspicious and report it immediately.

5.4 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users in accordance with applicable law and take appropriate steps to investigate and remediate the breach.

6. CHILDREN’S PRIVACY

Our Products and Services are not directed to persons under 18. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and become aware that your child has provided us with personal information without your consent, please contact us at privacy@SleuthKitLabs.com. Upon verification, we will take steps to remove such information and, if applicable, terminate the account.

7. YOUR CHOICES AND RIGHTS

7.1 Access, Correction, and Deletion

You have the right to view, correct, complete, or remove your personal information. To exercise these rights, contact us at privacy@SleuthKitLabs.com. Upon verification of your identity, we will fulfill your request in accordance with applicable law. Please note that even after deletion or updates, residual copies may remain on our active servers temporarily and may not be immediately removed from our backup systems.

7.2 Marketing and Training Communications

See Section 2 (How We Use Your Information) for details on marketing communications and how to opt out.

8. REGION-SPECIFIC RIGHTS

8.1 California Residents

California Consumer Privacy Act (CCPA): California residents have enhanced privacy rights, including:

• The right to know what personal information we collect, use, disclose, or sell
• The right to request deletion of your personal information
• The right to opt out of the “sale” or “sharing” of personal information
• The right to non-discrimination for exercising these rights

We do not sell or share your personally identifiable information for valuable consideration or cross-context behavioral advertising. To make a “Request to Know” or “Request to Delete,” email privacy@SleuthKitLabs.com with the request type in the subject line. We will confirm receipt within 10 days and respond within 45 days (extendable by another 45 days if needed).

Do Not Sell My Personal Information: While we do not sell personal information, if you wish to exercise your right to opt out of any potential sale or sharing, you may submit a “Do Not Sell My Personal Information” request to privacy@SleuthKitLabs.com.

Shine the Light Law: California residents may request information about personal information disclosed to third parties for direct marketing purposes. Contact privacy@SleuthKitLabs.com with “California Shine The Light Request” in the subject line.

Other State Residents: Residents of other states may have similar rights to request information about or delete their personal information under applicable state privacy laws. To inquire about exercising these rights, please contact us at privacy@SleuthKitLabs.com.

8.2 European Economic Area, UK, and Switzerland

Controller and Processor Roles: If you are using our Products and Services for your business, you are responsible for the use and privacy of your users’ content and data. For data you submit through our software or investigation services, you are the data controller and SKL acts as a data processor, processing data according to your instructions. For registration, account, and website data, SKL is the data controller.

If you are in the EEA, UK, or Switzerland, we process your personal information only when we have a legal basis:

• Contract necessity: To deliver software, training, or professional services
• Legal compliance: To comply with legal or regulatory obligations
• Consent: Where you have given explicit consent
• Legitimate interests: For research, development, marketing, or protecting legal rights (when not overridden by your rights)

Your rights include: accessing your data, correcting inaccuracies, obtaining a transferable copy, restricting processing, requesting deletion, withdrawing consent, and filing complaints with supervisory authorities (EEA: https://ec.europa.eu/newsroom/article29/items/612080, UK: www.ico.org.uk, Switzerland: https://www.edoeb.admin.ch/). Contact privacy@SleuthKitLabs.com with proof of residency to exercise these rights. We will respond within one month.

Automated Decision-Making: We do not use solely automated decision-making or profiling that produces legal effects or similarly significantly affects you.

8.3 International Data Transfers

Your information may be stored and processed in the United States or other countries where we or our service providers maintain facilities. By using our Products and Services, you consent to the transfer of information outside your country of residence. If you are a resident of the EEA, UK, or Switzerland, please note that the United States and other countries may have data protection laws that are different from, and may not be as protective as, those in your country.

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 What We Use

We use cookies, web beacons, pixels, and similar technologies on our websites to enhance your experience, gather usage information, and optimize our offerings. Most browsers accept cookies automatically, but you can modify your settings to decline them. Note that some website features may not function properly with cookies disabled.

9.2 Third-Party Cookies and Advertising

Third-party vendors may use their own cookies for advertising, analytics, remarketing, and retargeting based on your visits to our websites and other sites. You can manage preferences:

• Google Ads Settings: https://www.google.com/ads/preferences/
• Google Analytics Opt-out: https://adssettings.google.com/
• Network Advertising Initiative: Visit their opt-out page

9.3 Do Not Track

We do not currently respond to Do Not Track signals due to inconsistent browser implementations. You can adjust browser or device settings to limit tracking or decline cookies, though this may affect functionality.

10. THIRD-PARTY LINKS AND SERVICES

Our websites may contain links to third-party websites, apps, and services, or integrate with third-party products (via APIs, plugins, links, or embedding). We have no control over these third parties and are not responsible for their privacy practices. Review their privacy policies before providing any information.

11. CHANGES TO THIS POLICY

We may modify this Privacy Policy at any time. Changes will be posted at https://www.SleuthKitLabs.com/privacy-policy with the effective date. Material changes will be communicated via email or prominent notice. Your continued use of our Products and Services after changes constitutes acceptance of the modified Privacy Policy.

12. CONTACT US

For questions about this Privacy Policy or to exercise your rights:
Privacy inquiries: privacy@SleuthKitLabs.com
Technical support: support@SleuthKitLabs.com
Mailing address: Sleuth Kit Labs LLC, 1070 Broadway, Somerville, MA 02144