Sherlock Forensics ("we", "us" or "our") operates the website www.sherlockforensics.com. This privacy policy explains what personal information we collect, how we use it, who we share it with and what rights you have under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
1. Information We Collect
We collect personal information through the following channels on our website:
- Contact Form Submissions
- Name, email address and company name. Submitted voluntarily when you reach out to us for inquiries or consultations.
- Recon Tool Queries
- Target domain name or IP address that you enter into our free reconnaissance tool. This tool performs passive lookups only using publicly available data through DNS queries, HTTP header inspection and public port connections. No active exploitation or intrusive scanning is performed.
- Lead Capture Forms
- Name, email address, company name and the resource you requested. Collected when you download guides, checklists or other materials from our website.
2. How We Use Your Information
We use your personal information for the following purposes:
- Responding to your inquiries and providing requested services
- Processing payments and fulfilling service engagements
- Delivering resources you have requested through lead capture forms
- Communicating with you about your engagement or account
- Improving our website and services
3. How We Store Your Data
Contact form submissions and lead capture form data are emailed to info@sherlockforensics.com and stored as JSON files on our secure servers. Payment data is processed and stored by Stripe in accordance with PCI DSS standards. We do not store full payment card details on our infrastructure.
4. Who We Share Data With
We share personal information with the following third parties only as necessary to deliver our services:
- Stripe
- Payment processing for service purchases. Stripe processes your payment data under their own privacy policy.
- BaitAndPhish.com
- When you purchase a phishing simulation campaign, we share relevant engagement details with BaitAndPhish.com to execute the campaign on your behalf. This sharing occurs only when you have purchased this specific service.
We do not sell, rent or trade your personal information to any third party for marketing or any other purpose.
5. Data Retention
Contact form submissions, lead capture data and engagement records are retained for legitimate business purposes including legal compliance and ongoing client relationships. You may request deletion of your personal data at any time by contacting us (see Section 8 below).
6. Cookies and Tracking
Our website uses the following analytics, advertising and third-party cookies to measure site performance, track conversions and improve our service:
- Google Analytics 4: Sets first-party cookies (
_ga, _gid, _gat_*) to measure aggregate site usage. Data is reported in anonymized form and helps us improve site navigation and content.
- Google Ads conversion tracking: Sets cookies (
_gcl_au, _gac_*) to attribute purchases and consultations to specific advertising campaigns. Used only for marketing attribution reporting.
- Stripe: May set cookies when you interact with our payment forms for fraud prevention and session management.
- Google Fonts: May set cookies when loading web fonts from Google servers.
We use anonymous A/B testing to improve our website experience. Variant assignments are stored in your browser's localStorage only and are not transmitted to our servers or linked to any personal information.
You can manage or block cookies through your browser settings. Blocking analytics or advertising cookies will not affect site functionality or your ability to purchase services.
7. Recon Tool Data
Our free reconnaissance tool queries publicly available data sources only. It performs DNS lookups, HTTP header inspection and public port connections against the domain or IP address you provide. No active exploitation, vulnerability scanning or intrusive testing is performed. The tool accesses only information that is already publicly available on the internet. Query data may be logged for rate limiting and abuse prevention purposes.
8. Your Rights Under PIPEDA
Under Canada's Personal Information Protection and Electronic Documents Act, you have the right to:
- Access the personal information we hold about you
- Request correction of any inaccurate or incomplete information
- Request deletion of your personal information
- Withdraw consent for the collection and use of your information going forward
To exercise any of these rights, contact us at info@sherlockforensics.com or call 888.883.4550. We will respond to your request within 30 days.
9. Security
We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure or destruction. These measures include HTTPS encryption for all data in transit, secure server infrastructure and access controls limiting data access to authorized personnel only.
10. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party website you visit.
11. Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.
12. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of our website after changes are posted constitutes your acceptance of the revised policy.
13. Contact Us
If you have questions or concerns about this privacy policy or our data practices, please contact us:
- Company
- Sherlock Forensics, Vancouver, British Columbia, Canada
14. Governing Law
This privacy policy is governed by and construed in accordance with the laws of the Province of British Columbia, Canada and the federal laws of Canada applicable therein.