Privacy Policy

Sherlock Forensics ("we", "us" or "our") operates the website www.sherlockforensics.com. This privacy policy explains what personal information we collect, how we use it, who we share it with and what rights you have under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Information We Collect

We collect personal information through the following channels on our website:

Contact Form Submissions

Name, email address and company name. Submitted voluntarily when you reach out to us for inquiries or consultations.

Recon Tool Queries

Target domain name or IP address that you enter into our free reconnaissance tool. This tool performs passive lookups only using publicly available data through DNS queries, HTTP header inspection and public port connections. No active exploitation or intrusive scanning is performed.

Lead Capture Forms

Name, email address, company name and the resource you requested. Collected when you download guides, checklists or other materials from our website.

Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card number, CVV or full payment credentials on our servers. We retain order details such as your name, email, engagement type, amount paid and transaction reference for our business records.

2. How We Use Your Information

We use your personal information for the following purposes:

• Responding to your inquiries and providing requested services
• Processing payments and fulfilling service engagements
• Delivering resources you have requested through lead capture forms
• Communicating with you about your engagement or account
• Improving our website and services

3. How We Store Your Data

Contact form submissions and lead capture form data are emailed to info@sherlockforensics.com and stored as JSON files on our secure servers. Payment data is processed and stored by Stripe in accordance with PCI DSS standards. We do not store full payment card details on our infrastructure.

4. Who We Share Data With

We share personal information with the following third parties only as necessary to deliver our services:

Stripe

Payment processing for service purchases. Stripe processes your payment data under their own privacy policy.

BaitAndPhish.com

When you purchase a phishing simulation campaign, we share relevant engagement details with BaitAndPhish.com to execute the campaign on your behalf. This sharing occurs only when you have purchased this specific service.

We do not sell, rent or trade your personal information to any third party for marketing or any other purpose.

5. Data Retention

Contact form submissions, lead capture data and engagement records are retained for legitimate business purposes including legal compliance and ongoing client relationships. You may request deletion of your personal data at any time by contacting us (see Section 8 below).

6. Cookies and Tracking

Our website does not currently use first-party tracking cookies or analytics cookies. However, the following third-party services may set cookies when you interact with our site:

• Stripe: May set cookies when you interact with our payment forms for fraud prevention and session management.
• Google Fonts: May set cookies when loading web fonts from Google servers.

We use anonymous A/B testing to improve our website experience. Variant assignments are stored in your browser's localStorage only and are not transmitted to our servers or linked to any personal information.

7. Recon Tool Data

Our free reconnaissance tool queries publicly available data sources only. It performs DNS lookups, HTTP header inspection and public port connections against the domain or IP address you provide. No active exploitation, vulnerability scanning or intrusive testing is performed. The tool accesses only information that is already publicly available on the internet. Query data may be logged for rate limiting and abuse prevention purposes.

8. Your Rights Under PIPEDA

Under Canada's Personal Information Protection and Electronic Documents Act, you have the right to:

• Access the personal information we hold about you
• Request correction of any inaccurate or incomplete information
• Request deletion of your personal information
• Withdraw consent for the collection and use of your information going forward

To exercise any of these rights, contact us at info@sherlockforensics.com or call 604.229.1994. We will respond to your request within 30 days.

9. Security

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure or destruction. These measures include HTTPS encryption for all data in transit, secure server infrastructure and access controls limiting data access to authorized personnel only.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party website you visit.

11. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of our website after changes are posted constitutes your acceptance of the revised policy.

13. Contact Us

If you have questions or concerns about this privacy policy or our data practices, please contact us:

Email

info@sherlockforensics.com

Phone

604.229.1994

Company

Sherlock Forensics, Vancouver, British Columbia, Canada

14. Governing Law

This privacy policy is governed by and construed in accordance with the laws of the Province of British Columbia, Canada, and the federal laws of Canada applicable therein.