Legal
Privacy Policy
Last updated:
Effective Date: April 13, 2026 · Last Updated: April 13, 2026
At Inferlume, your privacy is taken seriously. This Privacy Policy explains what personal data we collect, why we collect it, how it is used and stored, who we share it with, and what rights you have over it - in plain language, without legal theatre.
1. Who We Are
Inferlume is a Cyber Threat Intelligence platform operating at https://inferlume.com. For the purposes of applicable data protection law, Inferlume is the data controller for personal data collected through the Services. Contact: hello@inferlume.com.
2. What Data We Collect
Data you provide directly:
Name, email address, subscription tier, country/region
Payment information — processed exclusively by Stripe. Inferlume does not store card numbers, CVV codes, or full payment credentials
Account credentials (managed through Outseta in paid phases)
Communications sent via email or contact forms
Data collected automatically:
IP address, browser type, device type, OS
Pages visited, time on site, referring URL
Email open and click data via MailerLite (delivery performance only — not behavioural advertising)
Data we do not collect: Social media profiles, geolocation, biometric or health data, employment information, or any data from individuals under 18.
3. How We Use Your Data
Purpose | Legal Basis |
|---|---|
Deliver subscribed reports via email | Performance of contract |
Manage subscription, billing, account access | Performance of contract |
Process payments via Stripe and issue receipts | Performance of contract; legal obligation |
Communicate platform updates and policy changes | Legitimate interests; consent where required |
Respond to support inquiries | Legitimate interests |
Analyse email delivery performance | Legitimate interests (aggregated, not individual profiling) |
Prevent fraud and unauthorized access | Legitimate interests; legal obligation |
Comply with applicable law | Legal obligation |
We do not use your data for behavioural advertising, third-party audience building, or automated profiling that produces legal or significant effects.
4. Marketing Communications
You may opt out of non-essential communications at any time by clicking the unsubscribe link in any email or emailing hello@inferlume.com. Opting out of marketing does not affect delivery of reports you are subscribed to receive.
5. Cookies & Tracking Technologies
Type | Purpose | Can Be Declined? |
|---|---|---|
Strictly necessary | Session state, authentication (Outseta), security tokens | No — required for the site to function |
Analytics | Measure page visits — privacy-friendly analytics only, no Google Analytics behavioural tracking | Yes |
Preference | Remember cookie consent choice | Yes |
Inferlume does not use Facebook Pixel, Google Ads retargeting, or third-party behavioural advertising networks. MailerLite places a small tracking pixel in HTML emails to measure delivery performance — this can be blocked by disabling remote images in your email client.
6. Data Sharing
We do not sell, rent, or trade your personal data. We share data only as strictly necessary:
Provider | Role | Data Processed |
|---|---|---|
MailerLite | Email delivery & subscriber management | Name, email, subscription group, open/click data |
Outseta | Subscription access, account management | Name, email, subscription tier, credentials |
Stripe | Payment processing | Name, email, payment data, billing address |
Framer | Website hosting & publishing | IP address, page visit data (standard hosting logs) |
We may also disclose data to legal or regulatory authorities when required by law, with notification to you where legally permitted. In the event of a business transfer, you will be notified before your data becomes subject to a different privacy policy.
7. Data Retention
Data Type | Retention Period |
|---|---|
Active subscriber data | Duration of subscription + 12 months post-cancellation |
Billing & payment records | 7 years (Indian tax law — Income Tax Act, GST) |
Email delivery logs | 12 months |
Support correspondence | 24 months from last communication |
Website access logs | 90 days |
Founder Access subscriber data | Until paid phase transition, or 24 months from last open |
Data is deleted or anonymized within 30 days of a retention period expiry.
8. Your Rights
Depending on your location, you may have rights under the Indian Digital Personal Data Protection Act 2023 (DPDPA), GDPR, or other applicable laws:
Access — Request a copy of your personal data and information on how it is used
Correction — Request correction of inaccurate or incomplete data
Erasure — Request deletion, subject to legal retention obligations (e.g., tax records)
Portability — Receive your data in a structured, machine-readable format
Objection — Object to processing based on legitimate interests
Withdrawal of Consent — Withdraw consent at any time without affecting prior lawful processing
Restriction — Request restriction of processing in certain circumstances
To exercise any right, email PLACEHOLDER@inferlume.com with the subject line "Privacy Request — [Right You Are Exercising]." We respond within 30 days of a verified request.
9. Data Security
Security measures include TLS-encrypted email delivery, non-guessable report URL slugs, PCI-DSS Level 1 compliant payment processing via Stripe, authentication support by Stripe-verified partner, and no direct storage of card data by Inferlume. No online system is 100% secure. In the event of a breach likely to affect your rights, Inferlume will notify affected subscribers and relevant authorities within legally required timeframes.
10. International Data Transfers
Inferlume is operated from India. Infrastructure providers may process data outside India, including in the United States and EU. Appropriate safeguards — including Standard Contractual Clauses or adequacy decisions — are in place where required.
11. Children's Privacy
The Services are not directed to individuals under 18. If you believe a minor has subscribed, contact hello@inferlume.com immediately.
12. Changes to This Policy
Material changes will be communicated via email at least 14 days before taking effect, with the "Last Updated" date revised. Previous versions available on request.
13. Contact
Inferlume · PLACEHOLDER@inferlume.com · https://inferlume.com
Subject line guidance: Privacy Request — [Right] | Privacy Query | Security Concern
Version 1.0 · Effective April 13, 2026