TTPwire Vol. 1 · MITRE ATT&CK·Tagged
Legal

Privacy Policy

Last updated: 4 May 2026

Who we are

TTPwire is a free cybersecurity news digest service that classifies open-source reporting against the MITRE ATT&CK technique catalogue and delivers a personalised daily email digest to subscribers. The data controller is TTPwire, operated by Demmsec. You can contact us at [email protected].

What personal data we collect and why

Email address

What: Your email address, collected when you subscribe.

Why: To send you your daily digest and the one-time confirmation email that verifies your address.

Lawful basis: Consent (Article 6(1)(a) GDPR). You provide this voluntarily and tick an explicit consent checkbox before submitting the form. You can withdraw consent at any time by clicking the unsubscribe link in any digest email.

Retention: We keep your email address and subscription preferences for as long as your subscription is active. After you unsubscribe, your email and subscriptions are soft-deleted and held for up to 30 days before permanent deletion, to allow resubscription without disruption. You can request immediate permanent deletion — see Your rights below.

IP address and browser user-agent (feedback only)

What: If you submit feedback on an article classification (the "Mark wrong" / "Looks right" buttons on article pages), we record the IP address and browser user-agent string of the request.

Why: To detect and prevent spam or abusive feedback that would corrupt our training data.

Lawful basis: Legitimate interests (Article 6(1)(f) GDPR). We have a legitimate interest in maintaining the quality of our classifier training data. This is balanced against your rights: the data is minimal, not used for profiling, and not shared.

Retention: Retained for as long as the feedback record exists. Feedback records are not routinely deleted as they are part of the model training corpus.

Cookies and tracking

TTPwire does not use cookies, web beacons, tracking pixels, analytics scripts, or any other tracking technology. No data is collected about how you browse the site. The only JavaScript on public pages is Alpine.js, which runs entirely in your browser and sends nothing to us.

Third-party data processors

We use Resend (privacy policy) to deliver digest and verification emails. Your email address is transmitted to Resend solely for this purpose under a data processing agreement. Resend does not use your email for their own marketing or profiling.

We do not sell, rent, or share your personal data with any other third party.

Data transfers outside the UK/EEA

Our database is hosted by Hetzner Online GmbH in Germany (EU). All subscriber data at rest stays within the EEA and is subject to EU data protection law.

Email delivery is handled by Resend Inc., a US-based company. Transfers of your email address to Resend are covered by Standard Contractual Clauses (SCCs) under GDPR Article 46. No other personal data is transferred outside the EEA.

Your rights

Under GDPR you have the following rights:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — ask us to correct inaccurate data.
  • Right to erasure — ask us to delete your data. For subscribers, the easiest route is to unsubscribe using the link in any digest email. For erasure of feedback IP data, contact us directly.
  • Right to portability — receive your data in a machine-readable format.
  • Right to object — object to processing based on legitimate interests (feedback IP data).
  • Right to withdraw consent — withdraw your subscription consent at any time via the unsubscribe link in any email. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Right to lodge a complaint — you have the right to complain to your national data protection supervisory authority. In the UK this is the Information Commissioner’s Office (ICO); in Ireland the Data Protection Commission (DPC).

To exercise any right, email [email protected]. We will respond within 30 days.

Changes to this policy

If we make material changes, we will notify active subscribers by email before the change takes effect. The "Last updated" date at the top of this page reflects the current version.