Privacy Policy
Last Updated: March 14, 2026
BrightByte Labs LLC ("we," "us," or "our") operates the ThreatLab desktop application and associated online services. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.
Key Principle: ThreatLab is designed with privacy in mind. Your analysis session data (recordings, screenshots, monitoring logs, and reports) is stored locally on your machine. We do not upload, access, or store your session data on our servers.
1. Data We Collect
1.1 License and Activation Data
When you activate ThreatLab, we collect:
- Machine fingerprint — a SHA-256 hash derived from your CPU ID, motherboard serial number, and Windows installation ID. This is used solely to enforce per-seat licensing. We cannot reverse this hash to identify your hardware.
- Machine name — your computer's hostname, used to help you identify activated machines in the management portal.
- License key — the key entered during activation, linked to your organization's account.
1.2 Portal Account Data
If you use the ThreatLab Management Portal, we store:
- Email address and encrypted password (bcrypt hashed)
- Organization name and role (admin or customer)
- Two-factor authentication secrets (encrypted, if enabled)
- Login timestamps and IP addresses (for security auditing)
1.3 VPN Session Data
When you use ThreatLab's VPN routing feature during analysis sessions:
- We generate a unique WireGuard keypair per session (deleted when the session ends)
- We assign a temporary IP address on our VPN infrastructure
- We record session start/end times and the assigned VPN node for capacity management
We do not log, monitor, inspect, or store any traffic that passes through our VPN servers. The VPN exists solely to anonymize your sandbox's network traffic during malware analysis. Traffic logs are not created.
1.4 AI Analysis Data
If you enable the optional AI-powered threat analysis feature:
- Aggregated threat scores and event summaries from your analysis session are transmitted to Anthropic's Claude API for analysis
- Session metadata (file name, OS version, defender status, VPN region) is included for context
The following data is NEVER transmitted to the AI service:
- Original files or binary content
- Customer names, email addresses, or account data
- License keys or activation tokens
- Machine fingerprints or personal IP addresses
- VPN session details or traffic data
- Screenshots or session recordings
AI analysis can be disabled at any time in Settings. When disabled, no data is transmitted to any AI service.
1.5 Feedback Reports
If you submit a feedback report through the application:
- Your description of the issue
- Organization name, machine name, and IP address
- Application version
- Application logs (last 200 lines) — only if you leave the "Include logs" option checked. Logs contain operational messages and error details. They do not contain session content, file data, or personal information.
1.6 Server Audit Logs
Our API server maintains audit logs of significant events for security and operational purposes:
- License activations, validations, and deactivations
- VPN session creation and release
- Portal login attempts (successful and failed)
- Administrative actions (user management, node management)
- API errors
Audit logs include timestamps, IP addresses, and event descriptions. These logs are retained indefinitely for security purposes.
2. Data We Do NOT Collect
- We do not collect or transmit malware samples or files you analyze
- We do not access your session recordings, screenshots, or monitoring data
- We do not track your usage patterns, feature usage, or browsing activity
- We do not use cookies or third-party analytics in the desktop application
- We do not sell, rent, or share your data with third parties for marketing purposes
3. How We Use Your Data
- License enforcement — machine fingerprints and activation tokens verify that the Software is used within the terms of your license
- VPN service delivery — session data is used to manage VPN capacity and clean up stale connections
- Security — login attempts, IP addresses, and audit logs are used to detect and prevent unauthorized access
- Support — feedback reports and logs are used to diagnose and fix issues
- Communication — email addresses are used for account-related communications (password resets, welcome emails) only
4. Third-Party Services
4.1 Anthropic (AI Analysis)
When AI analysis is enabled, aggregated session data is processed by Anthropic's Claude API. Anthropic's data usage policy applies to data they receive. We recommend reviewing Anthropic's Privacy Policy for details on their data handling practices.
4.2 SendGrid (Email)
We use SendGrid (a Twilio company) to send transactional emails including password resets, welcome emails, and feedback reports. SendGrid processes email addresses and message content in accordance with their privacy policy.
5. Data Storage and Security
- Local data — all session data (recordings, screenshots, logs, reports) is stored on your local machine and is never transmitted to our servers
- Server data — license records, portal accounts, and audit logs are stored in an encrypted SQLite database on our API server
- Passwords — all passwords are hashed using bcrypt with a cost factor of 12 before storage
- Transport security — all communication between the application and our servers uses TLS 1.2+ encryption
- VPN keys — WireGuard keypairs are generated uniquely per session and deleted when the session ends. Private keys are never stored on disk inside the VM after tunnel activation
- Access controls — portal access requires email/password plus two-factor authentication. API endpoints are protected by key-based authentication and rate limiting
6. Data Retention
- Local session data — retained until you delete it. The application does not automatically delete session data
- License and activation records — retained for the duration of your subscription and a reasonable period afterward
- Portal accounts — retained until deleted by an administrator
- Audit logs — retained indefinitely for security purposes
- VPN session records — retained for operational and debugging purposes. Active sessions are automatically cleaned up after 30 minutes of inactivity
- Feedback reports — retained in our email system for support purposes
7. Your Rights
You have the right to:
- Access — request information about what data we hold about you
- Correction — request correction of inaccurate data
- Deletion — request deletion of your account and associated data
- Deactivation — deactivate your machine at any time through the application's Settings, freeing the seat for another machine
- Disable AI — disable AI analysis at any time in Settings to prevent any session data from being transmitted to third-party AI services
- Opt out of logs — uncheck "Include logs" when submitting feedback to prevent application logs from being sent
To exercise these rights, contact us at support@brightbytelabs.com.
8. Children's Privacy
ThreatLab is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of the Software after any changes constitutes acceptance of the updated policy.
10. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, contact us at:
BrightByte Labs LLC
Email: support@brightbytelabs.com
Website: https://threatlabsandbox.com
