Legal Information

Disclaimer

Breach House is a platform that aggregates publicly available information regarding security incidents and claims made by third parties, such as threat actors. The information presented is collected and displayed with the primary goal of alerting potential victims and organizations.

The data shown on Breach House is based on external sources and has not been independently verified by us. While we strive to present the information objectively, we do not confirm or validate the accuracy of the original claims made by third parties. By accessing or using Darkeye Industries, you acknowledge that you do so at your own risk and should treat the information with due caution.

Privacy Policy and GDPR Compliance

Darkeye Industries is firmly committed to data protection and adheres strictly to applicable regulations, including the EU's General Data Protection Regulation (GDPR).

Data Processed: We exclusively process and display publicly available metadata associated with security incidents reported by third parties. This typically includes information such as affected organization names, incident dates, reported data types (e.g., "customer emails," "employee records" - without displaying the actual data), and threat actor attributions, if publicly claimed. Crucially, we do not collect, store, process, or display sensitive personal data directly originating from the security breaches themselves. Our focus is solely on the publicly accessible information about the breaches.

Legal Basis (GDPR Article 6(1)(f)): Our legal basis for processing this limited metadata is Article 6(1)(f) of the GDPR: Legitimate Interests. We have conducted a careful assessment and determined that we have a legitimate interest in:

• Providing timely alerts to potential victims and organizations about publicly claimed security incidents, enabling them to take protective measures.
• Contributing to the broader cybersecurity ecosystem's awareness of ongoing threats and breach trends based on publicly available information.
• Facilitating security research and awareness by aggregating publicly known incident details.

Balancing Test: We believe these legitimate interests are not overridden by the interests or fundamental rights and freedoms of data subjects. This is because:

• Data Minimization: We only process metadata that is already in the public domain, often published by the threat actors themselves or news outlets. We do not seek out or publish non-public personal data.
• Limited Impact: The processing concerns information about potential breaches, not the sensitive contents of those breaches. The impact on individual privacy is minimal compared to the potential benefit of awareness and mitigation.
• Purpose: The purpose is protective and informative, aimed at mitigating harm from publicly known threats.

Transparency and Rights: This policy serves to provide transparency about our data practices. Should you believe any displayed metadata is inaccurate, pertains to you in a way that violates your rights despite its public nature, or if you have other privacy concerns related to our processing under GDPR, please contact us immediately at legal@darkeye.io to discuss rectification or other potential rights.

Terms of Use

By accessing or using the Darkeye Industries website and services ("Service"), you agree to comply with and be bound by these Terms of Use ("Terms"). If you do not agree to these Terms, you must not access or use the Service.

1. Permitted Use: You are granted a non-exclusive, non-transferable, revocable license to access and use the Service strictly for informational, research, and awareness purposes related to cybersecurity and publicly reported data breaches.
2. Prohibited Uses: You agree not to use the Service:
   • For any unlawful purpose or in violation of any applicable local, state, national, or international law.
   • To harass, abuse, defame, or harm others.
   • To attempt to gain unauthorized access to the Service, user accounts, or computer systems or networks connected to the Service.
   • To engage in any data mining, data harvesting, data extracting, scraping, or any other similar activity in relation to this Service, beyond reasonable manual access for permitted purposes.
   • To distribute, resell, or commercially exploit the Service or its content without express written permission from Darkeye Industries.
   • To reverse engineer, decompile, or disassemble any portion of the Service.
3. Disclaimer of Warranties: The Service and the information provided are offered on an "AS IS" and "AS AVAILABLE" basis. Darkeye Industries makes no representations or warranties of any kind, express or implied, as to the accuracy, completeness, reliability, or timeliness of the information contained herein.
4. Limitation of Liability: To the fullest extent permitted by applicable law, Darkeye Industries, its affiliates, officers, directors, employees, agents, or licensors shall not be liable for any indirect, incidental, special, consequential, or punitive damages.
5. Intellectual Property: The Service name, logo, design, and overall appearance are the property of Darkeye Industries. The aggregated data itself originates from public sources.
6. Modifications to Terms: Darkeye Industries reserves the right to modify these Terms at any time.
7. Governing Law: These Terms shall be governed and construed in accordance with the laws of Spain (Europe).
8. Contact: For any questions regarding these Terms, please contact us at legal@darkeye.io.