Privacy Policy — PFS HoneyStack

Effective date: 1 April 2026 · Last updated: 14 April 2026

1. Who we are

PFS HoneyStack ("we", "us", "our") is a self-hostable honeypot platform operated by PFS HoneyStack Ltd. Our registered contact address is support@pfshoneystack.io.

2. What this policy covers

This policy covers data we collect when you visit pfshoneystack.io, create an account on our customer portal, or purchase a subscription. It does not cover data collected by HoneyStack software that you deploy on your own servers — that data never leaves your infrastructure.

    Core principle: HoneyStack is self-hosted. All honeypot traffic, attacker data, packet captures, and session logs remain entirely on your own servers. We never have access to them.
  

3. Data we collect

Account data: When you register, we collect your name, email address, and a hashed password. We do not store your password in plain text.

Payment data: Payments are processed by Stripe. We store only a Stripe customer ID and subscription status — we never see or store your card number, CVV, or bank details.

License data: We store your license key, the tier you are subscribed to, and the machine fingerprint of the server that first validated your key. This is used solely to enforce your subscription entitlements.

Usage data: When your HoneyStack instance validates its license, we log the timestamp, your license key prefix, and the HoneyStack version number. No other telemetry is sent to our servers.

Website analytics: We do not use Google Analytics, Facebook Pixel, or any third-party tracking scripts. We may log server access logs (IP address, user agent, page path) for security and abuse prevention. These logs are retained for 30 days.

Support communications: If you email us, we retain that correspondence to resolve your issue.

4. How we use your data

To create and manage your account
To process payments and issue license keys
To validate license keys when your HoneyStack instance calls our license server
To send transactional emails — welcome, payment receipts, cancellation confirmations, password resets
To respond to support requests
To detect and prevent fraud or abuse of our service

We do not sell your data. We do not use your data for advertising.

5. Legal basis for processing (GDPR)

If you are in the UK or EEA, our legal basis for processing your personal data is:

Contract performance — to deliver the subscription you purchased
Legitimate interests — to prevent fraud, secure our platform, and improve our service
Legal obligation — to comply with applicable laws including tax and financial regulations

6. Third-party services

Stripe — payment processing. Their privacy policy: stripe.com/privacy
Resend — transactional email delivery. Your email address is shared with Resend solely for the purpose of delivering emails you have requested.
Hetzner — our server infrastructure is hosted in Helsinki, Finland. Your data is stored in the EU.

7. Data retention

Active accounts: retained as long as your account exists
Cancelled accounts: account data deleted after 90 days
Payment records: retained for 7 years for legal and tax compliance
License validation logs: retained for 12 months
Server access logs: retained for 30 days

8. Your rights

You have the right to access, correct, or delete your personal data. You can:

Update your name and email in your portal profile at any time
Request a copy of all data we hold about you by emailing support@pfshoneystack.io
Request deletion of your account and all associated data
Withdraw consent at any time (where consent is the legal basis)

We will respond to all data requests within 30 days.

9. Security

We use HTTPS for all connections. Passwords are hashed using bcrypt. License tokens are cryptographically signed. We restrict access to customer data to authorised personnel only. Despite these measures, no system is completely secure — please use a strong unique password for your account.

10. Cookies

Our portal uses a single session cookie (portal_token) to keep you logged in. This is a strictly necessary cookie — it is not used for tracking or advertising. We do not use any third-party cookies.

11. Changes to this policy

We may update this policy from time to time. If we make material changes we will notify you by email and update the "Last updated" date above. Continued use of the service after changes constitutes acceptance.

12. Contact

For any privacy-related questions or requests, contact us at:
support@pfshoneystack.io