This document will cover the ThreatSlayer, Bouncer, and other data collected and used by Interlock, a web3 security company.
ThreatSlayer
ThreatSlayer is a browser extension by Interlock. It protects users from malicious websites. Registered users will be eligible to receive Interlock's $ILOCK token in exchange for browsing. When ThreatSlayer is running in your browser, it:
1. Sends the URL you are browsing to our backend to check if the URL is safe
2. Blocks URLs that we detect are malicious, to protect you from entering sensitive information
3. (For users who register with us) Sends a unique key together with the URL in order to accurately calculate rewards for you
Note: You do not need to register in order to use and be protected by ThreatSlayer. But only registered users will be rewarded for browsing. ThreatSlayer is an open source project – you can see the source code on GitHub.
Data We Store for Scanning URLs
Interlock maintains a backend classifier that classifies URLs as safe or malicious. To do so, we collect and retain certain kinds of data. This data is not considered personally identifiable information (PII), and thus is not protected under the General Data Protection Regulation (GDPR) or similar legislation. This includes:
* Contents of the page
* Note: Query string parameters will be stripped from the scanned URL for privacy.
User Data We Store for Token Rewards
Interlock's business is based on protecting users with ThreatSlayer while identifying malicious URLs. We therefore reward registered ThreatSlayer users for the URLs they browse, especially malicious ones. In order to reward users fairly, we store the following data:
* Their username, a hash of their password, and their wallet address (for token deposits)
* The URLs they visit
* Any users who list them as a referrer
* Optional: The ThreatSlayer user who referred them
Analytics Data
Interlock will store the following information for URL classification:
* Resolvable URLs
* The data generated by Interlock about the link: classification as safe or malicious, etc.
Note: Analytics data may be stored indefinitely.
Data Anonymization and Deletion Policy
If a user posts a safe URL, Interlock will retain the URL and the “safe” classification in case another user posts the same URL in the future.If a user wishes for anonymity, they can use ThreatSlayer without registering, and there will be no data stored by Interlock connecting the user to their browsing activity.
Bouncer & Discord Event Data
Bouncer is Interlock’s open source Discord security bot. It is required to collect (and sometimes retain) certain event data from Discord for it to protect Discord servers from malicious links. This includes Bouncer commands executed by Discord mods.
Bouncer Data We Collect
The Bouncer data we collect is not considered personally identifiable information (PII), and thus is not protected under the General Data Protection Regulation (GDPR) or similar legislation. This includes:
* Discord server/guild ID (non-PII), channel ID, allowlisted URLs
* Dynamically rendered heuristic assets (i.e. favicons made by JS, instead of static)
* URLs by server ID, without parameters
In addition to the above, we follow the Discord Developers Terms of Service as well as the Discord Developer Policy due to our work on Bouncer, a Discord bot.
Who We May Share or Sell Your Data To
One of the ways Interlock makes money is to sell threat data to major Internet companies. To do so, we may sell URLs that you navigate to and that we classify as malicious. We may also sell related browsing data, like the site you navigated to that had the link to that malicious URL. We may also sell threat data and related browsing data to third party brokers who bundle together threat data for sale to Internet companies.
Your Data Choices, Rights, and Controls Access:
You have the right to confirm whether we are processing your personal information and to access your personal information.
Opt-out: You can prevent Interlock from collecting any data about you by not registering for ThreatSlayer. We will never associate any part of your identity with any data you generate. We may still sell any URLs you navigate to that we classify as malicious.
Deletion: If you are a registered user, you can delete your account at any time. This will delete your association with any URLs you navigate to. Again, we may still sell any URLs you navigate to that we classify as malicious.
Correction: You have the right to request correction of your inaccurate personal information.
Non-discrimination: We will not discriminate against you based on whether you are registered, unregistered, or deleted. You will receive the same protection against malicious URLs.
Appeal: If you have any unresolved privacy concerns that we have not addressed satisfactorily after contacting us, you may have the right to appeal our decision by responding directly in your request or by sending another email and indicating that you are appealing our response to your previous request.
Data Processing
All ThreatSlayer data is processed on DigitalOcean infrastructure located in the United States. It is stored in a Digital Ocean virtual machine that is only accessible to authorized Interlock employees.
How to Contact Us and Exercise Your RightsI
If you are a registered ThreatSlayer user and would like to exercise your right to delete your account and associated data, you can do so by navigating to the Account page in the extension and selecting "Delete account."
If you have any questions or concerns about ThreatSlayer, please email [email protected] you have any questions or concerns about Bouncer, please email [email protected]