Phantom engine

Privacy Policy

Phantom Red Labs – Privacy Policy

Effective Date: January 2026
Last Updated: January 2026

Phantom Red Labs (“PRL,” “we,” “our,” or “us”) is a cybersecurity research and adversary-simulation organization dedicated to helping defenders understand and prepare for real-world threats.
We prioritize privacy, restraint, and ethical handling of information in every system we design and every engagement we support.

This Privacy Policy explains how we collect, use, protect, and manage information across our websites, research platforms, and communications.

1. Information We Collect

We collect only the minimum information required for communication, research, or service operation.

1.1 Information You Provide Directly

  • Name, email address, and contact details
  • Professional or organizational information shared voluntarily
  • Messages, inquiries, or support tickets sent to us
  • Information provided during research collaboration or evaluation requests

1.2 Information Collected Automatically

When you visit our website or interact with our infrastructure, we may collect:

  • Browser and device metadata
  • IP address and general geolocation (region-level only)
  • Basic analytics for performance tuning
  • System logs used for security auditing and anomaly detection

We do not track user behavior for advertising or profiling.

1.3 Sensitive Data

We do not intentionally collect or store:

  • Financial records
  • Government IDs
  • Health or medical data
  • Biometric identifiers
  • Any sensitive personal information beyond what is strictly necessary for communication

2. How We Use Information

We use collected information for legitimate operational and research purposes, including:

  • Responding to messages, inquiries, or support requests
  • Providing access to Phantom Red Labs services or research material
  • Improving site stability, performance, and security
  • Conducting cybersecurity research, simulation, and technical analysis
  • Meeting legal, regulatory, or contractual obligations

We do not use personal information for marketing, advertising, or data brokerage.

3. Data Protection and Security

Phantom Red Labs applies the same engineering rigor to personal data protection that we apply to our adversary-simulation frameworks.

Our security controls include:

  • Encrypted storage and encrypted in-transit communication
  • Strict access gating and least-privilege controls
  • Environment-level monitoring for tampering and anomalous behavior
  • Internal red-team/blue-team testing against our own infrastructure
  • Regular reviews of access logs, data trails, and system architecture

We retain personal data only for as long as it is needed for operational or compliance reasons.

4. How We Share Information

We do not sell, rent, trade, or commercially distribute personal information.

Information may be shared only under the following limited conditions:

4.1 Infrastructure & Service Providers

We may share limited data with trusted service providers who support core operations (e.g., hosting, ticketing platforms).
They are contractually restricted from using data for anything outside their function.

4.2 Legal Requirements

If required by law, regulation, or valid request, we may disclose information to comply with:

  • Legal or regulatory investigations
  • Court orders or government requests
  • Security audits or mandatory reporting obligations

4.3 Research & Threat Intelligence

Aggregated, anonymized, or de-identified data may be used in:

  • Technical write-ups
  • Simulation research
  • Threat intelligence reporting

This data will never contain personal identifiers.

5. Your Rights

Depending on your region, you may have rights including:

  • Access to the personal data we hold
  • Requesting corrections
  • Requesting deletion
  • Withdrawing consent
  • Requesting a summary of how your data is used

To exercise any of these rights, contact us using the information in Section 9.

6. International Data Transfers

If you access Phantom Red Labs from outside the United States, information may be processed in U.S. systems with security measures designed to protect your data regardless of region.

7. Children’s Privacy

Phantom Red Labs does not target or provide services to individuals under 16 years of age.
We do not knowingly collect information from children.

8. Policy Changes

We may update this Privacy Policy to reflect improvements to our systems, legal adjustments, or operational changes.
When we do, the “Last Updated” date will be revised.

9. Contact Information

For privacy questions or requests:

Phantom Red Labs – Privacy Office
Email: privacy@phantomredlabs.com
Address: Phantom Red Labs, Research Operations Division, [City], [State], USA