← Back to Legal

Privacy Policy

S6 Security Labs Pty Ltd

ACN: 693 717 510 | ABN: 25 693 717 510

Effective Date: December 28, 2025

Last Updated: December 28, 2025

Table of Contents

1. Introduction2. Information We Collect3. How We Use Information4. Information Disclosure5. Data Retention6. Security Measures7. Your Privacy Rights8. International Transfers9. Children's Privacy10. Policy Updates11. Contact Information12. Jurisdiction-Specific Rights

1. Introduction

S6 Security Labs ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products and services.

This policy applies to all S6 Security Labs products and services including:

  • S6 Spectra - Agentic penetration testing platform
  • S6 Trace - Threat intelligence dashboard and OSINT platform
  • S6 Vantage for Splunk - Splunk optimization suite (Core and Pro editions)
  • Cyber Threat Hunters - Mobile security education game
  • S6 Security Labs Website - Our corporate website and marketing materials

2. Information We Collect

2.1 S6 Spectra (Penetration Testing)

What We Collect:

  • License validation data: IP address, hashed hardware identifier (HWID), software version
  • Optional error reports: Stack traces, environment information (excludes scan targets and outputs)
  • Account information: Name, email address, company name, billing information

✓ We DO NOT collect, upload, or store your penetration testing targets, configurations, scan outputs, or findings.

2.2 S6 Trace (Threat Intelligence)

What We Collect:

  • Account information: Name, organizational email, authentication credentials, billing details
  • Security logs: Timestamps, IP addresses, device metadata, API usage metrics
  • Investigation data: Search queries, domains analyzed, OSINT query inputs
  • Usage analytics: Feature usage, session duration, interaction patterns

✓ Your investigation data is treated as confidential. We do not sell your investigation targets or analysis.

2.3 S6 Vantage for Splunk (Splunk Optimization)

What We Collect:

  • License information: Organization details, number of users, Splunk instance metadata
  • Performance metrics: Query optimization results, dashboard load times, resource usage
  • Usage statistics: Features used, optimization recommendations applied

✓ We do not access your Splunk data, logs, or search results.

2.4 Cyber Threat Hunters (Mobile Game)

What We Collect:

  • Device identifiers: IDFA/GAID, device model, OS version
  • Game progress: Levels completed, skills acquired, achievement data
  • Performance data: Crash logs, loading times, frame rates
  • Approximate location: Country/city level (derived from IP address)

2.5 Website Visitors

What We Collect:

  • Contact form submissions: Name, email, company, message content
  • Cookies: Session cookies, preference cookies (analytics cookies NOT used)
  • Analytics: Page views, referral sources, device type, geographic region (via self-hosted Plausible Analytics - privacy-friendly, GDPR compliant, no personal data collected, no cookies)
  • PDF downloads: Name, email, company (stored for 30 days in browser cookie)

✓ We use self-hosted Plausible Analytics, a privacy-friendly solution that does not use cookies, does not collect personal data, and keeps all analytics data under our control.

3. How We Use Your Information

We use collected information for the following purposes:

  • Service Delivery: License validation, authentication, product functionality
  • Security & Maintenance: Fraud prevention, security monitoring, bug fixes
  • Communication: Product updates, security alerts, customer support responses
  • Billing: Payment processing, invoice generation, subscription management
  • Analytics: Product improvement, feature usage analysis, performance optimization
  • Legal Compliance: Responding to legal requests, enforcing our terms, protecting rights
  • Marketing: With your consent, sending promotional materials and product announcements

Legal Basis (GDPR): We process personal data based on contract performance, legitimate interests, legal obligations, and consent (for marketing and optional features).

4. Information Disclosure

We may share your information with:

Service Providers

Cloud hosting (AWS, Azure), payment processors (Stripe), email services (Brevo), analytics providers - all under strict confidentiality agreements and limited to necessary processing.

Legal Requirements

When required by law, court order, or governmental request; to protect our rights or safety; to prevent fraud or security threats.

Business Transfers

In connection with a merger, acquisition, or sale of assets (you will be notified of any such change).

With Your Consent

Any other disclosure will only occur with your explicit consent.

✗ We DO NOT sell your personal data to third parties for their marketing purposes.

5. Data Retention

Data TypeRetention Period
Account InformationDuration of account + 7 years (tax/legal requirements)
Investigation Data (S6 Trace)90 days, then anonymized or deleted
Security Logs13 months
Marketing CommunicationsUntil opt-out + 30 days
Website Analytics26 months
Support Tickets5 years after case closure

6. Security Measures

We implement industry-standard security measures to protect your information:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Multi-factor authentication for user accounts
  • Regular security audits and penetration testing
  • Employee security training and background checks
  • Incident response procedures and breach notification protocols
  • Access controls and principle of least privilege

For detailed information about our security program, see our Security page.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

Access & Portability

Request a copy of your personal data in a structured, machine-readable format.

Correction

Request correction of inaccurate or incomplete personal data.

Deletion

Request deletion of your personal data (subject to legal retention requirements).

Opt-Out

Unsubscribe from marketing communications or object to certain processing activities.

Restriction

Request restriction of processing in certain circumstances.

Withdraw Consent

Withdraw consent for processing based on consent (without affecting prior lawful processing).

To exercise your rights, contact us at:

privacy@s6securitylabs.com

We will respond within 30 days (EU/UK) or 45 days (California/US states) of your request.

8. International Data Transfers

S6 Security Labs is based in Australia. We use cloud infrastructure providers in:

  • United States (AWS us-east-1, us-west-2)
  • Europe (AWS eu-central-1, Azure EU regions)
  • Australia (AWS ap-southeast-2)

For transfers from the EU/UK to countries without adequacy decisions, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with appropriate safeguards
  • Your explicit consent where applicable

9. Children's Privacy

Our enterprise products (S6 Spectra, S6 Trace, S6 Vantage) are not directed to children under 16. We do not knowingly collect personal information from children under 16 for these services.

Cyber Threat Hunters is rated 12+ and may be used by teenagers with parental consent. We collect only minimal data (device identifiers, game progress) and do not enable third-party advertising or in-app purchases.

10. Policy Updates

We may update this Privacy Policy periodically. Material changes will be communicated via:

  • Email notification to registered users
  • Prominent notice on our website
  • In-product notifications

Continued use of our services after updates constitutes acceptance of the revised policy.

11. Contact Information

S6 Security Labs Pty Ltd

Privacy Team: privacy@s6securitylabs.com

Data Protection Officer: dpo@s6securitylabs.com

Website: s6securitylabs.com

Australian Company Details:

ACN: 693 717 510

ABN: 25 693 717 510

12. Jurisdiction-Specific Rights

12.1 Australian Privacy Act

We comply with the Australian Privacy Principles (APPs). You may lodge a complaint with:

Office of the Australian Information Commissioner (OAIC)

Website: www.oaic.gov.au

12.2 GDPR (EU/UK)

For EU/UK residents, you have the right to lodge a complaint with your local supervisory authority:

Find your data protection authority at: European Data Protection Board

12.3 California (CCPA/CPRA)

California residents have additional rights under CCPA/CPRA:

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information (subject to exceptions)
  • Right to opt-out of the "sale" or "sharing" of personal information
  • Right to correct inaccurate personal information
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising your rights

✓ We do not sell or share personal information as defined by CCPA.

12.4 Other US States

Residents of Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia have similar rights under their respective state privacy laws. Contact privacy@s6securitylabs.com to exercise these rights.

← Back to Legal
Cookie Policy →Terms of Service →