Beta Notice
Tunnyl is currently in beta. This privacy policy reflects our current practices and will be updated as we approach public launch. We are committed to transparency about how we handle your data.
Privacy Policy
Last updated: January 31, 2026
Tunnyl is the professional network for cybersecurity practitioners. We understand that as security professionals, you care deeply about data privacy. This policy explains what data we collect, why we collect it, and how we protect it.
1. Data We Collect
Account Information
When you register, we collect:
- Email address (required for account verification)
- Password (stored as a secure hash, never in plain text)
- First and last name
- Professional title and company (optional)
Profile Information
You may choose to add:
- Professional bio and specialization
- Profile photo
- Social links (LinkedIn, GitHub, Twitter, personal website)
- Skills and certifications
- Location
Content You Create
- Posts and comments
- Direct messages
- Community memberships and interactions
- Connection requests and network
Automatically Collected Data
- IP address (for security and rate limiting)
- Browser type and device information
- Login timestamps and session data
2. How We Use Your Data
We use your data to:
- Provide the service: Display your profile, enable connections, show your posts
- Verify professionals: Validate credentials for verified badges
- Send notifications: Email you about connections, messages, and platform updates (configurable in settings)
- Ensure security: Detect suspicious activity, prevent abuse, protect accounts
- Improve the platform: Understand usage patterns to build better features
We do not: Sell your data to advertisers, use your content to train AI models, or share your information with recruiters without your explicit consent.
3. Data Sharing
Public Profile Information
If your profile is set to public, other Tunnyl members can see your name, title, bio, and posts. You control this in your privacy settings.
Third-Party Services
We use limited third-party services:
- Email delivery: To send you notifications and security alerts
- Cloud hosting: To securely store and serve the platform
- Error monitoring: To detect and fix technical issues
These providers are contractually bound to protect your data and use it only for the services they provide to us.
Legal Requirements
We may disclose data if required by law, court order, or to protect the safety of our users.
4. Data Security
As a platform built for security professionals, we take security seriously:
- Password hashing: Argon2id with memory-hard parameters
- Transport encryption: TLS 1.3 for all connections
- Authentication: Short-lived JWT tokens (15 minutes) with secure refresh
- Rate limiting: Protection against brute force and abuse
- Account lockout: Automatic lockout after failed login attempts
- Input validation: Protection against injection attacks (OWASP compliant)
- Security headers: HSTS, CSP, and other protective headers
5. Your Rights
You have control over your data:
- Access: View all data we have about you in your account settings
- Correction: Update your profile information at any time
- Deletion: Delete your account and associated data from settings
- Export: Request a copy of your data
- Notification preferences: Control which emails you receive
- Privacy settings: Control profile visibility and who can contact you
6. Cookies
We use minimal cookies:
- Authentication: To keep you logged in (essential)
- Preferences: To remember your settings (functional)
We do not use advertising cookies or third-party tracking cookies.
7. Data Retention
- Account data: Retained while your account is active
- Deleted accounts: Data removed within 30 days of deletion request
- Security logs: Retained for up to 90 days for security purposes
- Backup data: Removed from backups within 90 days
8. Changes to This Policy
We may update this policy as Tunnyl evolves. Significant changes will be communicated via email or platform notification. Continued use after changes constitutes acceptance.