Privacy Policy

Last reviewed on April 27, 2026.

This policy explains what data xscript.net ("the site," "we") collects when you visit, why it is collected, who it is shared with, and what choices you have. The site is informational and does not require an account to use any of its tools.

1. Data we collect

Visiting any page on the site results in the same kinds of data that any standard web server records, plus data collected by the analytics and advertising services described below:

• Technical data: IP address, user-agent string, browser type and version, operating system, referring URL, and timestamps.
• Usage data: pages viewed, time spent on each page, clicks within tools, and aggregate session metrics.
• Device identifiers: cookies and, on mobile, the operating-system-level advertising identifier when not reset by the user.

We do not ask you for your name, email address, or any other directly-identifying information in order to use the tools. The only situation in which you provide personal data directly to us is if you choose to send an email to the address listed on the contact page.

2. How the data is used

• To make the site work — serve pages, run the in-browser tools, log technical errors.
• To measure aggregate audience and content performance so the site can be improved.
• To serve advertising that funds the site, including, where allowed, personalized advertising.
• To investigate and respond to abuse, fraud, or technical problems.

3. Cookies and similar technologies

The site uses a small number of first-party and third-party cookies. The full list, with categories and examples, is on the cookies page. You can control cookies through your browser settings at any time.

4. Analytics

We use Google Analytics to measure aggregate site usage. Google Analytics sets cookies to distinguish unique sessions and devices and to attribute referrals. The data is processed by Google on our behalf. You can install the Google Analytics opt-out browser add-on to prevent measurement on every site that uses Google Analytics.

5. Google AdSense and advertising

The site is supported by advertising delivered through Google AdSense. Third-party vendors, including Google, use cookies to serve ads based on a user's prior visits to xscript.net and other websites. Google's use of advertising cookies enables it and its partners to serve ads to users based on their visit to this site or other sites on the Internet.

Users may opt out of personalized advertising by visiting Google Ad Settings. Alternatively, users can opt out of a third-party vendor's use of cookies for personalized advertising by visiting aboutads.info or, in the EU, Your Online Choices.

Google describes how it uses information from sites and apps that use its services in its partner-sites policy.

6. Third-party services

The site relies on a small number of third-party services to operate. These services may receive limited technical data (such as your IP address and request headers) directly from your browser when their resources are loaded:

• Google Analytics — audience measurement.
• Google AdSense and its certified partners — advertising and ad measurement.
• Google Fonts — typography.
• Leaflet (via unpkg) — map rendering on the cyber attack visualization page.

Each of these providers operates under its own privacy policy. We do not sell or rent personal data to third parties. Where these providers act as processors for us, they are contractually limited to processing data for the purposes described above.

7. Legal bases (for visitors in the EEA, UK, and Switzerland)

• Legitimate interests: for basic site operation, security, fraud prevention, and aggregate analytics.
• Consent: for advertising cookies and any non-essential cookies that require consent under local law.
• Legal obligation: where we must keep records or respond to lawful requests.

8. Your rights

Depending on where you live, you have some or all of the following rights regarding your personal data:

• Access — ask what data is held about you.
• Rectification — ask us to correct inaccurate data.
• Erasure — ask us to delete data, subject to legal retention requirements.
• Restriction or objection — limit certain types of processing.
• Portability — receive a copy of data you provided in a portable format.
• Withdraw consent — at any time, where processing is based on consent.
• Lodge a complaint with your local data-protection authority.

For California residents (CCPA / CPRA): you have the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of any "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell personal information for money. If you wish to opt out of sharing for cross-context behavioral advertising, you can use the global privacy control signal in your browser, opt out via Google Ad Settings as described above, and disable third-party cookies. Requests under the CCPA can be sent to the email on the contact page.

9. Data retention

Server-level access logs are retained for a short period (typically up to 30 days) for security and troubleshooting before being rotated and deleted. Aggregate analytics data is retained according to the configured retention setting in Google Analytics. Email correspondence is retained only for as long as needed to respond to your message and any reasonable follow-up.

10. Children's privacy

The site is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided personal data, please contact us so we can remove it.

11. Security

The site is served over HTTPS. We rely on standard security practices for the service providers we use. No method of transmission over the Internet is fully secure, so absolute security cannot be guaranteed.

12. International transfers

Our service providers (notably Google) operate globally, and your data may be processed in countries other than the one you live in, including the United States. Where required by law, those providers rely on standard contractual clauses or equivalent safeguards.

13. Changes to this policy

This policy may be updated from time to time. The "Last reviewed on" date at the top reflects the most recent change. Continued use of the site after changes are posted constitutes acceptance of the updated policy.

14. Contact

For privacy questions, requests under GDPR or CCPA, or anything else covered by this policy, please use the email address on the contact page.