Legal

Privacy Policy

Last updated: June 13, 2026

WraithSec is built by people who treat privacy as the default, not a setting. This website uses no cookies, runs no analytics, tracks nothing, and has no accounts to sign up for. Our tools run on your own machine and keep your data there. The short version is that we collect almost nothing. The rest of this page explains the few exceptions in plain language.

1. Who this covers

This policy applies to the WraithSec website at www.wraithsec.io and describes how our open-source tools (WRAITH, Legion, and Legion Runner) handle data. The tools are separate programs you download and run yourself. Where their behavior affects your privacy it is summarized below, and each project documents the full detail in its own README and SECURITY files.

2. The website

The site is a static site hosted on GitHub Pages. We run no application server of our own, keep no database, and do no server-side logging.

  • No cookies. The site sets no cookies of any kind.
  • No analytics or trackers. There are no analytics scripts, no tracking pixels, no fingerprinting, and no advertising networks.
  • No accounts or forms. We do not ask you to register, log in, or submit personal information. Buttons that mention contact or sponsorship open your own email client, so we receive only what you choose to send.

3. Local storage

To show the latest release version and working download links, the site asks GitHub's public API for release information and caches the result in your browser's sessionStorage and localStorage. That cache stays on your device, is readable only by this site, and holds nothing personal: only public release metadata such as the version number, file names, and dates, plus a timestamp so the site knows when to refresh. We never read it back to any server, and you can clear it at any time through your browser.

4. Requests your browser makes to third parties

Because the site is static, a few requests go directly from your browser to outside services. We do not control those services, and their own privacy policies apply.

  • GitHub.The download widgets fetch the latest release from GitHub's public API (api.github.com), and the site itself is served by GitHub Pages. GitHub may log your IP address and request details as part of serving you. See the GitHub Privacy Statement.
  • Google Fonts. The site loads the Inter typeface from Google Fonts, so your browser requests font files from fonts.googleapis.com and fonts.gstatic.com, and Google may log your IP for those requests. See the Google Privacy Policy.
  • Outbound links. Links to our sponsors (for example opensourcemalware.com) and to GitHub take you to sites we do not operate, each with its own policy.

5. If you email us

If you write to us (for example at support@wraithsec.io), we receive your message and email address so we can reply. We use that only to respond to you and do not add you to any mailing list.

6. The tools

Our tools are designed to keep your data on your machine. None of them require an account, and none send your scan results, host data, or findings to WraithSec. We operate no servers that receive your data.

  • WRAITH runs locally on Windows. Out of the box its only outbound calls are the CISA KEV vulnerability lookup and a GitHub update check. Optional integrations you configure yourself, such as Slack or Discord webhooks or a Microsoft Sentinel feed, send only what you set up.
  • Legion runs locally on Linux, macOS, and Windows. It pulls public threat-intel feeds (CISA KEV, ThreatFox, AbuseIPDB) to correlate against on your host. Its dashboard binds to localhost by default, and its data files are created owner-only on disk.
  • Legion Runnerruns inside your own CI job to monitor and control that job's network traffic and file integrity. It does not exfiltrate your repository or secrets.

For exact behavior, see each project's README and SECURITY documentation on GitHub.

7. What we do not collect

We do not collect any of the following about visitors to this site:

  • Names or contact details, unless you email us directly
  • IP addresses (we keep none; the third parties above may log their own)
  • Location or device identifiers
  • Behavioral, usage, or analytics data
  • Advertising identifiers
  • Payment information, since we sell nothing

8. Children's privacy

The site and tools are not directed at children under 13, or the equivalent age in your jurisdiction, and we do not knowingly collect information from them. Because we collect essentially nothing, there is nothing for us to delete, but you are welcome to contact us with any concern.

9. Your rights

Because we hold essentially no personal data about you, there is little for us to access, correct, or delete. If you are in a region with privacy laws such as the GDPR or CCPA and believe we hold data about you, email us and we will help. For data that third parties like GitHub or Google may log when your browser contacts them, please use their policies and privacy controls.

10. International processing

The site is served by GitHub's global infrastructure, and the third-party services above operate internationally, so requests your browser makes may be processed in other countries. We ourselves transfer nothing, because we collect nothing.

11. Security

The site is static and served over HTTPS with a strict Content Security Policy and a set of security headers. There is no account system or user database to breach. The tools apply their own protections, documented in each project's SECURITY file.

12. Changes to this policy

We may update this policy as the site or tools change. The date at the top reflects the latest version, and the full history is visible in the site's public Git repository.

13. Contact

Questions about privacy? Email support@wraithsec.io or open an issue at github.com/OpenSource-For-Freedom.

Back to WraithSec