Privacy Policy
We believe in transparency. Here's exactly what data we collect, how we use it, and how we protect your privacy.
Plain-language note
An earlier draft of this page oversimplified some technical details. This version reflects the current implementation, including short-lived IP-based sign-in abuse prevention and browser storage used for authentication flows.
Privacy-First Approach
I collect minimal data, never sell your information, and use security-related data narrowly. Your local SIERRA graphs and notes stay on your machine by default, and short-lived website security records expire automatically where possible.
What I Collect
Here's a complete breakdown of data collection across my services.
PhantomHelix.com Website
The website collects a small amount of account and security data needed to run sign-in, billing, and abuse prevention:
Cloudflare Analytics
Page views, country data, and general usage patterns. No personal information. Blockable with ad blockers.
Email Addresses
Only when you sign up for newsletters or create an account. Used solely for authentication and communication.
IP Addresses (security only)
Used only for sign-in security and rate limiting. The current implementation keeps sign-in abuse-prevention records in Redis for up to 24 hours, after which they expire automatically. They are not used for advertising or sold to third parties.
Browser Storage / Session Data
Authentication flows use browser storage such as localStorage and sessionStorage for sign-in completion, session recovery, and desktop handoff context. This is used for account access, not ad tracking.
SIERRA Software
SIERRA is designed with privacy as a core principle:
Personal Data
SIERRA operates entirely offline and collects zero personal data.
Investigation Data
All your case files, graphs, and notes stay on your local machine.
Usage Analytics
No tracking, telemetry, or usage statistics are collected.
Network Requests
Only when you enable Cloud Invoker after "Connect to SIERRA Cloud" signin. Each request is explicit and per-invoker.
Payments
I collect the minimum needed. Stripe securely handles your payment. I never see your full card number or CVC.
What is collected
To complete a payment, Stripe may collect your name, email and billing address so the bank can verify the transaction.
What I can see
In Stripe I can see your name, email, billing address and receipts. Used only for receipts, support, tax records and fraud checks.
Stripe may process payment data in other countries. See Stripe's Privacy Policy for details.
View Stripe Privacy PolicyCloud Invoker
Cloud Invoker is opt in. It requires "Connect to SIERRA Cloud" signin.
Account Sign-in
Authentication to your SIERRA Cloud account is required before any cloud features can run.
Invocation Requests
Only the inputs you approve are sent to SIERRA Cloud to run the selected Cloud Invoker. Those inputs may then be forwarded to the third-party API or service that the invoker uses. Your local graphs and notes are not uploaded automatically.
Investigation Content
Your local graphs and notes remain on your machine unless an Invoker explicitly uploads data you approve.
Questions or Concerns?
If you have any questions about my privacy practices or want to exercise your data rights, please reach out.
Last updated: March 2026 • This policy applies to all PhantomHelix services
Phantom Helix
In silence, patterns emerge.
OSINT tools for modern investigators and security professionals.
© 2026 Phantom Helix Intelligence. All rights reserved.
Made with ❤️ for the OSINT community