Privacy Policy
I believe in transparency. Here's exactly what data I collect, how I use it, and how I protect your privacy.
Plain-language note
An earlier draft of this page oversimplified some technical details. This version reflects the current implementation, including short-lived IP-based sign-in abuse prevention and browser storage used for authentication flows.
Privacy-First Approach
I collect minimal data, never sell your information, and use security-related data narrowly. Your local SIERRA graphs and notes stay on your machine by default, and short-lived website security records expire automatically where possible.
What I Collect
Here's a complete breakdown of data collection across my services.
PhantomHelix.com Website
The website collects account and security data for sign-in, billing, and abuse prevention:
Anonymous Website Analytics
Page views and click interactions to understand how the website is used. Processed in the EU. No personal profiles are created and no data is sold. You can block this by blocking hoggie.phantomhelix.com.
Email Address
Collected when you create an account or subscribe to the newsletter. Used for authentication and account communication only.
IP Addresses
Used for sign-in rate limiting and abuse prevention. Records expire automatically within 24 hours and are never used for advertising.
Browser Storage
Used to keep you signed in and complete authentication flows, including desktop app handoff. Not used for tracking.
SIERRA Software
SIERRA is designed with privacy as a core principle:
Personal Data
SIERRA operates entirely offline and collects zero personal data.
Investigation Data
All your case files, graphs, and notes stay on your local machine.
Usage Analytics
No tracking, telemetry, or usage statistics are collected.
Network Requests
Only when you enable Cloud Invoker after "Connect to SIERRA Cloud" signin. Each request is explicit and per-invoker.
Payments
Payments are handled by Stripe. Full card numbers and CVCs never reach my servers.
Billing Details
Stripe collects your name, email, and billing address to process the transaction.
Merchant Access
I can see your name, email, billing address, and receipts in Stripe. Used for support, tax records, and fraud prevention only.
Stripe may process payment data in other countries. See Stripe's Privacy Policy for details.
Cloud Invoker
Cloud features are opt-in and require signing in to SIERRA Cloud.
Invocation Data
Each Cloud Invoker runs with the inputs you provide. Those inputs are sent to SIERRA Cloud and may be forwarded to the third-party service behind the invoker.
Anonymous Usage Stats
Which invoker was called and whether it succeeded. No user identity, inputs, or results are included.
Investigation Content
Your local graphs and notes stay on your machine. Nothing is uploaded unless you run a Cloud Invoker with specific data.
Cookies
This website does not use tracking cookies or third-party advertising cookies. Browser storage (localStorage) is used solely to maintain your authentication session.
GDPR
Website analytics are processed in the European Union with no personal profiles created. If you are an EU resident, you have the right to access, correct, or delete your personal data. Contact [email protected] and I will respond within 30 days.
Questions or Concerns?
If you have any questions about my privacy practices or want to exercise your data rights, please reach out.
Last updated: March 2026 • This policy applies to all PhantomHelix services
Phantom Helix
In silence, patterns emerge.
OSINT tools for modern investigators and security professionals.
© 2026 Phantom Helix Intelligence. All rights reserved.
Made with ❤️ for the OSINT community