1-SEC

Privacy Policy

Effective: February 19, 2026

1. Overview

1SEC is designed with privacy as a core principle. As a self-hosted security platform, your data stays on your infrastructure by default. This policy explains what data is collected, when, and how it is handled.

2. Self-Hosted Deployment

When running 1SEC on your own infrastructure, no data is transmitted to us. All security events, alerts, logs, and configuration remain entirely within your environment. We have no access to your systems or data.

3. AI Analysis Layer

If you enable the AI-powered threat analysis features, security event data is sent to third-party LLM providers (Google Gemini) for processing. This includes:

  • Security event metadata (type, severity, timestamp)
  • Sanitized payload excerpts for threat classification
  • Module correlation data for cross-module analysis

IP addresses, user credentials, and personally identifiable information are stripped before transmission. You can disable AI features entirely via configuration.

4. Website Analytics

This website (1-sec.dev) may use privacy-respecting analytics to understand traffic patterns. We do not use cookies for tracking. No personal information is collected through the website.

5. Optional Telemetry

1SEC includes an opt-in anonymous telemetry feature that collects:

  • Which modules are enabled (not their configuration)
  • Aggregate event counts per module
  • 1SEC version and Go runtime version
  • Operating system and architecture

Telemetry is disabled by default and must be explicitly enabled. No security event content, IP addresses, or identifiable data is ever included.

6. Third-Party Services

1SEC integrates with third-party services only when explicitly configured by you:

  • Google Gemini API (AI analysis, opt-in)
  • Webhook endpoints (alert delivery, user-configured)
  • NATS (embedded by default, external if configured)

Each integration is governed by the respective provider’s privacy policy.

7. Data Retention

1SEC does not retain your data. All event logs, alerts, and analysis results are stored locally on your infrastructure. Retention policies are controlled entirely by your configuration.

8. Security

We take security seriously. The 1SEC codebase is open source and subject to community review. If you discover a security vulnerability, please report it through our responsible disclosure process on GitHub.

9. Children's Privacy

1SEC is enterprise security software not directed at individuals under 13. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted to this page with an updated effective date. We encourage you to review this policy periodically.

11. Contact

For privacy-related questions or concerns, email us at support@driftrail.com or open an issue on our GitHub repository.