Last updated: July 3, 2026
This policy explains how PoCcraft ("we," "us") handles information when you use our
vulnerability report generator and related services. We collect only what we need to run
the tool and optional cloud saves.
What we collect
- Report content. Finding details you enter in the generator — titles, PoC steps, CVSS metrics, and exported report text. Drafts are stored locally in your browser unless you choose to save to the cloud.
- Account information. If you create an account: email, display name, and bcrypt-hashed password. Used for authentication and encrypted cloud report storage.
- Payment information. The core generator is free. If we introduce paid features, payments will be handled by a payment processor — we would not store full card details.
- Basic usage data. Through analytics, we may collect aggregate information such as pages visited, general location (country/region), and device type to improve the service.
Why we collect it
- To run the report generator. Your inputs power live preview, CVSS calculation, and export.
- To save encrypted reports. Optional cloud saves use AES-256-GCM encryption server-side, tied to your account.
- To improve the tool using aggregate analytics.
Local drafts vs cloud saves
Without an account, drafts persist in your browser via localStorage on your device.
With an account, you can save named reports encrypted in our database. You control what
you save and can delete cloud reports at any time.
How your data is stored
Data is transmitted over an encrypted connection (HTTPS) and stored with reputable service
providers. We keep information only as long as we need it to provide the service and meet legal
or accounting obligations, then delete or anonymize it. We limit who can access your data to
what's necessary to run PoCcraft.
Third parties we use
We rely on a few trusted providers to run the service. Each only receives the data it needs:
- MailerLite (email service provider) — to send your results link and any tips you opt into.
- Stripe (payment processor) — to securely handle payments for paid products. Your card details are managed by Stripe under its own privacy and security terms.
- Google Analytics (Google LLC) — to measure aggregate site usage and improve the tool. Google may process IP addresses and set cookies. See Google's Privacy Policy. You can opt out with the Google Analytics Opt-out Browser Add-on.
We do not sell, rent, or trade your personal information to anyone. Full stop.
Your rights and choices
You're in control of your information. At any time you can:
- Ask what data we hold about you and request a copy.
- Ask us to correct or delete your data.
- Unsubscribe from emails using the link in any message.
- Ask questions about how your data is handled.
To make any of these requests, email us at
hello@poccraft.com and we'll take care of it.
Children's privacy
PoCcraft is intended for security professionals and is not directed at children.
Changes to this policy
If we make meaningful changes, we'll update this page and the "last updated" date above. If the
changes are significant, we'll do our best to let you know directly where we can.
Contact
Questions about privacy? Email
hello@poccraft.com — a real person
will get back to you.