Skip to main content

Privacy // Data boundary

Privacy Notice

This notice explains what information may be processed when you visit Narrative Security, request a walkthrough, or receive authorized access—and what the project deliberately does not collect.

Effective July 15, 2026
01

Scope and operator

This notice applies to narrative-security.com and communications initiated through it. Narrative Security is an independently operated proof-of-concept project. Questions about privacy or personal information can be sent to contact@narrative-security.com.

02

Information processed

The public site is designed to collect as little personal information as practical. Depending on how you interact with it, the following information may be processed:

  • Contact information and message content you choose to send by email when requesting a walkthrough or making an inquiry.
  • Basic request and security-log data produced by hosting infrastructure, such as IP address, user agent, requested path, timestamps, and security events.
  • Optional public-site usage information processed by Google Analytics after you consent, including pages viewed, approximate location, device and browser characteristics, and interactions with the demo or walkthrough links.
  • Identity and access assertions if you are granted restricted access, including email address, access status, and authentication metadata.
  • Preferences stored locally in your browser for private dashboard controls. These remain on the device unless a feature clearly states otherwise.
03

Public demonstrations and data boundary

Public demonstrations use synthetic scenarios or public-source material. They are not intended to receive personal, employer, client, production, regulated, or confidential security data. Do not submit such data through the site or by email.

The request-access link opens your email client; the site does not currently operate a public contact-form database. Your email provider and the recipient email service process that communication under their own terms.

04

How information is used

Information is used only where reasonably necessary to operate, secure, evaluate, and communicate about the project.

  • Respond to inquiries and arrange relevant technical walkthroughs.
  • Authenticate approved users and protect restricted project areas.
  • Diagnose failures, prevent abuse, investigate security events, and maintain availability.
  • Meet legal obligations and establish, exercise, or defend legal rights.
05

Cookies, local storage, and analytics

The public site offers optional Google Analytics measurement. Google Analytics does not load and no analytics data is sent to Google until you select “Accept analytics.” The site does not use Google advertising storage, advertising personalization, or advertising user-data features.

Your analytics choice is stored in your browser under a versioned first-party preference. If you consent, Google Analytics may set _ga cookies used to distinguish visits. You can change or withdraw your choice at any time through the “Analytics preferences” control in the footer; withdrawing consent stops future measurement and removes applicable Google Analytics cookies from this site where technically possible.

Restricted access may require essential authentication cookies or identity-provider tokens. Private dashboard preferences may use browser local storage, but private application routes are not measured by the public Google Analytics integration.

06

Service providers and disclosure

Infrastructure and communications providers may process limited data on the operator’s behalf, including Cloudflare for hosting, delivery, storage, access protection, and security; Google for consented public-site analytics; and email providers for correspondence. Information is not sold or rented.

Information may be disclosed when required by law, to protect rights or safety, to investigate abuse, or as part of a project or business transfer subject to appropriate safeguards.

07

Retention and safeguards

Information is retained only as long as reasonably necessary for the purpose collected, operational security, dispute resolution, and legal obligations. Inquiry correspondence may be retained while a professional relationship or evaluation remains active; security logs are retained according to provider and operational settings.

Reasonable administrative and technical safeguards are used, including access controls, restricted-route defaults, encrypted transport, and security headers. No internet system can guarantee absolute security.

08

Your choices and rights

Subject to applicable law, you may ask whether personal information is held about you and request access, correction, or deletion. You may also withdraw consent where consent is the basis for processing, subject to legal and security exceptions.

Requests should be sent from the email address concerned to contact@narrative-security.com. Identity may need to be verified before a request is completed. You may also contact the privacy regulator with jurisdiction over your location.

09

Transfers, children, and changes

Service providers may process information outside your province or country, where it may be subject to local law. The site is intended for professional audiences and is not directed to children under 16.

This notice may be updated as the project changes. Material revisions will be reflected by the effective date and, where appropriate, an additional notice.

Questions or requests

Contact us and include the name of this policy in the subject line.

contact@narrative-security.com