Privacy Policy
Last updated: November 1, 2025
Overview
N0CK is designed with privacy as a core principle. This policy explains what data N0CK collects, how it's used, and how it's protected.
N0CK operates as a local-first tool. Your scan data remains under your control.
Data Collection
Scan Configuration
Scope definitions, rate limits, and test parameters are stored locally on your system.
Findings & Evidence
All vulnerability findings and supporting evidence are redacted and stored locally. No findings are transmitted to N0CK's servers unless you explicitly configure cloud sync.
Telemetry (Optional)
If enabled, N0CK collects anonymous usage statistics: feature usage, error rates, scan durations. No target URLs or finding details are included.
Data Usage
- • Scan data is used only to generate reports for your review
- • Anonymous telemetry (if enabled) improves N0CK's reliability and feature set
- • No data is sold to third parties
- • No personally identifiable information (PII) is collected without consent
Third-Party Services
N0CK may interact with third-party services if you configure them:
- • LLM APIs: If AI features are enabled, request data may be sent to OpenAI, Anthropic, or similar providers per their privacy policies.
- • OAST endpoints: If configured, out-of-band payloads may interact with your chosen OAST service.
- • Webhooks: Findings sent to webhooks are your responsibility to secure.
Data Security
N0CK implements industry-standard security practices:
- • Evidence redaction before storage
- • Encrypted storage for sensitive configuration
- • No hardcoded secrets or credentials
- • Regular security audits of N0CK's codebase
Your Rights
You have the right to:
- • Access your scan data at any time
- • Delete your scan data and configuration
- • Opt out of telemetry collection
- • Request data portability (export in JSON format)
Contact
Questions about this privacy policy? Contact us at contact@n0ck.wtf