Security
How we protect your data.
Sandboxed Scanning
Container Isolation
URL scans execute inside Docker containers running Playwright. Each scan gets a fresh browser instance with no cookies, cache, or history from previous scans. The container runs as a non-root user (pwuser), limiting the impact of any potential exploit.
Network Restrictions
The scanner validates URLs before processing and blocks requests to internal or private IP ranges, preventing SSRF attacks. Scans cannot access internal networks, localhost, or link-local addresses.
No Shared Execution
Scanner instances handle requests independently. There is no shared memory or state between scans. When a scan completes, the browser context is destroyed immediately. Containers themselves are ephemeral and recycled by the orchestration platform.
Data Minimization
What We Process
SneakyIntel enriches publicly observable indicators of compromise: URLs, domains, IP addresses, and file hashes. We query public threat intelligence sources and render pages in sandboxed browsers to capture observable behavior.
What We Store
| Data Type | Stored | Retention |
|---|---|---|
| Account info (name, email) | Yes | Until account deletion |
| IOCs submitted for lookup | Yes | Up to 90 days (tier-dependent) |
| Scan screenshots and artifacts | Yes | Up to 90 days (tier-dependent) |
| Audit logs | Yes | 1 year |
| Customer PII or internal data | No | N/A |
| Cross-customer aggregated data | No | N/A |
What We Don't Do
- We don't ingest customer-internal data (your SIEM logs, internal hosts, private networks)
- We don't build cross-customer profiles or shared threat databases from your lookups
- We don't use your data to train models (see our AI Security page)
- We don't sell or share your data with third parties for marketing
Authentication
Passwordless Login
Magic-link authentication via email. No passwords to steal or phish.
API Keys
API keys use a sk_ prefix format. Keys are hashed before storage and can be revoked at any time.
Our Approach
SneakyIntel was built by security practitioners who've spent years working in SOCs and incident response. We build the tools we wished we had.