How we handle your data

1 Scope

This policy applies to (a) the PhantomYerra desktop application (Windows, Linux, macOS), (b) the PhantomYerra marketing website at phantomyerra.com, (c) the PhantomYerra license service, and (d) the PhantomYerra auto-updater. It does not apply to third-party scanners or frameworks the user may configure outside the product.

PhantomYerra is produced by Ravi Yerra. References to “we”, “us”, and “PhantomYerra” refer to the publisher.

2 Client scan data stays local

PhantomYerra performs security scans on the operator’s own workstation. All raw telemetry — hosts, responses, headers, payloads, captured evidence — is written to the local database in %APPDATA%/PhantomYerra/data (Windows) or ~/.config/PhantomYerra/data (Linux/macOS).

When the optional AI-agentic mode is enabled, PhantomYerra runs a reference-token substitution layer before every AI API call. Real URLs, IPs, and company names are replaced with placeholders ([TARGET_URL_1], [COMPANY_REF], etc.) before the payload leaves the machine. The mapping table never leaves the local process.

Operators running in air-gapped or maximum-privacy mode can route all AI calls to a local model (such as Ollama), at which point no network egress occurs at all.

3 What is sent off the machine

Only a minimal, enumerable set of signals are sent outside the operator’s machine by default:

• License validation — the installation code, the licensed seat count, and the version number are sent to the PhantomYerra license service over TLS to confirm the license is valid. No scan data is sent.
• Auto-updater manifest check — the running version number is read from a signed manifest at https://phantomyerra.com/updates/latest.yml. No scan data is sent.
• Anonymized AI prompts (optional) — when AI mode is enabled and the fallback is a commercial provider (Anthropic, OpenAI, Google), the anonymized prompt is sent to that provider. The operator controls the provider, or disables AI entirely.
• Contact form submissions — if you fill out the contact form on phantomyerra.com/contact, the fields you enter are stored in our lead database. This is described in Section 5.
• Crash reports (opt-in only) — PhantomYerra does not send crash reports unless the operator explicitly enables telemetry in Settings → Privacy. Crash reports, if enabled, contain stack traces, OS version, and PhantomYerra version only.

4 Telemetry and analytics

The PhantomYerra desktop application has telemetry off by default. We do not place analytics scripts that fingerprint the workstation. We do not send keystrokes, screen recordings, or clipboard contents.

The marketing website (phantomyerra.com) uses standard web-server access logs (source IP, User-Agent, path, timestamp) for security and abuse prevention. These logs are retained for 30 days and are not used to profile visitors. The site does not use third-party advertising trackers, cross-site tracking pixels, or ad cookies.

5 Contact form and lead data

When you submit the contact form on phantomyerra.com/contact, we collect:

• Name, email address, company name
• Role, team size, and inquiry type (optional dropdowns)
• The message body you typed
• The source page you came from (HTTP referrer, for attribution)
• Submission timestamp and originating IP address (for abuse prevention)

This information is stored in a local SQLite database on the web server, used solely to respond to your inquiry, and retained for 24 months for sales-history purposes. You can request deletion at any time by emailing privacy@phantomyerra.com.

Lead data is not sold, rented, shared, or provided to third parties. Anti-spam honeypots and a 2-second time-check are in place; automated submissions are silently rejected.

6 Cookies

The marketing website uses only strictly necessary cookies for session integrity on authenticated pages (the client login portal). No advertising or analytics cookies are set. The PhantomYerra desktop application does not use browser cookies.

7 Security of stored data

• Local scan data in PhantomYerra is encrypted at rest using AES-256-GCM for sensitive fields (API keys, AI credentials, license records).
• Evidence artifacts are SHA-256 hashed and optionally RFC 3161 timestamped so tampering is detectable.
• License validation traffic uses TLS 1.2+ with certificate pinning in the client.
• The web server uses HTTPS exclusively (HTTP is 301 redirected to HTTPS). Certificates auto-renew via Let’s Encrypt on a 60-day cycle.

8 Your rights

If you are in the EU, UK, California, or another jurisdiction with statutory privacy rights, you may:

• Access the data we hold about you — request a copy.
• Correct inaccurate data.
• Delete your data (subject to any legal retention obligations we are under).
• Port your data to another service.
• Object to processing you have not consented to.
• Withdraw consent you previously gave for optional telemetry.

Send requests to privacy@phantomyerra.com. We respond within 30 days.

9 International transfers

The PhantomYerra license service and marketing site are hosted in AWS us-east-1 (Northern Virginia, USA). If you are outside the United States, your lead-capture data will be transferred to and stored in the USA. Where required (EU, UK), transfers rely on Standard Contractual Clauses and additional technical safeguards (TLS 1.2+, encrypted at rest).

10 Children

PhantomYerra is not directed to users under 16. We do not knowingly collect data from minors. If a parent or guardian believes we have inadvertently collected such data, please contact privacy@phantomyerra.com and we will delete it.

11 Changes to this policy

Material changes are announced on the marketing site and reflected in the Effective date above. Continued use of the product after a change constitutes acceptance. You can review the commit history of this page in our public repository if you want to see what changed.

12 Contact

Privacy: privacy@phantomyerra.com
Security issues: security@phantomyerra.com — see our security policy.
General: phantomyerra.com/contact