1. Who We Are
Threat Manifest is a cybersecurity and GRC (governance, risk, and compliance) publication operated from Bangladesh. This Privacy Policy explains how we collect, use, and protect your personal information when you visit threatmanifest.com.
If you have questions about this policy, contact us at: contact@threatmanifest.com
2. What Information We Collect
Information You Provide
- Newsletter signup: Your email address when you subscribe to either the Professional or General Security newsletter track.
- Consulting enquiry: Your name, email address, and any details you include in an enquiry message submitted via the consulting contact form.
Information Collected Automatically
When you visit this site, the following data is collected automatically through third-party tools:
- IP address (anonymised or truncated by analytics tools)
- Browser type and version
- Operating system
- Pages visited and time spent
- Referral source (how you arrived at the site)
- Device type (desktop, mobile, tablet)
- Click interactions and scroll depth (via Microsoft Clarity)
3. How We Use Your Information
| Data | Purpose |
|---|---|
| Email address (newsletter) | Sending the newsletter track you subscribed to — Professional GRC or General Security. No cross-track mixing. |
| Email address + name (consulting) | Responding to your consulting enquiry. No marketing without consent. |
| Analytics data (GA4, Clarity) | Understanding which content is useful, improving site structure and performance. |
4. Analytics and Tracking Tools
Google Analytics 4 (GA4)
We use Google Analytics 4 to measure traffic and content performance. GA4 collects anonymised data about your visit including pages viewed, session duration, and approximate location. Google Analytics sets cookies on your browser. You can opt out via the Google Analytics Opt-Out Browser Add-On. For more information, see Google's Privacy Policy.
Microsoft Clarity
We use Microsoft Clarity to understand how visitors interact with the site — including heatmaps, click patterns, and session recordings. Clarity may record mouse movements, clicks, and scrolling behaviour. No personally identifiable information is captured through Clarity session recordings. For more information, see Microsoft's Privacy Policy.
5. Cookies
This site uses cookies set by Google Analytics and Microsoft Clarity. These are analytics and performance cookies — they do not track you across unrelated websites for advertising purposes.
| Cookie | Set by | Purpose | Duration |
|---|---|---|---|
_ga | Google Analytics | Distinguishes unique users | 2 years |
_ga_* | Google Analytics | Session data | 2 years |
_clck | Microsoft Clarity | Persists Clarity user ID | 1 year |
_clsk | Microsoft Clarity | Session data | 1 day |
You can control or disable cookies through your browser settings. Disabling cookies may affect how some features of this site function.
6. Affiliate Links
Some articles on this site contain affiliate links — primarily for tools such as password managers and VPN services. If you click an affiliate link and make a purchase, Threat Manifest may earn a small commission at no additional cost to you.
We only recommend tools and services that have been independently evaluated. Affiliate relationships do not influence editorial content or ratings.
We do not share your personal data with affiliate partners. Affiliate tracking is handled by cookies set by the respective affiliate programmes (e.g. Bitwarden, Malwarebytes). These cookies are set only when you click an affiliate link.
See our full Affiliate Disclosure for details.
7. Third-Party Services
| Service | Purpose | Privacy Policy |
|---|---|---|
| Sanity | Content management system (cloud-hosted) | sanity.io/privacy |
| Google Analytics | Website analytics | policies.google.com/privacy |
| Microsoft Clarity | Heatmaps and session recording | privacy.microsoft.com |
| Lemon Squeezy | Payment processing for digital products | lemonsqueezy.com/privacy |
| Vercel | Website hosting | vercel.com/legal/privacy-policy |
Sanity is used exclusively for content delivery. No visitor personal data is stored in or processed by Sanity.
Lemon Squeezy acts as the merchant of record for any digital product purchases. When you purchase a product, your payment information is handled entirely by Lemon Squeezy — we do not receive or store your card details.
8. Email Newsletter
If you subscribe to our newsletter, your email address is stored and processed by our email service provider. You will only receive the newsletter track you signed up for:
- Track 01 — Professional: GRC and compliance content for financial institution professionals.
- Track 02 — General: Practical security guides for everyday users.
You can unsubscribe at any time using the link included in every email. After unsubscribing, your email address will be removed from active mailing lists within 10 business days.
9. Data Retention
| Data | Retention Period |
|---|---|
| Newsletter email address | Until you unsubscribe |
| Consulting enquiry (email + message) | Up to 2 years after last contact |
| Analytics data (GA4) | 14 months (GA4 default retention) |
| Clarity session data | 30 days (Clarity default) |
10. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your data.
- Withdrawal of consent: Withdraw consent at any time (e.g. unsubscribe from newsletter).
- Objection: Object to the processing of your data for analytics purposes.
To exercise any of these rights, contact us at contact@threatmanifest.com. We will respond within 30 days.
11. Children's Privacy
This site is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has submitted personal data to us, contact us and we will delete it promptly.
12. External Links
This site links to external websites including framework documentation, tool vendor pages, and reference sources. We are not responsible for the privacy practices of any external site. Review the privacy policy of any third-party site before providing personal information.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The effective date at the top of this page will reflect the most recent update. Continued use of the site after a policy update constitutes acceptance of the revised policy. For material changes, we will note the update visibly on this page.
14. Contact
This policy applies to the website threatmanifest.com only. It does not apply to any third-party sites linked from this site.