← Back

Privacy Policy

Last updated: April 4, 2026

Who we are

This website is operated by YogaSec. If you have questions about this policy, you can contact us at yogasec@googlegroups.com.

What data we collect

We do not collect, store, or process any personal data directly. This website does not use analytics, contact forms, or user accounts.

Third-party services

Our Podcasts page embeds a Spotify player. When you consent to load this player, Spotify may set cookies and collect data according to their own privacy policy. This includes information such as your IP address, browser type, and listening behavior.

Spotify is a US-based service. When you consent, your IP address and browser information are transferred to the United States.

You can review Spotify's privacy policy at spotify.com/privacy.

Our News page embeds LinkedIn posts. When you consent to load this content, LinkedIn may set cookies and collect data (including your IP address, browser type, and interaction data) according to their own privacy policy. LinkedIn embeds do not respond to Do Not Track signals.

LinkedIn is a US-based service. When you consent, your IP address and browser information are transferred to the United States.

You can review LinkedIn's privacy policy at linkedin.com/legal/privacy-policy.

Our News page loads article headlines from a Google Alerts RSS feed via Rss2Json (rss2json.com), a feed conversion service. This content is loaded only after you give explicit consent. Rss2Json is a US-based service; when loaded, your IP address and browser information are transferred to the United States. Rss2Json does not set cookies on your device.

You can review Rss2Json's privacy policy at rss2json.com/privacy.

Our Tools page includes CyberChef, an open-source data analysis tool originally developed by GCHQ. Unlike the embeds above, CyberChef is self-hosted— its files are served directly from yogasec.com and no data is transmitted to any external server. All operations run entirely in your browser. CyberChef may store your preferences (such as theme) in your browser's local storage. This data never leaves your device. CyberChef does not set any cookies.

Our Tools page also includes the MITRE ATT&CK Navigator, an open-source tool for exploring and annotating ATT&CK matrices (Apache 2.0 license). The Navigator application itself is self-hosted on yogasec.com. However, the Navigator fetches ATT&CK data (STIX bundles) from GitHub (raw.githubusercontent.com) when it loads. No personal data is included in these requests. The Navigator may store your layer configurations and preferences in your browser's local storage. This data never leaves your device. The Navigator does not set any cookies.

Cookies

This site does not set any first-party cookies. The only cookies that may be set come from embedded Spotify and LinkedIn content, which are third-party services loaded only after you give explicit consent, either through the cookie banner or by clicking the placeholder on the relevant page. Rss2Json, also loaded on consent, does not set cookies on your device.

Your consent preference is stored in your browser's local storage (not as a cookie) so we can remember your choice across visits. The self-hosted CyberChef and ATT&CK Navigator tools also use local storage to save your preferences and configurations. Neither of these local storage entries are accessible to third parties or transmitted anywhere. You can clear them at any time by clearing your browser's local storage for this site.

Your rights (GDPR & Law 09-08)

If you are in the European Economic Area or Morocco, you have the right to:

  • Be informed about the processing of your personal data
  • Access any personal data held about you
  • Request rectification of inaccurate personal data
  • Request erasure of your personal data
  • Object to or oppose processing of your personal data
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

Since we do not collect personal data directly, these rights primarily apply to the third-party Spotify, LinkedIn, and Rss2Json services. To exercise rights related to data collected by these services, please refer to their respective privacy policies linked above.

Moroccan Law 09-08

This website is accessible in Morocco and we acknowledge the applicability of Law 09-08 on the Protection of Individuals with Regard to the Processing of Personal Data, supervised by the Commission Nationale de contrôle de la protection des Données à caractère Personnel (CNDP).

Under Law 09-08, you have the right to information (Art. 6), access (Art. 7), rectification (Art. 8), and opposition (Art. 9) regarding any personal data that concerns you.

Regarding international data transfers (Art. 43): the three third-party services used on this site — Spotify, LinkedIn, and Rss2Json — are based in the United States, a jurisdiction that has not received an adequacy determination under Law 09-08. Transfers of your personal data (IP address and browser information) to these services occur only upon your explicit informed consent, provided through the cookie consent banner or the content placeholder on the relevant page.

To contact the CNDP or lodge a complaint, visit cndp.ma.

Please note that as a data controller, the site operator may be subject to declaration obligations with the CNDP for certain processing activities. This is an administrative obligation independent of the technical measures described in this policy.

Changes to this policy

We may update this policy from time to time. Any changes will be reflected on this page with an updated date.