PcapHub

Privacy Policy

Effective date: March 2026

Overview

PcapHub is a platform for storing, searching, and sharing packet capture (PCAP) files. This policy explains what data we collect, how we use it, and your rights regarding that data. We believe in being straightforward. No legalese walls, just clear information.

What We Collect

Account Information

When you register, we collect:

  • Email address
  • Username
  • Password (stored as a bcrypt hash . We never store your actual password)

Uploaded Files

You may upload PCAP files and related metadata (titles, descriptions, tags). These files can contain captured network traffic, which may include sensitive information such as credentials, email content, private keys, or personally identifiable information (PII).

Automatically Collected Data

  • IP addresses. Used for rate limiting, brute-force protection, and activity logging
  • Browser user-agent strings. Recorded alongside activity events for security context
  • Account activity logs. We record key actions you take on the platform, including: logins and logouts, PCAP uploads and downloads, capture edits and deletions, comments, API key creation and revocation, and account/profile changes. Each event includes a timestamp, IP address, and where relevant, the resource involved (e.g. which capture was downloaded). These logs are retained for 90 days and then automatically deleted.

How We Use Your Data

We use your data to:

  • Provide and operate the PcapHub service
  • Authenticate you and manage your account
  • Protect against abuse, brute-force attacks, and unauthorized access
  • Enforce our Terms of Service
  • Improve the platform and fix issues

We do not sell your data. We do not use your data for advertising. We do not build advertising profiles.

PCAP Files and PII

PCAP files can contain sensitive network traffic data. As the uploader, you are responsible for the content of your captures. PcapHub provides a best-effort PII detection feature that scans for patterns such as email addresses, IP addresses, credit card numbers, and other identifiable data. However, this is an assistive tool, not a guarantee. It may miss certain types of PII and should not be relied upon as your sole safeguard.

Before sharing any capture publicly or with others, review the contents and consider whether it contains information that should remain private.

Automated Threat Scanning

Every uploaded PCAP file is automatically scanned against Suricata IDS rules (currently 49,000+ ET Open signatures) to detect known malicious traffic patterns. Scan results, including any triggered alerts, are stored alongside the capture and visible to the uploader and anyone with access to the capture. This scanning is performed locally on our infrastructure and no capture data is sent to third parties for analysis.

Cookies

We use strictly functional cookies. No analytics cookies, no tracking cookies, no third-party advertising cookies. Specifically:

  • Authentication cookie (httpOnly, Secure, SameSite) containing a refresh token used to keep you signed in. Expires after 7 days of inactivity.
  • Local storage is used for non-sensitive UI preferences only (e.g. packet viewer column widths). No personal data is stored in local storage.

Third-Party Services

  • Gravatar. We generate an MD5 hash of your email address and send it to Gravatar (gravatar.com) to retrieve your avatar image. This is an industry-standard practice. Gravatar's privacy policy applies to their handling of that hash.
  • Cloudflare R2 . Uploaded files may be stored using Cloudflare R2 object storage. Cloudflare acts as a data processor under their terms of service.

Data Retention

  • Account data is retained for as long as your account exists
  • PCAP files are retained until you delete them or delete your account
  • Activity logs (logins, downloads, uploads, etc.) are retained for 90 days and then automatically purged
  • Login attempt records used for brute-force protection are retained for 24 hours
  • When you delete your account, your data (including all uploaded files and activity logs) is permanently removed

Your Rights

You have the right to:

  • Access your activity . View your account activity log (logins, downloads, uploads, and more) directly in Settings → Activity
  • Export your data . Download a copy of your profile, captures metadata, and activity through Settings → Your Data
  • Deletion . Delete your account and all associated data at any time from Settings → Danger Zone
  • Correction . Update your account information through your profile settings

For anything not available through self-service, email us at [email protected].

Security

We take security seriously and implement the following measures:

  • All data in transit is encrypted via TLS
  • Passwords are hashed using bcrypt
  • Authentication uses short-lived JWTs with httpOnly cookie fallback for XSS protection
  • Rate limiting and brute-force protection on login endpoints
  • IP-based and account-based lockout for repeated failed login attempts

No system is perfectly secure. While we work to protect your data, we cannot guarantee absolute security. We enforce a minimum password length of 12 characters and block commonly used passwords. We encourage you to use a long, unique passphrase for best protection.

In the event of a security incident that affects your personal data, we will notify affected users via email within 72 hours of confirming the breach, and will provide details on what data was affected and what steps you should take.

Abuse Reporting

If you believe a capture contains illegally intercepted communications, violates your intellectual property rights, or otherwise breaches our Terms of Service, you can report it using the Report button on any capture page, or by contacting us at [email protected].

We take all reports seriously and will review them in accordance with our content moderation policies. See our Terms of Service for details on our reporting and takedown procedures.

Children

PcapHub is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to This Policy

We may update this privacy policy from time to time. When we do, we will revise the "Effective date" at the top of this page. We encourage you to review this policy periodically. Continued use of PcapHub after changes constitutes acceptance of the updated policy.

Contact

Questions or concerns about this privacy policy? Reach out to us at [email protected].