Privacy Policy
CyberSouth Compass
Effective Date: May 5, 2026
Last Updated: May 5, 2026
CyberSouth LLC ("CyberSouth," "we," "us," or "our"), a Mississippi limited liability company, operates the CyberSouth Compass mobile application (the "App"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.
By using the App, you agree to the practices described in this policy.
1. Information We Collect
We designed CyberSouth Compass to collect as little personal information as possible.
Information collected automatically:
Anonymous Device Identifier: When you first open the App, we generate a random identifier (a UUID) and store it on your device. This identifier is sent with API requests so we can apply rate limits and prevent abuse. It is not linked to your name, email, Apple ID, or any other personal information.
Tool Inputs: When you use a network tool (such as DNS Lookup, WHOIS, Port Scanner, or SSL Checker), the domain names, IP addresses, hostnames, and ports you enter are sent to our servers to perform the requested operation. We do not intentionally store these inputs beyond what is necessary to process the request. Any transient processing data is not retained.
Information we do NOT collect:
Your name, email address, phone number, or mailing address
Your precise or approximate location
Your contacts, photos, files, or microphone data
Advertising identifiers (IDFA)
Analytics, behavioral, or tracking data
Payment information (handled entirely by Apple)
2. Legal Basis for Processing
Processing of any limited information described above is based on our legitimate interest in providing the functionality of the App, preventing abuse of our services, and maintaining the security and reliability of our infrastructure.
3. Data Stored on Your Device
The App stores the following on your device only:
The anonymous device identifier described above
Your Pro subscription status (a true/false flag)
A short-term cache of threat intelligence data (10-minute expiration) so the App works briefly offline
You can clear all of this by deleting the App from your device.
4. Third-Party Services
To deliver threat intelligence and network diagnostic features, our backend forwards anonymous requests to the following public services. None of these services receive any personally identifying information from us — only the technical query needed to fulfill your request (for example, a CVE search keyword or a domain name).
NIST National Vulnerability Database (services.nvd.nist.gov)
Purpose: CVE vulnerability lookup
Data Sent: Search keywords, severity filter, date range
HaveIBeenPwned (haveibeenpwned.com)
Purpose: Data breach disclosures
Data Sent: None — we fetch the public breach list
Ransomware.live (api.ransomware.live)
Purpose: Ransomware victim tracking
Data Sent: Date range only
FIRST.org EPSS (api.first.org)
Purpose: Exploit prediction scores
Data Sent: CVE identifiers being viewed
Purpose: Software end-of-life data
Data Sent: Product names
Purpose: WHOIS lookups
Data Sent: Domain you entered
Spamhaus, SpamCop, SORBS, Barracuda, UCEPROTECT
Purpose: DNS blacklist checks
Data Sent: IP address you entered
BleepingComputer, The Hacker News, Dark Reading, NCSC UK, NIST, SANS ISC, Sophos
Purpose: Cybersecurity news feeds
Data Sent: None — we fetch the public RSS feeds
These services have their own privacy policies, which we encourage you to review.
5. In-App Purchases
Subscription purchases are processed entirely by Apple through the App Store. We never see, receive, or store your payment information, billing address, or Apple ID. We only receive a confirmation that a valid subscription is active. Apple's Privacy Policy applies to those transactions: https://www.apple.com/legal/privacy/
6. Children's Privacy
CyberSouth Compass is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with information, please contact us at the address below and we will take appropriate action.
7. Data Retention
The anonymous device identifier is generated locally and is not retained on our servers beyond the duration of an active request.
Tool inputs are not intentionally stored after the request completes.
Cached threat intelligence data on your device automatically expires after 10 minutes.
8. Security
We transmit all data between the App and our servers using industry-standard TLS encryption (HTTPS). However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
9. International Users
Our services are operated in the United States. If you access the App from outside the United States, your information may be processed and stored in the United States, which may have data protection laws different from those of your country. By using the App, you consent to such transfer and processing.
10. Your Rights
Because we do not collect personally identifying information, traditional data subject rights (access, deletion, correction) generally do not apply — there is no personal account or profile to access. If you wish to discontinue use, simply delete the App from your device.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top will reflect any changes. Material changes will be communicated through an in-app notice or update notes.
12. Contact Us
If you have questions about this Privacy Policy or our practices, contact us at:
CyberSouth LLC
Email: bskinner@thecybersouth.com