මලින්ද්‍ර
> LEGAL

Privacy Policy

Last updated: April 2026

1. Overview

Malindra (malindra.com) is a public knowledge base covering signals intelligence (SIGINT), electromagnetic side-channel analysis (EM-SCA), and hardware security research. This policy explains what data we collect, why, and how it is used. We collect the minimum necessary to operate the site.

2. Information We Collect

Account data (if you register):email address, username, and a hashed password. If you sign in with Google, we receive your name, email address, and Google profile picture URL from Google's OAuth service. We do not store your Google password.

Usage data: pages visited, referrer, browser type, and IP address for security and analytics purposes. This data is stored server-side and not sold or shared with third parties.

Session data: an authentication token stored in an HTTPOnly cookie to keep you logged in. This cookie is not accessible to JavaScript and is cleared when you sign out.

3. How We Use Your Data

  • To create and manage your account
  • To authenticate you on subsequent visits
  • To send transactional emails (password reset) if you request them
  • To detect and prevent abuse, spam, and security incidents
  • To understand aggregate traffic patterns and improve the site

We do not sell your data. We do not use your data for advertising.

4. Google OAuth

When you choose "Continue with Google", you are redirected to Google's authentication servers. We request only the openid, email, and profile scopes. This gives us your name, email address, and profile picture. We do not request access to your Gmail, Google Drive, or any other Google service.

Google's use of information received from this application is governed by the Google Privacy Policy. For information on how Google handles OAuth data, see Google API Services User Data Policy.

5. Data Retention

Account data is retained until you delete your account. You can request deletion by emailing the contact address below. Session tokens expire after 7 days of inactivity. Server logs are retained for up to 90 days.

6. Cookies

We use one first-party HTTPOnly cookie for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required because we do not set non-essential cookies.

7. Third-Party Services

The site is hosted on a private server in the EU. We do not use third-party analytics platforms (e.g. Google Analytics), advertising networks, or data brokers. The only third-party service involved in account creation is Google OAuth, described in Section 4.

8. Your Rights

You may at any time:

  • Request a copy of the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Revoke Google OAuth access via your Google Account settings

9. Contact

For privacy requests or questions, contact: info@malindra.lk