top of page

Mad Hat Recon

Privacy Policy

A legal disclaimer

Mad Hat Recon (“we”, “our”, “us”) provides OSINT investigations, pre‑security assessments, and digital risk intelligence services to small businesses and individuals. We are committed to protecting your privacy and handling your personal information responsibly, transparently, and in compliance with applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA).
This Privacy Policy explains what information we collect, how we use it, how we protect it, and the choices you have regarding your data.

Information we collect

We collect information in three main categories:
A. Information You Provide Directly
•     Contact details such as name, email address, phone number, and business information
•     Service‑related details you submit through forms, consultations, or onboarding
•     Payment information (processed securely through third‑party payment providers; we do not store full credit card numbers)
B. Information Collected Automatically
When you visit our website, we may collect:
•     IP address and general geolocation
•     Browser type, device information, and operating system
•     Pages viewed, time spent on the site, and referring URLs
•     Cookies or similar technologies for analytics and site functionality
We do not use cookies for advertising or tracking across third‑party sites.
C. Information Collected During OSINT or Security Assessments
As part of our services, we may collect publicly available information or data you authorize us to access. This may include:
•     Public social media content
•     Domain, infrastructure, or exposure data
•     Breach‑related information
•     Business‑related digital footprint details
We only collect information necessary to fulfill the scope of work agreed upon with you.

How we use your information

We use personal information for the following purposes:
•     To provide, deliver, and improve our services
•     To communicate with you about assessments, reports, or inquiries
•     To personalize your experience on our website
•     To maintain security, detect misuse, and prevent fraud
•     To comply with legal obligations or respond to lawful requests
•     To maintain internal records, analytics, and business operations
We do not sell, rent, or trade your personal information.

Legal Basis for Processing (PIPEDA)

Under PIPEDA, we collect and use personal information only for purposes a reasonable person would consider appropriate in the circumstances. We rely on:
•     Your consent (express or implied)
•     Contractual necessity when delivering services
•     Legitimate business interests such as security and fraud prevention
•     Legal compliance when required
You may withdraw consent at any time, subject to legal or contractual restrictions.

How we Protect your Information

We use administrative, technical, and physical safeguards to protect your data, including:
•     Encrypted storage and secure transmission
•     Access controls and authentication
•     Segmented environments for sensitive data
•     Regular security reviews and best‑practice cybersecurity measures
While no system is perfectly secure, we take reasonable steps to reduce risk and protect your information.

Sharing your Information

We may share information only in the following situations:
•     Service providers who assist with hosting, analytics, payment processing, or secure storage
•     Law enforcement or regulatory bodies when legally required
•     With your explicit consent, when collaborating with partners or subcontractors for specialized assessments
All third‑party providers are required to maintain confidentiality and follow strong security practices.

Data Retention

We retain personal information only as long as necessary to:
•     Provide services
•     Meet legal and regulatory requirements
•     Resolve disputes
•     Maintain business records
OSINT‑related data collected during engagements is retained only for the duration specified in your service agreement, then securely deleted.

Your Rights

Under Canadian privacy law, you have the right to:
•     Access the personal information we hold about you
•     Request corrections to inaccurate or incomplete information
•     Withdraw consent for non‑essential processing
•     Request deletion of your information where applicable
•     Ask how your data has been used or shared
To exercise these rights, contact us using the information below.

International Data Transfers

If any service providers or tools store data outside Canada, we ensure they follow comparable privacy protections. By using our services, you consent to such transfers where necessary.

Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices or content of those websites.

Children's Privacy

Our services are not intended for individuals under 16. We do not knowingly collect personal information from minors.

Updates to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Continued use of our website or services indicates acceptance of the revised policy.

bottom of page