ZTZT.dev - Privacy Policy

Privacy Policy

At ZTZT.dev, we are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and ePrivacy Directive. This policy outlines how we process data and use technical cookies to ensure secure browsing.

Data Collection and Processing

ZTZT.dev collects minimal data necessary for secure operation of our cybersecurity proof of concept. We may process:

• IP Addresses: Temporarily logged for security purposes (e.g., detecting malicious activity), retained for no longer than necessary.
• Session Data: Stored in a technical cookie (__Host-PHPSESSID) to maintain secure browsing sessions.

No personal data is used for tracking, profiling, or marketing purposes.

Technical Cookies

We use a single technical cookie, __Host-PHPSESSID, which is strictly necessary for:

• Content Security Policy (CSP) nonce management to prevent Cross-Site Scripting (XSS) attacks.
• Cross-Site Request Forgery (CSRF) protection for form submissions.

This cookie is exempt from consent under GDPR and ePrivacy Directive, as it is essential for delivering the secure browsing experience you requested. It is configured with:

• Secure: Transmitted only over HTTPS.
• HttpOnly: Inaccessible to JavaScript.
• SameSite=Strict: Restricted to same-site requests.
• __Host- prefix: Ensures same-origin usage.
• 30-minute lifetime: Minimizes exposure.

No other cookies or tracking technologies are used.

Your Rights

Under GDPR, you have rights to access, rectify, erase, restrict, or object to data processing. As ZTZT.dev collects minimal data, these rights apply to IP logs or session data. Contact us at privacy@ztzt.dev to exercise your rights.

Contact Us

For questions about this policy, contact Santosh Pandit at privacy@ztzt.dev or via LinkedIn.