Privacy Policy

1. Introduction & Scope

Silent Exploit ("Company," "We," "Us") is committed to protecting the privacy of our users. This master Privacy Policy describes how we collect, use, process, store, share, and protect information across the entire Silent Exploit suite — Delivery, Exploit Builder, and Cache Loader — when you visit our website, purchase or license any of our products, create an account, use our Software, contact our support team, or otherwise interact with us.

Each product additionally maintains its own product-specific Privacy Policy (, Exploit Builder, Cache Loader); to the extent any product-specific Policy conflicts with this master Policy, the product-specific Policy controls for that product.

This Policy applies worldwide, including the EEA, the UK, California, Brazil, Canada, South Africa, Australia, and all other jurisdictions with applicable data-protection legislation.

2. Definitions

• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Processing" means any operation performed on Personal Data.
• "Data Controller" means the entity that determines the purposes and means of processing.
• "Data Processor" means the entity processing Personal Data on behalf of the Controller.
• "GDPR" means the General Data Protection Regulation (EU) 2016/679.
• "CCPA" means the California Consumer Privacy Act, as amended by the CPRA.
• "COPPA" means the Children's Online Privacy Protection Act.
• "HWID" means Hardware Identification, a unique identifier derived from hardware components.
• "User Content" means any payload content, file content, recipient data, target list, credential, agent communication, server data, or other input you supply to or generate with any local Silent Exploit Software (Exploit Builder, Cache Loader, or HTML Dropper).

3. Data Controller & Contact Information

For data we collect directly from you (Section 4), the Data Controller is Silent Exploit. For User Content processed by your local installation or self-hosted server, YOU are the independent Data Controller, and you are solely responsible for all legal obligations associated with that role.

• Telegram: @QuimaDEV
• Email: quimadev@proton.me

4. Information We Collect

4.1 Account & Purchase Information

• Username or display name;
• Email address (if provided);
• Payment transaction IDs (we do NOT store full credit card numbers, CVVs, or banking details);
• Purchase date and subscription type;
• Communication platform identifiers (Discord ID, Telegram username, XMPP address).

4.2 License & Authentication Data

• License key;
• Hardware Identification (HWID) — a hashed identifier derived from your hardware components;
• Authentication timestamps;
• IP address at the time of license authentication;
• License status (active, expired, suspended, revoked).

4.3 Technical & Usage Data

• Software version number;
• Operating system type and version;
• Anonymized error/crash reports (no User Content included);
• Aggregated, anonymous feature-usage statistics (which builder modules are used, in aggregate).

4.4 Communication Data

• Content of your messages to support;
• Communication-platform metadata (timestamps, message IDs);
• Any attachments, screenshots, or files you voluntarily share.

4.5 Website Analytics

• IP address (truncated where applicable);
• Browser type and version, device type, OS;
• Pages visited, referrer, session duration;
• This information is processed in aggregate for site improvement.

5. Information We Do NOT Collect

To preserve user privacy, the Company does NOT collect:

• The contents of any document, payload, script, or Generated Artifact you build locally;
• Any recipient list, target list, mailing list, or credential you supply to the builder;
• Any payload, command, or configuration you embed inside Generated Artifacts;
• Full credit-card numbers, CVVs, or banking credentials;
• Government-issued identification numbers (SSN, passport number, etc.);
• Biometric data;
• Health, religious, political, or sexual-orientation data;
• Browsing activity outside of our website.

6. Legal Basis for Processing (GDPR)

Where GDPR applies, we process your Personal Data on the following bases:

• Contract: Processing necessary to perform our license agreement with you (account, license, support).
• Legitimate Interests: Anti-fraud measures, license enforcement, abuse detection, security, product improvement.
• Consent: Where applicable (e.g., voluntary feedback or marketing communications).
• Legal Obligation: Compliance with applicable laws, tax, or law-enforcement requests.

7. How We Use Your Information

• To provide, maintain, and improve the Software and Service;
• To process your purchase and manage your license;
• To authenticate your installation via HWID and license key;
• To detect, prevent, and investigate abuse, fraud, license sharing, or violation of the Terms;
• To respond to support inquiries and communicate updates;
• To comply with legal obligations and respond to lawful requests from authorities.

8. Data Sharing & Disclosure

We do not sell your Personal Data. We may share information only in the following limited circumstances:

• Service Providers: Payment processors (e.g., Sell.app), license-management providers, hosting providers, and similar processors operating under contract;
• Legal Requirements: When required by law, court order, or to respond to a valid governmental request;
• Protection of Rights: To protect the rights, property, or safety of the Company, our users, or others;
• Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to appropriate confidentiality obligations.

9. Data Retention

We retain Personal Data only for as long as necessary for the purposes for which it was collected, including:

• Account & license data: for the duration of the license plus a reasonable post-termination period for tax, accounting, and dispute-resolution purposes;
• Payment records: as required by applicable financial and tax laws (typically 5–10 years);
• Communication records: typically 24 months from last contact;
• Anonymized analytics: indefinitely.

10. Data Security

We implement appropriate technical and organizational measures to protect Personal Data, including encryption in transit (TLS 1.2+), hashed credentials, restricted access, and routine security review. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security.

11. Locally-Generated Artifacts & User Content

The Silent Exploit suite consists of local-first applications. The Exploit Builder and Cache Loader builders run locally on YOUR device, and the HTML Dropper generator runs locally. All Generated Artifacts, payload content, target lists, agent communications, server data, mail bodies, credentials, and similar User Content are produced and stored on YOUR systems. The Company has no access to, copy of, or control over any User Content.

Where User Content includes Personal Data of third parties, you are the Data Controller for that data and are solely responsible for:

• Establishing a valid legal basis for processing;
• Providing required notices to the data subjects;
• Honoring data-subject rights (access, rectification, erasure, etc.);
• Implementing appropriate security and retention controls;
• Reporting any breach of that data to the appropriate authorities.

The Company is not a Data Processor with respect to such User Content and accepts no liability for it.

12. Cookies & Tracking Technologies

Our website uses minimal cookies and similar technologies, limited to: strictly necessary cookies (session management, security), preference cookies (theme, language), and aggregated analytics. We do not use cross-site advertising trackers. You may disable non-essential cookies via your browser settings.

13. International Data Transfers

Your Personal Data may be transferred to and processed in countries other than your own. Where required, we rely on appropriate transfer mechanisms (Standard Contractual Clauses, adequacy decisions) to ensure equivalent protection.

14. Your Rights Under GDPR

If you are located in the EEA or UK, you have the following rights:

• Right of Access — request a copy of your Personal Data;
• Right to Rectification — request correction of inaccurate data;
• Right to Erasure ("Right to Be Forgotten") — request deletion of your data;
• Right to Restrict Processing;
• Right to Data Portability;
• Right to Object to processing based on legitimate interests;
• Right to Withdraw Consent at any time, where processing is based on consent;
• Right to Lodge a Complaint with a supervisory authority.

To exercise any of these rights, contact us using the channels in Section 25.

15. Your Rights Under CCPA/CPRA

If you are a California resident, you have:

• The right to know what Personal Information is collected;
• The right to know whether Personal Information is sold or disclosed (we do not sell);
• The right to "say no" to the sale of Personal Information (not applicable — we do not sell);
• The right to access your Personal Information;
• The right to request deletion;
• The right to non-discrimination for exercising privacy rights.

16. Your Rights Under Other Privacy Laws

Residents of Brazil (LGPD), Canada (PIPEDA), South Africa (POPIA), Australia (Privacy Act), and other jurisdictions enjoy substantially similar rights. We will honor lawful requests in accordance with applicable local law.

17. Children's Privacy (COPPA)

The Software and Service are not directed to children under 18. We do not knowingly collect Personal Data from children under 18. If you believe we have inadvertently done so, please contact us and we will delete it.

18. Third-Party Services & Links

Our website and Service may contain links to or integrations with third-party services (e.g., payment processors, communication platforms). Those services have their own privacy policies; we are not responsible for their practices.

19. Data Breach Notification

In the event of a Personal Data breach affecting your data, we will notify affected users and the appropriate supervisory authorities without undue delay, as required by applicable law (typically within 72 hours under GDPR).

20. Do Not Track Signals

Our website does not currently respond to "Do Not Track" browser signals due to the lack of an industry-wide standard. We do, however, minimize tracking by default.

21. Automated Decision Making & Profiling

We do not engage in automated decision-making that produces legal or similarly significant effects on you. Limited automated systems are used for license enforcement and fraud detection.

22. Data Protection Officer

For data-protection-related inquiries, please contact us using the channels in Section 25 with the subject "DPO".

23. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the website or in-app notification. The "Last Updated" date at the top reflects the most recent changes. Continued use after changes constitutes acceptance.

24. Governing Law

This Privacy Policy is governed by the laws of the jurisdiction in which the Company is established, without regard to conflict of laws principles, except that local mandatory data-protection laws applicable to your residence will continue to apply where required.

25. Contact Information

• Telegram: @QuimaDEV
• Email: quimadev@proton.me

For product-specific privacy questions, please use the relevant product's contact channels (, Exploit Builder, Cache Loader). For privacy-related inquiries, please include "PRIVACY" in the subject of your message.