Security & Compliance

Security, Privacy, and Data Governance Statement

This statement documents how Squawk Lab governs website data, optional telemetry, and legal/privacy requests. Our operating model is data minimization, explicit user control, and security-first implementation.

Squawk Lab applies a security-first governance model: telemetry is opt-in, data collection is minimized, retention is bounded, and operational controls prioritize integrity and resilience. We do not run ad-tech profiling or sell personal data. Processing follows GDPR-aligned lawful basis with a documented rights channel through privacy@squawklab.com.

1. Controller and Processing Scope

Controller: Squawk Lab, LLC. Scope: the public website at squawklab.com and associated delivery, security, and reliability infrastructure.

2. Data Footprint

• Essential technical logs for service availability, abuse prevention, and incident response (request metadata, timestamp, status code, user-agent, and IP-derived routing context).
• Optional analytics telemetry for aggregate traffic and performance intelligence (Vercel Analytics).
• Analytics may include coarse geolocation and device/browser class for aggregate reporting.
• No ad-tech profiling, no sale of personal data, and no cross-site behavioral tracking.

3. Cookie and Telemetry Controls

• Essential runtime components may execute for security and platform integrity.
• Optional analytics is disabled by default and activates only after explicit opt-in.
• Consent can be reviewed and updated at any time using the control below.

Open Cookie Controls

4. Lawful Basis (GDPR-Aligned)

• Consent: optional analytics processing.
• Legitimate interests: service reliability, security logging, and abuse prevention.
• Legal compliance: records required by applicable law.

5. Retention Windows

• Security and operational logs are retained only for bounded periods tied to validated operational or legal necessity.
• Analytics aggregates follow provider retention policy and internal minimization standards.
• Data is deleted or de-identified when no longer required for declared purposes.

6. Data Subject Rights

Subject to applicable jurisdiction and legal limits, you may request access, correction, deletion, portability, and objection/restriction of processing.

7. Security Posture

• TLS in transit, encrypted infrastructure primitives, and role-restricted operational access (least-privilege model).
• Edge hardening controls and security headers are enforced where platform capability is available.
• Control objective: reduce attack surface and preserve service integrity under expected threat conditions.

8. Website Terms

• Content is provided "as is" without guarantee of uninterrupted availability.
• Unauthorized scraping, abuse, or interference with operations is prohibited.
• External links may direct to independent services governed by their own terms and privacy policies.

9. Legal and Privacy Contact

For legal and privacy requests: privacy@squawklab.com
Corporate website: squawklab.com

Last updated: March 22, 2026