Privacy Policy

Last updated: March 2026

Default Creds is a free, open-source tool for security researchers and pentesters. This page explains what data is collected when you use this site and why.

What we collect

This site uses Umami, a privacy-focused analytics tool. Umami collects the following anonymized data:

• Pages visited
• Referrer URL (where you came from)
• Browser and operating system (aggregated)
• Country (derived from IP, not stored)
• Search queries submitted through the search interface

What we do NOT collect

• No cookies are set — ever
• No IP addresses are stored
• No personal information of any kind
• No cross-site tracking
• No data is sold or shared with third parties

How anonymization works

Umami does not store IP addresses. Instead, it generates a daily rotating hash from your IP, browser, and a server-side secret. This hash is used solely to distinguish unique visits within a single day and cannot be reversed or linked back to you.

Data storage

All analytics data is stored on our own self-hosted server. No data is sent to third-party analytics providers. The Umami instance is hosted at umami.hadi.icu.

Your rights

Since no personal data is collected, there is nothing to access, correct, or delete. If you still have concerns, you can reach out via the contact in our security.txt.

Do Not Track

Umami respects the DNT (Do Not Track) header. If your browser has DNT enabled, no client-side analytics will be collected for your session.

However, when a search is performed, the query and whether it returned results are logged server-side, with no user information attached (no IP, no browser, no session identifier). This is used solely to identify missing manufacturers or products in the database and improve the dataset.

Changes to this policy

If anything changes, this page will be updated with a new date at the top.