This is the privacy policy of Maze AI Limited (t/a Maze) ("Maze", "we", "us" or "our") for The Exploit, our cybersecurity satire publication. It explains who we are, why and how we process your personal information (also referred to as personal data) when you visit our website at theexploit.co ("Site"), subscribe to our newsletter, submit content, and your rights and how to contact us if you need to.
Our contact details are set out at the end of this policy (see the 'How to contact us?' section). We are the controller in relation to the personal data processed in accordance with this policy (except where this policy explains otherwise) – this means we make decisions about why and how your personal information is being processed.
Please read this policy carefully and ensure that you understand it, as it explains our views and practices regarding your personal information and how we will treat it.
This policy should be read together with our Terms and Conditions.
Depending upon your use of our Site, newsletter subscription, and content submissions, we may collect and process some or all of the personal information set out below.
Identity Information consists of your name, email address, and social media handles. We collect this information when you:
Communication Information includes any personal information that is not Identity Information that you include in your communications with us, including:
Submission Content includes any content you submit to us for potential publication, which may contain:
Technical Information includes:
Usage Information encompasses:
Location Information may be derived from:
Social Media Information includes:
We collect this information when you interact with us through third-party social media sites, such as Facebook, LinkedIn, and X (formerly Twitter).
Third-Party Analytics Information includes aggregated and anonymized data we receive from analytics providers about how users interact with our Site.
Under data protection law, we must always have a lawful basis for using your personal information. The following explains how we use your personal information and our lawful bases for doing so.
Purpose: To send you The Exploit newsletter, respond to your enquiries, and manage your subscription.
Data used: Identity Information, Communication Information
Lawful basis: Performance of contract (newsletter subscription), or our legitimate interest in ensuring your questions are answered and you have a great user experience.
Retention: Until you unsubscribe or we cease operations of The Exploit newsletter.
Purpose: To review, edit, publish, and manage user-submitted content on The Exploit.
Data used: Identity Information, Submission Content, Communication Information
Lawful basis: Performance of contract (based on submission agreement in our Terms and Conditions), or our legitimate interests in operating and maintaining our publication.
Retention: Published content and associated information is retained indefinitely in accordance with the license granted in our Terms and Conditions. Unpublished submissions are retained for 24 months unless you request earlier deletion. If you exercise your right to erasure, we will remove or anonymize your personal information while retaining the substantive (non-personal) content under the intellectual property license you granted.
Purpose: To send you information about Maze AI Limited's services that we think you might be interested in.
Data used: Identity Information
Lawful basis: Our legitimate interests in running our business and showing you services that might be of interest to you, or your consent where required by law.
Retention: Until you opt out of marketing communications or we cease marketing activities.
Your rights: You can opt out of marketing communications at any time while remaining subscribed to The Exploit newsletter. Each marketing email contains an unsubscribe link.
Purpose: To deliver relevant Site content to you in the most effective manner for you and your device, and to improve our Site's performance and user experience.
Data used: Technical Information, Usage Information, Location Information
Lawful basis: Our legitimate interests in ensuring Site visitors have a great user experience when accessing and using our Site.
Retention: Technical and usage data is retained for 26 months. Aggregated analytics data is retained indefinitely.
Purpose: To keep our Site safe and secure, prevent fraud and abuse, and analyze usage patterns to improve our services.
Data used: Technical Information, Usage Information
Lawful basis: Our legitimate interests in network security, protecting our Site and users, and improving our services.
Retention: Security logs are retained for 12 months. Aggregated analytics data is retained indefinitely.
Purpose: To engage with our community on social media, respond to comments and messages, and share content on social media platforms.
Data used: Social Media Information, Communication Information
Lawful basis: Our legitimate interests in building our audience, engaging with our community, and promoting our content.
Retention: We retain records of significant social media interactions for 24 months. Public posts remain visible as per the social media platform's policies.
Purpose: To process copyright complaints, DMCA notices, and other legal requests; to comply with our legal and regulatory obligations; and to bring and defend legal claims.
Data used: Identity Information, Communication Information, and any information provided in complaints or legal notices.
Lawful basis: Compliance with legal obligations, or our legitimate interest in defending ourselves against claims and enforcing our rights.
Retention: Copyright complaints and legal notices are retained for 7 years from resolution. Active legal matters are retained until the matter is closed plus 7 years.
Purpose: To process your requests to exercise data protection rights (access, rectification, erasure, etc.).
Data used: Identity Information and any information relevant to your request.
Lawful basis: Compliance with legal obligations under UK GDPR and EU GDPR.
Retention: Records of data subject requests are retained for 3 years from completion.
Purpose: To determine the applicable privacy regime (for example, EU/UK GDPR or the California Consumer Privacy Act) based on your approximate location and to apply the appropriate default cookie settings before Google Tag Manager loads.
Data used: Technical Information (including IP-derived region headers), Location Information, and the consent preferences you save in our banner.
Lawful basis: Our legal obligations under GDPR/UK GDPR and CPRA as well as our legitimate interests in providing a compliant service while respecting your privacy choices.
Retention: We store a non-personal `tex_consent_region` cookie for 24 hours to remember your regional defaults and keep your consent settings in your browser's local storage until you delete them.
Where permitted by our legitimate interest or with your prior consent where required by law, we will use your personal information for marketing analysis and to provide you with:
You have the right to opt out of marketing communications at any time:
Opting out of Maze marketing does not affect your subscription to The Exploit newsletter, and vice versa.
We comply with CAN-SPAM Act requirements for commercial emails:
We will only retain your personal information for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
When personal information is no longer needed, we will securely delete or anonymize it.
| Data Type | Retention Period | Reason |
|---|---|---|
| Newsletter subscriber data | Until unsubscribe or cessation of newsletter | Contractual obligation |
| Published submissions (content) | Indefinitely | License granted in Terms; business records |
| Published submissions (personal data) | As above, unless erasure requested | GDPR rights honored |
| Unpublished submissions | 24 months from submission | Potential future use |
| Marketing consent records | Until opt-out + 3 years | Legal compliance |
| Technical/usage data | 26 months | Analytics and improvement |
| Security logs | 12 months | Security purposes |
| Consent region cookie (`tex_consent_region`) | 24 hours | Maintain regional default cookie compliance between page views |
| Copyright complaints | 7 years from resolution | Legal compliance |
| Data subject request records | 3 years from completion | Legal compliance |
| Legal/litigation records | Duration of matter + 7 years | Legal compliance |
We do not use your personal information for automated decision-making or profiling that produces legal effects or similarly significantly affects you.
We may use automated systems for:
These activities do not involve consequential automated decisions about you. You have the right to object to these processing activities.
We may store some or all of your personal information in countries outside of the UK and European Economic Area ("EEA"). We may transfer your personal information outside of the EEA or UK to:
When we transfer your personal information outside the UK/EEA, we ensure appropriate safeguards are in place:
We may share your personal information with:
Maze AI Limited and any subsidiaries or affiliates, who may process your personal information for the purposes set out in this policy.
Legal advisors, accountants, auditors, and consultants who provide professional services to us.
Prospective buyers, investors, or successors in the event we sell our business or assets.
Law enforcement, regulators, courts, or other public authorities when required by law or to protect rights, property, or safety.
Any other third parties where you have provided explicit consent.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
Our Site may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.
We do not control these third-party websites and are not responsible for their privacy practices. When you leave our Site, we encourage you to read the privacy policy of every website you visit.
When you use social media sharing features on our Site, the social media platform may collect information about you. This is governed by the social media platform's own privacy policy, not this policy.
We use cookies and other similar technologies to collect and store certain information about you, which includes your personal information. These technologies help us distinguish you from other users of our Site, provide you with a better user experience, and allow us to improve our Site.
To comply with global privacy requirements we apply region-specific defaults. Visitors in the EU/EEA, UK, Switzerland, and CPRA-covered US states (California, Colorado, Connecticut, Utah, and Virginia) see non-essential cookies set to "off" until you opt in. Visitors in other US states receive analytics cookies by default but can disable marketing cookies. Visitors elsewhere receive analytics and marketing cookies by default unless you opt out. Regardless of your region, you can always change your mind by reopening the cookie settings panel.
We store your consent preferences in your browser's local storage under the key `cookie_consent_preferences`. These records stay on your device and are only read when deciding which Google Tag Manager tags to fire; they are not transmitted to our servers unless required by law.
Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and provide information to website owners.
These cookies are necessary for the Site to function and cannot be disabled.
When you first visit our Site, you will see a cookie banner asking for your consent to use non-essential cookies. You can:
You can also manage cookies through your browser settings:
Please note that blocking some cookies may impact your experience of our Site.
Some cookies may be set by third-party services:
We do not control third-party cookies. Please review the relevant third-party privacy policies for more information.
Some browsers have a "Do Not Track" feature. Our Site does not currently respond to Do Not Track signals, but you can control cookies through the methods described above.
Under UK GDPR, EU GDPR, and other applicable data protection laws, you have the following rights regarding your personal information:
You have the right to be informed about the collection and use of your personal information. This privacy policy provides that information.
You have the right to obtain:
You can request a copy of your personal information by contacting the-exploit@mazehq.com.
You have the right to have inaccurate personal information corrected and incomplete personal information completed. Contact the-exploit@mazehq.com to request corrections.
You have the right to request deletion of your personal information in certain circumstances:
Important limitation: If you submitted content for publication, the intellectual property license granted in our Terms and Conditions survives erasure. We will remove or anonymize your personal information from published content, but may retain the substantive (non-personal) content itself.
You have the right to request that we restrict processing of your personal information in certain circumstances:
Where processing is based on consent or performance of contract, and carried out by automated means, you have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
You have the right to object to processing based on legitimate interests or for direct marketing purposes:
Where processing is based on your consent, you have the right to withdraw consent at any time. This does not affect the lawfulness of processing before consent was withdrawn.
You have the right to lodge a complaint with your relevant data protection authority:
To exercise any of these rights, please contact us at:
We will respond to your request within one month, though we may extend this by two additional months for complex requests. We will inform you of any extension and the reasons for delay.
We may need to verify your identity before processing certain requests. We will not charge a fee unless your request is manifestly unfounded, excessive, or repetitive.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
You can request details about the personal information we have collected about you in the past 12 months, including:
You can request deletion of personal information we have collected from you, subject to certain exceptions.
We do not sell your personal information as defined by CCPA.
We will not discriminate against you for exercising your CCPA rights.
Email: the-exploit@mazehq.com with "California Privacy Request" in the subject line
We will verify your identity and respond within 45 days (may be extended by an additional 45 days if needed).
You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.
We disclose personal information to service providers for business purposes as described in the "Who do we share your personal information with?" section. We do not sell personal information.
We have implemented appropriate technical and organizational measures to protect your personal information. However, no system is completely secure.
If we discover a data breach that poses a risk to your rights and freedoms, we will:
Our notification will include:
We maintain detailed incident response procedures and conduct regular security reviews to minimize the risk of breaches.
Our Site is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. The Exploit newsletter and content submission features are only available to individuals 18 years or older.
If you are between 13 and 17 years old, you may browse the Site only with the consent and supervision of a parent or guardian.
If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information as quickly as possible.
If you believe we have collected information from a child under 13, please contact us immediately at the-exploit@mazehq.com.
This policy was last updated on the date mentioned at the top of it. We may change this policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects your personal information.
When we make changes to this policy, we will:
Your continued use of the Site after changes to this policy constitutes your acceptance of the revised policy. If you do not agree with changes, please stop using the Site and contact us to exercise your data protection rights.
We have appointed a Data Protection Officer responsible for overseeing questions about this policy and data protection matters.
Data Protection Officer
Maze AI Limited
45 Crescent Lane
London, SW4 9PT
United Kingdom
Email:
Response times:
We aim to respond to all inquiries within 5 business days and to data subject rights requests as required by law.