Derp.ca

Privacy Policy

Last updated: May 21, 2026

Derp.ca publishes security research, malware analysis, and threat intelligence. We do not run user accounts, comments, paid memberships, contact forms, or email subscriptions on this site.

Information We Process

We do not ask visitors to submit personal information through this site. Basic technical information may still be processed when you visit, including your IP address, browser and device details, requested pages, referring page, approximate location, timestamps, and similar request or analytics data.

Hosting

Derp.ca is self-hosted on a secure server in Canada. The hosting environment processes basic request and server log data needed to deliver the site, protect the service, detect abuse, troubleshoot errors, and maintain reliability.

Analytics

We use Google Analytics to understand aggregate site traffic. This helps us see which pages are read, how visitors reach the site, broad browser and device information, approximate geography, and similar usage patterns.

Google Analytics may use cookies or similar identifiers. We use analytics to improve the site and understand reader interest. We do not use it to identify individual visitors, sell visitor data, build advertising audiences, or run ad targeting from this site.

Cookies and Local Storage

Google Analytics may set cookies or similar identifiers for measurement. The site also stores your light or dark theme preference in your browser local storage. The theme value stays on your device and is used only to display the site in your chosen mode.

You can block or delete cookies in your browser. Google also provides tools and settings for managing Google Analytics and Google account privacy.

How We Use Information

We use technical and analytics data to:

  • deliver the site and keep it available;
  • measure aggregate readership and traffic patterns;
  • find broken pages, performance issues, and navigation problems;
  • protect the site from abuse and security issues;
  • decide what research and reference material is useful to publish.

Sharing

We do not sell, rent, or trade visitor information. We do not share visitor information with third parties for their independent marketing. Google processes analytics data as part of providing Google Analytics. For details, review Google's privacy materials: Google Privacy Policy and How Google uses information from sites or apps that use its services.

Security Research Content

Posts may include malware family names, infrastructure indicators, file hashes, domains, IP addresses, code snippets, screenshots, and related technical details. These are published for defensive research and threat intelligence. They are not collected from site visitors.

Third-Party Links

Research posts may link to external sources such as malware reports, public sandboxes, code repositories, vendor writeups, social posts, and public datasets. Those sites have their own privacy practices. Visiting them is outside this policy.

Retention

Analytics and hosting records are retained according to the settings and policies of the Google services used to operate the site. We keep no separate visitor account database.

Children

This site is intended for security professionals, researchers, students, and technically interested readers. It is not directed to children, and we do not knowingly collect personal information from children.

Contact

For privacy questions or sensitive content concerns, email kirk@derp.ca.

Changes

We may update this policy as the site or its services change. The updated date above will change when that happens.