Labs Privacy Notice
Last updated: April 20, 2026
This notice describes data collection on labs.nowsecure.com specifically. It supplements — and defers on most points to — the main NowSecure Privacy Notice, which remains authoritative for data subject rights, legal basis, retention, and contact.
NowSecure Labs is a research sandbox. Pages here may collect more interaction data than the main corporate site, because some posts rely on replay and click-level telemetry to understand how visitors engage with research material.
What we collect
- Product analytics — pageviews, clicks, referrer, browser, OS, coarse geo (derived from IP), and timestamps.
- Session recordings — mouse movement, scroll, clicks, and the DOM of the page over time, so we can see how readers interact with a research piece. Input fields are masked by default. On specific interactive pages (e.g.
/vercel_breach_mobile/), non-sensitive inputs like a public search box are intentionally unmasked; no account, login, or PII input exists on those pages.
- A pseudonymous identifier stored in browser cookies / localStorage so repeat visits can be linked without knowing who you are.
Who processes it
- PostHog (US region,
us.i.posthog.com) — analytics and session replay.
- Netlify — hosting; produces standard access logs.
- Google Fonts — web fonts; loading fonts sends your IP to Google.
What we don't collect
- Names, email addresses, passwords, or account identifiers — the labs site has no login or form submission.
- Payment information — nothing on labs is commercial.
- Content of any masked input field — PostHog masks inputs by default except where explicitly noted above.
How to opt out
- Enable Do Not Track or Global Privacy Control in your browser — PostHog respects these signals and will not record your session.
- Use a tracker-blocking extension (uBlock Origin, Privacy Badger, Brave Shields, etc.). Blocking
us.i.posthog.com disables all analytics here.
- Clear site data in your browser to remove the pseudonymous identifier.
Your rights
Data subject rights (access, deletion, correction, objection) are handled at the organization level. Follow the process described in the NowSecure Privacy Notice, and mention labs.nowsecure.com in your request so we can locate any labs-specific data.
Changes
Material changes to this notice will be reflected by updating the date above. The current version is always at labs.nowsecure.com/privacy.html.