# DESA — Privacy Policy > **Version:** 1.0.0 > **Effective Date:** 2025-03-07 > **Maintained by:** [Platphorm News](https://platphormnews.com) ## Overview DESA (Dynamic Encoded Script Analysis) is a free, browser-based PowerShell script analysis tool operated by [Platphorm News](https://platphormnews.com). This policy describes how we handle data when you use our service. ## Data Collection ### What We Collect - **Submitted Scripts:** PowerShell scripts submitted for analysis are processed server-side for deobfuscation, threat detection, and IOC extraction. - **Analysis Results:** Detection findings, IOCs, threat scores, and MITRE ATT&CK mappings generated from submitted scripts. - **Usage Metadata:** Basic request metadata (timestamps, request counts) for rate limiting and service health. ### What We Do Not Collect - **Personal Information:** We do not require registration, login, or personal details to use DESA. - **Cookies:** We do not use tracking cookies. Only essential cookies for session management may be used. - **Third-Party Tracking:** We do not share data with advertising or analytics tracking services beyond basic Vercel Analytics for performance monitoring. ## Data Processing ### Script Analysis - Scripts are processed through a 7-stage pipeline: Ingest → Decode → Normalize → Detect → Enrich → Score → Summarize. - Analysis is performed deterministically using pattern matching (not AI/ML inference on your data). - Results may be stored temporarily for history and export features. ### IOC Extraction - Extracted IOCs (IP addresses, domains, URLs, hashes, file paths, registry keys) are derived from submitted scripts. - IOCs may be correlated with threat intelligence sources for enrichment. ### Integration Services When DESA integrates with PlatphormNews network services: - **MSI (Malware Sample Intelligence):** Malware samples may be submitted for enrichment. - **JSON/XML/SVG:** Analysis results may be formatted and exported. - **MCP Hub:** Tool metadata is shared for service discovery. ## Data Retention - **Analysis History:** Stored for the duration of your session or as configured. - **Database Records:** Script metadata and analysis results may be retained for service improvement. - **Logs:** Server logs are retained for up to 30 days for debugging and security purposes. ## Data Security - All data is transmitted over HTTPS/TLS. - Database connections use encrypted channels (Neon PostgreSQL with SSL). - API access is protected by rate limiting and optional API key authentication. - No credentials or secrets are stored in client-side code. ## Third-Party Services DESA uses the following third-party services: | Service | Purpose | Privacy Policy | |---------|---------|---------------| | **Vercel** | Hosting and edge deployment | [vercel.com/legal/privacy-policy](https://vercel.com/legal/privacy-policy) | | **Neon** | PostgreSQL database | [neon.tech/privacy](https://neon.tech/privacy) | | **PlatphormNews Network** | Integration services | [platphormnews.com](https://platphormnews.com) | ## Your Rights - **Access:** You can view your analysis history at `/history`. - **Deletion:** Clear your browser data to remove local session information. - **Export:** Export your analysis results via the API or UI export features. - **Opt-Out:** You can use DESA without submitting any scripts — browse rules, documentation, and network services freely. ## Changes to This Policy We may update this policy periodically. Changes will be reflected by the "Effective Date" above. Continued use of DESA after changes constitutes acceptance of the updated policy. ## Contact - **Website:** [platphormnews.com](https://platphormnews.com) - **GitHub:** [github.com/mbarbine/desa-powershell-script-analysis](https://github.com/mbarbine/desa-powershell-script-analysis) - **Twitter:** [@platphormnews](https://twitter.com/platphormnews)