📝 Add SEAL 911 Data Retention Policy

.github/workflows/checks.yml

@@ -3,7 +3,7 @@ name: 👮‍♂️ Sanity checks
 on: [push, pull_request, workflow_dispatch]
 
 concurrency:
-  group: ${{github.workflow}}-${{github.ref}}
+  group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:

DATA_RETENTION_POLICY.md

@@ -0,0 +1,35 @@
+# SEAL 911 Data Retention Policy
+
+## Privacy Protection
+
+**Your privacy is our highest priority and is always protected.** We never share your data outside of SEAL 911 without your explicit consent.
+
+## Data Retention Period
+
+The default retention period for your data is **12 months**. You have the option to opt out of this default retention period at any time. To do so, please notify us through a new ticket in the [SEAL 911 Telegram bot](https://t.me/seal_911_bot).
+
+## Data Retention Cycle
+
+The personal data retention cycle consists of three distinct successive phases:
+
+1. Active ticket: Your data is actively used and managed inside of the SEAL 911 Telegram bot.
+2. Intermediate archiving: Upon closing of the ticket, your data is moved to a secure intermediate archive.
+3. Deletion: After 12 months, your data is fully deleted within the SEAL 911 Telegram bot and the intermediate archive.
+
+If special circumstances require us to retain the data beyond the 12-month period, we will contact you to seek your consent. If we do not receive a response, we will assume that you do not consent.
+
+## Data Sharing With SEAL ISAC
+
+SEAL 911 members may share non-PII (Personal Identifiable Information) data and moderately sensitive data with SEAL ISAC (Information Sharing and Analysis Center), which operates under a separate data retention policy. To enable potential future communication with victims, we collect and store Telegram usernames and jurisdiction information, classified as **TLP:RED** within SEAL ISAC. When relevant, we will include essential details about the incident, such as compromised on-chain addresses, destinations of stolen funds, and pertinent Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs). These efforts are designed to support future investigations or cases involving the same threat actors. You can opt out of this sharing at any time and request deletion of your data from SEAL ISAC. To do so, please notify us through a new ticket in the [SEAL 911 Telegram bot](https://t.me/seal_911_bot).
+
+## Communication Channels
+
+Please note that the SEAL 911 Telegram bot operates on Telegram, which is not encrypted by default. We are happy to open other communication channels (e.g., Signal) to exchange sensitive information securely.
+
+## Your Concerns and Requests
+
+As security professionals, we value your privacy above all. If you have any questions or specific requests, please let us know via the [SEAL 911 Telegram bot](https://t.me/seal_911_bot), and we will do our best to address your concerns. **Privacy is not a meme at SEAL 911; it is one of our core principles!**
+
+---
+
+By adhering to this policy, SEAL 911 ensures the protection and respectful handling of your personal data at all times.

README.md

@@ -1,14 +1,17 @@
 # SEAL 911
 
-SEAL 911 is a project designed to give users, developers, and even other security researchers an accessible method to contact a small group of highly trusted security researchers. The group can be reached via the [Telegram bot](https://t.me/seal_911_bot).
+SEAL 911 is a project designed to give users, developers, and security researchers an **accessible way** to connect with a small group of highly trusted security professionals in case of emergency. The group can be reached via the [SEAL 911 Telegram bot](https://t.me/seal_911_bot).
 
-## How do I join?
+> [!TIP]
+> You can read about the other ongoing initiatives of the Security Alliance [here](https://securityalliance.org).
 
-Given the high trust required for this project to function, membership is available on an invite-only basis. Typically, at least one existing member will vouch for the new member. Commercial organizations are limited to a maximum of two members.
+## How Do I Join?
+
+Given the high trust required for this project to function, membership is available on an **invite-only** basis. Typically, at least one existing member will vouch for the new member. Commercial organisations are limited to a maximum of two members.
 
 ## Members
 
-The current list of members is available below, for transparency purposes.
+For the sake of transparency, the current list of members is provided below.
 
 - 0xc0ffeebabe
 - Iamdeadlyz
@@ -67,3 +70,7 @@ The current list of members is available below, for transparency purposes.
 ## SEAL 911 Code of Conduct
 
 See [here](./CODE_OF_CONDUCT.md).
+
+## SEAL 911 Data Retention Policy
+
+See [here](./DATA_RETENTION_POLICY.md).