Skip to content
POLICIES

No ads, no trackers, no nonsense

What CrocOps collects, what it doesn't, and how comments work.

Last updated June 22, 2026 Contact contact@croclius.com
CrocOps mascot
Hey, I'm the one behind CrocOps. Everything here is in plain English with no dark patterns. If anything's unclear, just reach out.

This site is run by me, Croclius. Wherever I can, I use privacy-focused, open-source tools on infrastructure I control. The goal is to publish educational offensive-security content, not to mass-collect or exploit reader data. This policy covers croclius.com, the newsletter, and the account, comment, and membership features built into the site. By using any of them, you agree to what's below.

Disclaimer

Everything on croclius.com is for educational and informational purposes only. The writeups, guides, and techniques here describe attacks against machines I own or am authorised to test. I do not condone or support illegal activity of any kind, and nothing here is permission to attack a system you don't own or haven't been contracted in writing to assess. Always act ethically and get signed authorisation before testing any system. Any misuse of what you read here is the sole responsibility of the user.

Privacy

CrocOps shows no ads and runs no behavioural tracking or third-party advertising. You can read every post, search the site, and follow the RSS feed without an account and without giving me any personal information.

The site only collects data when you choose to act on it: send a message, subscribe, sign in to comment, or support the work. Each of those is broken down under Collected information below.

Cookies

croclius.com places no advertising or cross-site tracking cookies. The only things stored are functional:

  • A preference that remembers your light or dark theme
  • A sign-in cookie that keeps you logged in

Both are first-party. The newsletter provider sets a couple of its own cookies only if you use the signup form.

External content & integrations

Some posts embed or link to content hosted elsewhere, such as an advisory, a tool's repo, or the occasional video. When that content loads, the site serving it can see you requested it and may set its own cookies, exactly as if you'd visited directly. I keep embeds to a minimum and prefer plain links for this reason.

Collected information

Everything the site collects, grouped by the feature that collects it.

Analytics

Page reads are counted by Umami, a cookieless, privacy-first tool I run myself, so the data never leaves my infrastructure. It records aggregates only:

  • Page views and referrers
  • Rough country
  • Browser and device type

No cookies, no cross-site identifiers, no stored IP, no personal profile. Nothing is ever sold or sent to an ad network.

Contact form

Sends only the fields you fill in, and only when you submit. The form posts to this site's own server, which delivers it through Resend as an email I can reply to, just name, email, subject, and message, nothing more.

Newsletter

If you subscribe, your email, plus an optional name, is stored with Mailchimp so the newsletter can reach you. Nothing else is collected, and every email carries an unsubscribe link in the footer.

Accounts & comments

To comment you sign in, which gives the site a verified email. Stored alongside it:

  • An optional display name
  • A generated avatar, never a photo or upload
  • Your account creation date
  • Your comments, replies, and likes

Your email is never shown publicly, readers only see your display name and avatar. Sign in with Google, GitHub, or a one-time email link. Whichever you pick only proves you control an address. I never receive a password or anything from your profile beyond the verified email.

Membership & tips

Paid membership and one-time tips run end to end through Stripe. Card details go straight to Stripe and are never seen or stored by CrocOps. From a successful payment I keep only what's needed to manage access:

  • Your email
  • Membership status
  • Plan type
  • Renewal date
Recent backers

Tip or subscribe and the confirmation page asks if you'd like to be listed on the membership page. Skip it or choose "No thanks" and you show as "Anonymous backer".

Your rights to your data

Ask what's stored about you, ask me to correct it, or ask me to delete it. Most of this is self-serve:

  • Delete your own comments
  • Delete your account
  • Unsubscribe from any newsletter footer

For anything you can't do yourself, email contact@croclius.com from your account address and I'll handle it.

Data sharing

I never sell, rent, or trade your data. The only parties that ever receive any of it are the providers running the features above, each doing one job under its own policy:

  • Mailchimp for the newsletter
  • Resend for email delivery: the contact form, sign-in links, and comment notifications
  • Stripe for payments
  • Google / GitHub for sign-in, if you choose it

Sending anything to them is your choice, made by using the feature. For a lawful legal or law-enforcement request, I comply only where legally required.

Data security

Data is encrypted in transit. The site runs behind a reputable edge provider with bot protection and the standard security headers, and access to any stored personal data is limited to me. No system is ever perfectly secure, and I won't pretend otherwise, but the site is built to collect very little, which is the best protection there is.

Data retention

Analytics Aggregate only, with nothing personal to retain.
Contact messages Kept only as long as needed to reply.
Comments & account Kept until you delete them.
Newsletter Kept until you unsubscribe.
Membership Kept while active, plus whatever Stripe and tax rules require.

Children's privacy

CrocOps isn't aimed at children and doesn't knowingly collect data from anyone under the age of digital consent in their country. If I learn a minor created an account or subscribed, I remove the data. If you're a minor, get a parent or guardian's permission before creating an account.

Comment guidelines

Comments are open because good discussion makes the posts better: a cleaner approach, a correction, a tool or detail that's moved on since I wrote it. Keep it useful and it stays open.

  • Stay on the post. For the writeup you're reading, not general "how do I hack X" questions.
  • Give enough to work with. Exact command, error or output, tool version, target. "This doesn't work" tells nobody anything.
  • No flags or live spoilers. No flags, hashes, or full solutions for active HackTheBox machines. Once a box retires, anything goes.
  • Be civil. Disagree with the technique, not the person. Rude or demanding comments get removed without a reply.
  • No spam or self-promotion. Drive-by links and "check out my site" comments get deleted.
  • Corrections are welcome. If a step is wrong or out of date, say so plainly. That's help, not an attack.

Comments are moderated and I have the final call on what stays. Repeated abuse loses commenting access.

Changes to this policy

If this policy changes in a way that matters, the date up top moves and the change shows here. When it affects subscribers, I'll note it in the newsletter. Continuing to use CrocOps after an update means you accept the current version.

Contact

Questions or concerns? Email contact@croclius.com or use the contact form.

Get access to everything

Become a member. You’ll Love It!

See membership