Thunder Machine GMS
Privacy & Data Protection
Since Thunder Machine GMS is a self-hosted platform, the privacy logic is unique: the user is the Data Controller, and the software is merely the Data Processor.
1. Data Sovereignty (The “Zero-Knowledge” Model)
- Local Storage: All extracted leads, emails, and social media data are stored exclusively on the user's self-hosted MongoDB instance.
- No Third-Party Access: No data is transmitted to, stored on, or accessible by the developers of Thunder Machine GMS.
- User Control: The user maintains 100% ownership and control over the database, including the ability to perform bulk deletions or full system wipes.
2. Information Collection & Purpose
- Target Data: The platform is designed to extract publicly available business information, including business names, addresses, phone numbers, and websites.
- Deep Enrichment: When enabled, the software crawls public business websites to retrieve publicly listed email addresses and social media links.
- Compliance Tracking: The system logs the scrapedAt timestamp for each record to assist users in maintaining data freshness and compliance with “Right to be Forgotten” requests.
3. Third-Party Integrations
- Proxy Providers: To maintain stealth, the user connects the software to their own third-party proxy providers (e.g., Bright Data, Oxylabs).
- License Validation: On startup, the software pings a central license server to verify the Hardware ID (HWID) and Purchase Code.
- Selector Sync: The platform communicates with a central API to download updated CSS selectors; no lead data is shared during this synchronization.
4. Security Architecture
- Hardened Infrastructure: The software runs within a Docker container to isolate the environment from the host server.
- Authentication Guard: Access to the dashboard is protected by an Admin credentials layer established during the initial installation wizard.
- Binary Protection: The core scraping logic is obfuscated and compiled to prevent unauthorized code injection or data tampering.
5. User Responsibilities (GDPR/CCPA)
- Lawful Basis: Users are responsible for ensuring they have a lawful basis for collecting and processing data in their specific jurisdiction.
- Data Minimization: Users are encouraged to only toggle “Enrichment” for leads they intend to contact directly.
- Ethical Conduct: Users agree not to use the software to “hammer” servers and must utilize the built-in “Crawl Delay” to mimic human behavior.