Terms and Conditions, Community Guidelines and Privacy.

Community Guidelines, Terms and Conditions, Privacy Policy and Cookie Policy

Community Guidelines

Our Mission

Threat Modeling Connect brings together threat modeling practitioners of all experience levels to collaborate, share, grow, and make threat modeling a standard practice.

Our Value

  • Be Generous: We all have a part to play in making this community a better place by stepping up to help others learn and grow in their career without asking for anything in return.
  • Be Respectful: We relish the diversity of our beliefs, backgrounds, and experiences that broadens our perspectives. Even when we disagree with each other, we do it respectfully.
  • Be Open-Minded: We’re always curious about new ideas and viewpoints and open to challenging our own assumptions.
  • Code of Conduct

To create an environment that allows our members to collaborate effectively, we adhere to the following guidelines:

Zero tolerance for hate speech, attacks, or bullying: Help us make the community a safe place where everyone and every idea can thrive. We appreciate and sometimes may respectfully challenge different opinions, views, and approaches but never attack the person.

No commercial promotion: Please don’t promote your products or services, or use “direct message” as an acquisition channel. If anyone sends you a message with the intention of acquisition, please send @Shuning a DM and let us know. (That said, if there’s an industry event or resource that you think other community members may benefit from, please DM @Shuning, and let’s discuss!)

No job postings: Please don’t share job postings (either job wanted or job available) in any forums. We may establish a dedicated area for job postings in the future.

Give more than you take: We believe everyone can be a contributor. New to threat modeling? Your fresh perspective as a beginner may be a precious gift to veterans who’ve been deep in the weeds :)


Always provide the context: Help other members help you by including the relevant context in your posts. For example, “which threat modeling methodology should I choose?” is too general. Including your objectives, priorities, and concerns along with your ask for recommendations will yield more helpful and relevant responses.

Content that violates these guidelines can be permanently removed from the community. Users with repeated violations of the guidelines can result in account termination, or have lesser consequences at the discretion of the community manager. If you think that your content doesn't violate the Community Guidelines and either received a flag or was removed in error, you can appeal by emailing us at hello@threatmodelingconnect.com with the subject line: APPEAL.

Legal Notice and Terms and Conditions

Who we are

You are accessing the website of IRIUSRISK, S.L. (“Iriusrisk”, the “Company" or “we/us”) published online at the domain https://www.threatmodelingconnect.com (hereinafter the "Website"), with VAT nº B-22341713 and domiciled at Parque Tecnológico Walga, Ctra. Zaragoza N-330A, Km. 566, 22197 Cuarte (Huesca), Spain, and registered in Huesca Companies Register in Volume 655, Folio 120, Section 8, Page 9950.

You can contact us at info@irusrisk.com or +34 974316951

Intellectual and Industrial Property

All rights of intellectual property on any contents of this Website including, without limitation, images, trademarks, logos, distinctive signs, sounds and animations, texts, sound, visual and audiovisual recordings, and the databases (“Website Content”), are owned by Iriusrisk or its licensors and are protected by national and international laws. Such rights are reserved in favor of Iriusrisk and / or its licensors. Any reproduction, copying, publication, distribution, modification, transformation, removal, handling, and any other use, with or without profit, all or part of this Website or any of its contents, without the prior express written permission of Iriusrisk is expressly prohibited. Iriusrisk may exercise any legal and/or extrajudicial actions it considers appropriate, in case of a possible violation of their rights.


Assignment of Intellectual property rights in the content uploaded to the Threat Modeling Connect

The contributor to the Threat Modeling Connect Website (“Contributor”) grants to Iriusrisk a non-exclusive, perpetual, non-revocable license to reproduce, distribute, transform and publicly communicate all articles, documents, works prepared for Iriusrisk ("Content") and that will be uploaded to the Threat Modeling Connect platform. This license has a global scope and for all purposes.


For the avoidance of doubt, the Contributor shall retain ownership of the Content, and this license to Iriusrisk does not limit the Contributor's commercial use of the Content.



Iriusrisk is not responsible for any third-party webpage are accessible from the Website; nor of the accuracy, veracity and validity of the Website's information that is not of its own elaboration.

However, by virtue of article 17 of Spanish Law 34/2002, in case Iriusrisk is aware of the unlawfulness of such content or links, it undertakes to suppress or disable the links, as well as, where appropriate, blocking those contents that may be unlawful or infringe the rights of any third-party, in accordance with articles 11 and 16 of the mentioned Law.

Furthermore, Iriusrisk will not be responsible for the damages that may occur due to failures or bad configurations of the browser installed by the user in its computer. Iriusrisk will not be responsible for any technical incident or failure that occurs when the user connects to the Internet. Likewise, the absence of interruptions or errors in accessing the website is not guaranteed.

Likewise, Iriusrisk reserves the right to update, modify or delete the information contained in its website, as well as its configuration or presentation, at any time without assuming any responsibility for it.


Technology Provider

We use the technology of our supplier InSided BV, please see their Terms of Use for further details.


Personal Data

We will process your personal data according to our Privacy Policy as below.


The Website use cookies. Please see the Cookie Policy for further details.

Applicable law and jurisdiction

These Legal Notice, including our Privacy Policy and Cookie Policy, are governed by Spanish laws. The courts of the city of Huesca shall be competent to decide any controversy.

Privacy Notice

IRIUSRISK, S.L. (hereinafter "IRIUSRISK") is the owner of the domain https://www.threatmodelingconnect.com (hereinafter the " Website") and is responsible for the processing of your personal data (“you”, “your”) when you access, sign up, browse and use the Website.


By means of this Privacy Policy, and in compliance with Regulation (EU) 2016/679 ("GDPR") and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights ("LOPDGDD"), IRIUSRISK informs you, who makes use of the Website, of the processing of those personal data that may be processed by IRIUSRISK, in order for you to decide, freely and voluntarily, whether you wish to provide the requested information.

You declare to have been informed of the conditions on personal data protection, accepting and understanding the content of this Privacy Policy. Otherwise, please do not accept the Privacy Policy and do not use the Website.

Data Controller  

The Data Controller is IRIUSRISK, S.L. with registered office at Parque Tecnológico Walga, Ctra. Zaragoza N-330A, Km. 566, 22197 Cuarte (Huesca), Spain, with N.I.F. B-22341713 and email address dpo@iriusrisk.com 


Data collected, purposes, legal basis, and retention period  

By means of the following table, we inform you which data IRIUSRISK collect about you, as well as the legal basis by which it will be legitimized to process such data, the purpose of processing and retention periods.


Data collected 

Legal basis  


Retention period 

Identification data: username, email


Execution of the Terms and Conditions  

Sign up and access to Community portal




This data will be used for as long as you remain subscribed to our Community. If you choose to unsubscribe, all your personal data collected for this function will be deleted, without prejudice to the blocking for 5 years to address possible liabilities.

Site Navigation Data: IP and other characteristics of navigation (e.g., location and/or device) derived from the use of cookies or similar technologies used on the Website. You can find more information in our Cookie Policy.


Consent given through the cookie banner at the start of your navigation. You may withdraw your consent by following the steps indicated in the Cookies Policy. 

Legitimate Interest 

Those cookies categorized as technical will be necessary for the operation of the Website.

Analysis of browsing behavior and statistics: The information collected through cookies and other similar tracking technologies that allow an analysis of your navigation.

The retention periods depend on each specific cookie. For more information on the information retention periods for each type of cookie, please consult the Cookie Policy. 


Communication of data to third parties and international transfers.  

IRIUSRISK will process your personal data with strict confidentiality in accordance with applicable law. However, we will disclose any personal or other data you provide to us in compliance with a legal obligation or to properly fulfill other obligations under applicable law. IRIUSRISK will ensure that your identity will be kept strictly confidential and will not be transmitted to a third party, subject to the provisions and agreements herein.  


Notwithstanding the foregoing, IRIUSRISK uses the services of third-party technology service provider, inSided, B.V., a company established at Singel 118a, 1015 AE, Amsterdam, The Netherlands (“InSided”) which hosts and store our community portal, the information and personal data collected and generated through the use Website on Inside servers located within and outside the EEA for which we have applied the appropriate safeguards (Standard Contractual Clauses), in accordance with their particular conditions of hosting services. Please, for more information visit their Privacy Policy at https://www.insided.com/docs/privacy-policy.


You may also be able to register and access the Website by linking or connecting to a third-party service (for example, Google or LinkedIn). By signing-up or logging in to the Website through a third party service, you are instructing that service to send us information under its control or that you have authorised through the privacy settings on that service, such as your registration and profile information.


IRIUSRISK may share personal data, in addition to the companies within its corporate group for purposes of separation of business activities, customer portfolio management or other purposes related to the internal business organization, with any company interested in buying or buying IRIUSRISK or a part of its business and, consequently, give access to any national or international auditors to carry out their due diligence provided that such processing is essential for the successful completion of the business transaction. As indicated in article 21 LOPDGDD, if the transaction is not completed, the data must be immediately deleted by the receiving entity.


Security and confidentiality

IRIUSRISK undertakes to adopt the necessary technical and organizational measures in accordance with current regulations in order to ensure the security of personal data and to prevent accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorized communication or access to such personal data. Personal data will be treated as confidential by the data controller, who undertakes to inform and ensure by means of a legal or contractual obligation that such confidentiality is respected by its employees, associates, and any person to whom it makes the information accessible.

Data protection rights

You may exercise the rights of access, rectification, erasure, opposition, and, if applicable, to limit the processing and portability of data by sending an email to dpo@irusrisk.com, with the reference "GDPR" and the content of your request. In cases where representation is admitted, it will also be necessary the identification by the same means of the person representing you, as well as the document proving the representation.  

Likewise, you may submit a complaint to a supervisory authority, and in particular, to the Spanish Data Protection Agency (www.aepd.es ) if you considers that the rights set out above in this Privacy Policy are violated or if you considers that the processing of your personal data infringes the applicable regulations. Though we would request you to first contact us to deal with any complaint.

Changes in the Privacy Policy

IRIUSRISK reserves the right to modify this Privacy Policy at any time. Changes or updates to the Privacy Policy will be explicitly notified to you through a notice on the Website, along with the updated version of the Privacy Policy.  




IRIUSRISK is the owner of the domain https://www.threatmodelingconnect.com ("Website") and uses cookies that collect information related to the connection, browsers and devices used by you, who access and use the Website (“you” or “your”). IRIUSRISK uses this information to manage and improve the proper functioning of the Website.


This cookie policy (the “Cookie Policy”) describes what information these cookies collect, how they are used and for what purpose. It also indicates how you can restrict or block the automatic downloading of cookies; however, this may reduce or even hinder certain elements of the functionality of the Website. Likewise, you can choose the category of cookies you wish to activate in the cookie banner that appears the first time you access the Website.


What are cookies? 

Cookies are small text files that are placed on your computer, smartphone or other device when accessing the Internet. This is done to improve your experience and for other purposes, such as recognizing you when accessing the Website, ensuring the security of your account, and delivering targeted advertising.


For more general information about cookies, please see the following article.  


How we use cookies? 

The Website uses own and third-party cookies:


Own cookies: cookies sent to your device by IRIUSRISK through the web domain.

Third-party cookies: they are sent to your device by domains that are not managed by IRIUSRISK but by another entity that processes the data collected through cookies.

According to the purpose of the cookies, the cookies used can be divided into the following categories:


Technical cookies (necessary): cookies necessary for navigation and for the proper functioning of the Website. Their use allows basic functions, such as access, secure navigation. The legal basis that allows the collection of data through these cookies is the execution of the contract (the Terms and Conditions) applicable to you and the legitimate interest of IRIUSRISK in the management of the Website. No information collected through these cookies is shared with third parties. Please refer to the cookie table below for details of these cookies.

Analytical cookies: allow monitoring and analyzing of your behavior. The information collected through this type of cookies is used in measuring the activity of the Website and for profiling your browsing, in order to improve the Website. The legal basis that allows the collection of this data through these cookies is your consent. See the table of cookies below for details of these cookies.

Advertising cookies: allow the management of advertising space based on different criteria. Those cookies that track your browsing habits to obtain a profile that allows to offer the most interesting information or adjusted to your tastes and preferences identified on the basis of your queries and browsing habits, even on websites not managed by IRIUSRISK. The legitimate basis for collecting this data through these cookies is your consent. See the table of cookies below for details of these cookies.

Preference cookies: allow the Website to remember information that modifies the behavior or appearance of the Website itself, such as your preferred language or the region in which you are located. The legitimate basis for collecting this data through cookies is your consent, provided that these cookies, by reason of their functionality, prevent the proper functioning of the Website. See the table of cookies below for more details on these cookies.  


Furthermore, we use both session and persistent cookies. Indeed, depending on the period of time that any cookie is active in your device, the following categories may be identified:


Session cookies: those designed to collect and store data while you access to our website. They are regularly used to store information that is only relevant with regard to the specific session and disappear once the session is closed.

Persistent cookies: cookies on which data stay stored and may be accessed and processed for a period of time defined by IRIUSRISK, which may range from a few minutes to several years.


You can find the detailed list of the cookies we use, the type, purpose and retention period of each one of them in the table of cookies below:








The cookie determines the preferred language and country-setting of the visitor - This allows the website to show content most relevant to that region and language.

5 years



Used to see if a it’s a first time visit of a user to the platform - if so then show the cookie banner and any other first time displays. Boolean

30 minutes



Used for search analytics to improve search performance, please note that the search functionality will not work without it

6 months

_gid (Google Analytics)


Tracks anonymously the visit of the user. These two anonymity parameters are set in order to conform to EU cookie law:


- Anonymize IP = true


- displayFeaturesTask = null

24 hours

_gat_UA-XXXXX (Google Analytics)


Tracks anonymously the visit of the user.These two anonymity parameters are set in order to conform to EU cookie law:


- Anonymize IP = true


- displayFeaturesTask = null

1 minute



Google Analytics cookie - A uniquely generated identifier used for visitor tracking, data used by Customer Success Management team internally to help make informed decisions about the community.

2 years



Used by Google Analytics to throttle request rate

24 hours



Collects data on the user's visits to the website, such as which pages have been read.

2 years




Used to check if the user's browser supports cookies.

1 day



This cookie used to determine which products the visitor has viewed - This allows the website to promote related products.




Registers a unique ID on mobile devices to enable tracking based on geographical GPS location.




Holds collapsed content

1 year



String: timestamp

½ year



Stores the current level of the cookie policy (1,2,3)

1 year



Used to distribute traffic to the website on several servers in order to optimise response times.

1 day



Stores the user's cookie consent state for the current domain

1 year



embedded Iframe set cookies on own domain. Shows the embedded video player of youtube.




Tries to estimate the users' bandwidth on pages with integrated YouTube videos.

179 days



Registers a unique ID to keep statistics of what videos from YouTube the user has seen




Stores the user's video player preferences using embedded YouTube video




Stores the user's video player preferences using embedded YouTube video




Stores the user's video player preferences using embedded YouTube video




Stores the user's video player preferences using embedded YouTube video




Stores the user's video player preferences using embedded YouTube video




Stores the user's video player preferences using embedded YouTube video




Numerical ID's of the topics visited by the user - Used to identify returning visitors to a topic page

48 hours



Internal cookie set for internal community analytics events - session value




Internal cookie set for internal community analytics events - unique hash

1 year



Tracks platform performance and debugging use (internal use only)




Stores users session




Preserves users states across page requests




How to disable cookies? 

 You may restrict or limit the placement of cookies by adjusting the browser settings. However, if you select this setting, you may not be able to access certain parts of the Website or cause a poor display of its contents, which will result in less efficient navigation, and you may not be able to take advantage of some of the services available. Therefore, it is recommended that you do not disable them.


If you wish to disable cookies, go to the Browser Preferences menu or Browser settings and look for the Privacy section. As an example, you can follow the instructions below:



More information  

 We hope we have clarified how and why we use cookies. In case something is still unclear, please do not hesitate to contact us at: dpo@irusrisk.com 

Version: 07 of November of 2022