Privacy

Privacy Policy for Cyber Security Portal

Effective Date: October 12, 2025

1. Introduction

At Cyber Security Portal, your privacy and the protection of personal data are fundamental to our mission of providing secure, trustworthy cyber security services. This Privacy Policy explains the types of personal data we collect, how we use it, how we protect it, and the choices you have regarding that data. This policy applies to our website, services, communications, and any interactions you have with our team.

2. Information We Collect

We collect several types of information for various purposes to provide and improve our services:

- Contact Information: When you contact us or sign up for services, we collect your name, email address, organization name, job title, and telephone number if provided.

- Account and Billing Information: For clients and customers, we collect billing details necessary to process payments and manage subscriptions. We may handle invoicing data, purchase history, and billing addresses.

- Service Data: During security assessments or managed services, we may collect technical data relevant to the engagement, such as IP addresses, system configurations, logs, vulnerability reports, and metadata required to diagnose and remediate security issues.

- Usage and Analytics: We use cookies and similar technologies to understand site usage, traffic patterns, and to improve user experience. Usage data may include pages visited, time on site, referral sources, and device information.

- Communications: We retain messages and files you send to us when using contact forms, email, or chat. If you report a security incident, we may collect detailed information to investigate and respond effectively.

3. How We Use Personal Data

We use personal data for the following purposes:

- To provide, maintain, and improve our services, including security assessments, managed detection, and advisory work.

- To communicate with you about service requests, incidents, updates, billing, and other administrative matters.

- To personalize user experience on our site and provide resources such as blog recommendations and security guidance.

- For security and fraud prevention to detect and mitigate abuse, protect against unauthorized access, and enforce our Terms of Service.

- To comply with legal obligations, respond to lawful requests from public authorities, and protect our rights.

4. Legal Basis for Processing (Where Applicable)

For residents of jurisdictions with data protection laws, our legal bases for processing personal data may include your consent, processing necessary to perform a contract (e.g., service agreements), compliance with legal obligations, and legitimate interests such as protecting our network and services from abuse.

5. Sharing and Disclosure

We do not sell personal data. We may share personal data in limited circumstances:

- Service Providers: We engage trusted third-party vendors to support our operations (e.g., hosting, analytics, payment processors). Those vendors are bound by contractual obligations to safeguard personal data and process it only on our behalf.

- Professional Advisors: We may disclose data to legal, accounting, and compliance professionals where necessary.

- Business Transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction. We will notify you if such a transfer occurs and any changes to data handling.

- Legal Obligations & Security: We may disclose data when required by law or to respond to legal processes. We may also disclose information to protect against fraud, abuse, or security incidents and to investigate suspicious activity.

6. Data Security

We implement appropriate administrative, technical, and physical safeguards to protect personal data consistent with industry best practices. Measures include encryption in transit (TLS), access controls, logging, continuous monitoring, vulnerability management, and secure development lifecycle practices. While we strive to protect data, no system is completely secure; we cannot guarantee absolute security.

7. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. For client engagement data (including technical logs used for security services), retention periods will be detailed in service agreements and may vary based on regulatory and contractual requirements.

8. Your Rights and Choices

Depending on your jurisdiction, you may have rights related to your personal data, including:

- Access: Request a copy of the personal data we hold about you. - Correction: Ask us to correct inaccurate or incomplete data. - Deletion: Request deletion of your personal data where we are not required to retain it for legal or legitimate business reasons. - Restriction or Objection: Request limits on how we process your data or object to certain processing. - Data Portability: Ask for your data in a structured, commonly used format.

To exercise these rights, contact us using the methods available on our website. We will verify your identity before honoring requests and respond within the timeframes required by applicable law.

9. Cookies and Tracking

We use cookies and similar technologies to operate and improve the site. Essential cookies support basic site functions, while analytics cookies help us understand usage. You can manage preferences through your browser settings and opt-out tools provided by third-party analytics providers.

10. International Transfers

Our services may involve transferring data across borders. Where transfers occur, we implement contractual and technical safeguards to ensure an adequate level of protection consistent with applicable law, such as standard contractual clauses or other lawful transfer mechanisms.

11. Children’s Privacy

Our services are not directed to children under the age of 13 (or higher age where applicable), and we do not knowingly collect personal data from children without parental consent.

12. Third-Party Links and Services

Our site may contain links to third-party websites. We are not responsible for the privacy practices of those third parties. Please review their privacy policies before providing personal data.

13. Security Incidents and Breach Notification

If we detect a security incident that affects personal data, we will take prompt steps to contain and remediate the incident and will notify affected parties and regulators as required by law. Notification will include information about the nature of the incident, the data involved where known, and steps we are taking in response.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted with an updated effective date. Continued use of our services after changes constitutes acceptance of the updated policy.

15. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us through the contact form on our site. For privacy requests, please indicate your request clearly so we can route it to the appropriate team.

By engaging with Cyber Security Portal, you acknowledge that you have read and understood this Privacy Policy as of the effective date noted above.