Privacy Policy

Information You Provide Directly: When you register for an account, request an assessment, fill out a form, or contact us, we may collect your name, email address, phone number, company name, job title, billing information, and any other information you voluntarily provide.

Automatically Collected Information: When you visit our website, we automatically collect certain technical information including your IP address, browser type and version, operating system, referring URLs, pages viewed, and the dates and times of your visits. This data is collected via cookies, server logs, and similar tracking technologies.

Security Rating Data: To provide our rating services, we may collect and analyze publicly available data about your organization's digital footprint, including domain records, SSL/TLS configurations, email server settings, network data, and other publicly observable technical indicators.

Consulting Engagement Data: If you engage our consulting services, we may collect additional information necessary to perform security assessments, including network scope, system configurations, and related technical data provided by you or gathered with your authorization.

We use the information we collect to:

• Provide, maintain, and improve our cybersecurity rating and consulting services
• Generate and deliver security assessment reports to you or your organization
• Respond to your inquiries, support requests, and communications
• Process transactions and send related information (invoices, confirmations, etc.)
• Send you service-related communications, including account notifications and security alerts
• Monitor and analyze usage patterns and website performance to improve user experience
• Detect, prevent, and address technical security issues and fraudulent activity
• Comply with legal obligations, court orders, and regulatory requests
• Provide you with information about our products, services, and promotions (you may opt out at any time)

We do not sell your personal information. We may share your information in the following limited circumstances:

• Service Providers: We share information with trusted third-party vendors who assist us in operating our platform, processing payments, hosting data, and delivering services (e.g., cloud infrastructure, email delivery, analytics). These providers are bound by confidentiality obligations.
• Business Transfers: If we are acquired by or merged with another company, your information may be transferred as part of that transaction.
• Legal Requirements: We may disclose information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, ensure website security, or prevent harm.
• With Your Consent: We may share information with third parties when you explicitly consent to such sharing.

Publicly available security rating data about organizations (not tied to individual personal information) may be displayed in our database or shared with third parties per our Terms of Service.

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Account data is retained while your account is active and for a period of up to 3 years after account closure. Billing records are retained for a minimum of 7 years per financial regulatory requirements. Data used for analytics is anonymized and aggregated after 26 months.

When you request account deletion, we will delete or anonymize your personal information within 30 days, subject to any legal retention requirements.

We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include TLS/SSL encryption for data in transit, AES-256 encryption for data at rest, multi-factor authentication for platform access, regular security audits and penetration testing, role-based access controls, and employee security awareness training.

No method of electronic transmission or storage is 100% secure. While we strive to protect your data using commercially acceptable means, we cannot guarantee absolute security. If you have concerns about a security breach, contact us immediately at [email protected].

Depending on your location, you may have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete personal information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Restriction: Request that we restrict processing of your personal information in certain circumstances
• Objection: Object to our processing of your personal information for direct marketing purposes
• Data Portability: Request a machine-readable copy of your personal information
• Withdraw Consent: Withdraw consent where processing is based on your consent

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). In the preceding 12 months, we have collected the categories of personal information described in Section 1 above. We do not sell personal information as defined by the CCPA.

California residents have the right to know what personal information is collected, to request deletion, and to opt out of the sale of their personal information. To exercise your rights, contact us at [email protected] with "California Privacy Rights" in the subject line.

Our services are primarily operated from the United States. If you are accessing our services from outside the US, please be aware that your information may be transferred to, stored, and processed in the United States. We comply with applicable legal frameworks for international data transfers, including Standard Contractual Clauses (SCCs) where required.

Our website may contain links to third-party websites, services, or applications that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you use.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. We encourage you to review this policy periodically.