Our Privacy Commitment

Cipher Security is committed to protecting the privacy and personal data of our clients, employees, and stakeholders. This Privacy Policy outlines how we collect, use, store, and protect personal information in accordance with applicable privacy laws and regulations.

Data Protection Principles

We adhere to fundamental data protection principles including lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability.

Regulatory Compliance

Our privacy practices comply with GDPR, CCPA, and other applicable privacy regulations. We regularly review and update our policies to ensure ongoing compliance with evolving privacy requirements.

Information We Collect

We collect only the personal information necessary to provide our cybersecurity services and maintain our business relationships.

Client Information

Contact details, company information, technical requirements, and communication records necessary for service delivery and client relationship management.

Employee Data

Employment-related information including professional qualifications, contact details, and performance data required for employment management and compliance.

Website Analytics

Technical information about how you interact with our website, including IP addresses, browser information, and usage patterns to improve our services.

How We Use Your Information

Personal information is used only for specific, legitimate purposes that are clearly communicated to data subjects.

Service Delivery

Providing cybersecurity services, incident response, security assessments, and ongoing support. We use your information to deliver the services you've requested and maintain our service quality.

Communication & Support

Responding to inquiries, providing technical support, sending service updates, and communicating important information about our services and security matters.

Information Sharing

We do not sell personal information. We share data only when necessary for service delivery or as required by law.

Service Providers

Trusted third-party service providers who assist in delivering our services, all subject to strict data protection agreements and security requirements.

Legal Requirements

When required by law, court order, or government regulation, we may disclose personal information to comply with legal obligations.

Business Transfers

In the event of mergers, acquisitions, or business transfers, personal information may be transferred as part of the business assets, subject to privacy protections.

Data Security Measures

We implement robust technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction.

Technical Safeguards

Encryption of data in transit and at rest, secure authentication mechanisms, regular security testing, intrusion detection systems, and secure data storage solutions.

Organizational Controls

Access controls based on principle of least privilege, employee training programs, regular security awareness campaigns, and incident response procedures.

Your Privacy Rights

We respect your privacy rights and provide mechanisms for you to exercise control over your personal information.

Access & Correction

Right to access your personal information and request corrections to inaccurate or incomplete data. We respond to access requests within applicable legal timeframes.

Deletion & Portability

Right to request deletion of personal information when no longer necessary for legitimate purposes, and right to receive your data in a portable format.

Objection & Restriction

Right to object to processing of personal information and request restriction of processing under certain circumstances, as provided by applicable law.

International Data Transfers

When personal information is transferred internationally, we ensure appropriate safeguards are in place to protect your data.

Adequacy Mechanisms

We use standard contractual clauses, binding corporate rules, or other legally recognized mechanisms to ensure adequate protection for international data transfers.

Compliance Assurance

Regular audits and assessments of international data transfer arrangements to ensure ongoing compliance with international data protection requirements.

Policy Updates

We regularly review and update this Privacy Policy to reflect changes in our practices and applicable privacy laws.

Notification Process

Significant changes to this Privacy Policy will be communicated through our website, email notifications, or other appropriate channels to ensure you are informed of updates.

Effective Date

This Privacy Policy is effective as of January 2026 and will remain in effect until replaced by a revised version with notice to affected individuals.

Privacy Inquiries

For questions about this Privacy Policy or to exercise your privacy rights, please contact our Data Protection Officer.

Contact DPO