Privacy Policy

1. Information We Collect

1.1 Personal Information

We may collect personally identifiable information that you voluntarily provide to us when you:

• Complete a contact or consultation request form on our website
• Email or call us directly
• Engage us for cybersecurity services
• Subscribe to any communications or updates
• Request a security assessment, report, or proposal

The personal information we collect may include:

• Full name and job title
• Company or organization name
• Email address
• Phone number
• Mailing address
• Information about your technology environment and security needs
• Payment and billing information (processed securely through third-party processors)

1.2 Automatically Collected Information

When you visit our website, certain information may be automatically collected, including:

• IP address and approximate geographic location
• Browser type and version
• Operating system
• Pages visited and time spent on each page
• Referring website or URL
• Date and time of your visit
• Device identifiers

1.3 Cookies and Tracking Technologies

Our website may use cookies, web beacons, and similar tracking technologies to improve your browsing experience, analyze site traffic, and understand where our visitors come from. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, some portions of our website may not function properly.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, and maintain our cybersecurity services and respond to service requests.
• Communications: To respond to your inquiries, consultation requests, and support needs.
• Business Operations: To process transactions, send invoices, and manage our client relationships.
• Marketing Communications: To send periodic emails about our services, security updates, and industry news — only where you have consented or where permitted by law. You may opt out at any time.
• Website Improvement: To analyze usage patterns and improve the content, functionality, and user experience of our website.
• Legal Compliance: To comply with applicable laws, regulations, and legal obligations.
• Security: To detect, prevent, and address technical issues, fraud, and security incidents.

3. Analytics

We may use third-party analytics services (such as Google Analytics) to help us understand how users interact with our website. These services may collect information about your use of our website and other websites over time. The information collected is used in aggregate form to improve our website. You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on available at tools.google.com/dlpage/gaoptout.

4. Disclosure of Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

• Service Providers: We may share information with trusted third-party vendors who assist us in operating our website, conducting our business, or providing services to you — subject to confidentiality agreements.
• Legal Requirements: We may disclose your information when required by law, subpoena, court order, or other governmental authority.
• Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction.
• Protection of Rights: We may disclose information where we believe disclosure is necessary to protect the rights, property, or safety of CyberDef, our clients, or others.

5. Data Security

As a cybersecurity company, we take the security of your personal information seriously. We implement appropriate technical and organizational security measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL
• Access controls limiting data access to authorized personnel only
• Regular security assessments of our own systems
• Employee security training and awareness programs
• Secure deletion of data no longer required

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Client engagement data is typically retained for a period of seven (7) years following the end of the engagement to comply with legal, accounting, and regulatory requirements. Website inquiry data is retained for up to three (3) years unless you request earlier deletion.

7. Your Rights and Choices

7.1 General Rights

Depending on your location, you may have the following rights regarding your personal information:

• The right to access the personal information we hold about you
• The right to request correction of inaccurate information
• The right to request deletion of your personal information
• The right to restrict or object to processing of your information
• The right to data portability
• The right to withdraw consent where processing is based on consent

7.2 CCPA Rights (California Residents)

California residents have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to know whether personal information is sold or disclosed, the right to opt-out of the sale of personal information (we do not sell personal information), the right to non-discrimination for exercising CCPA rights, and the right to request deletion of personal information.

7.3 GDPR Rights (EEA Residents)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict, or object to processing of your personal data. You also have the right to lodge a complaint with your local data protection authority. Our legal basis for processing personal data includes performance of a contract, legitimate interests, compliance with legal obligations, and consent where applicable.

8. International Data Transfers

CyberDef is based in the United States. If you are accessing our website or services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using our services, you consent to the transfer of your information to the United States, which may have different data protection rules than your country.

9. Third-Party Services and Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit. Our use of third-party service providers (such as email platforms, analytics, and payment processors) is governed by their respective privacy policies and our data processing agreements with them.

10. Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information as soon as possible. If you believe we have collected information from a child, please contact us immediately.

11. Marketing Communications

If you have opted in to receive marketing communications from CyberDef, you may opt out at any time by contacting us at austinwoodworth@cyberdef.it.com with "Unsubscribe" in the subject line, or by following the unsubscribe instructions included in any marketing email we send. Please note that even if you opt out of marketing communications, we may still send you transactional or service-related communications.

12. Data Requests

To submit a data access, correction, deletion, or portability request, please contact us at:

We will respond to verified requests within 30 days. We may need to verify your identity before fulfilling a request.

13. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. We will notify you of material changes by updating the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of our website or services after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: