Privacy Policy

Last updated: March 2026

1. Introduction

CybersecCloud ("we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud security assessment platform and related services (the "Service"). By accessing or using the Service, you agree to the terms of this Privacy Policy.

2. Information We Collect

We may collect the following categories of information:

• Account Information: Name, email address, organization name, and role when you create an account.
• Usage Data: Information about how you interact with the Service, including pages visited, features used, timestamps, and session duration.
• Vendor Assessment Data: Security questionnaire responses, compliance documents, and trust scores generated through the platform.
• Technical Data: IP address, browser type, operating system, and device information collected automatically.
• Communications: Content of support requests, feedback, and other correspondence with our team.

3. How We Use Your Information

We use collected information to:

• Provide, operate, and maintain the Service
• Process and complete vendor security assessments
• Generate trust scores and compliance reports
• Improve and personalize user experience
• Communicate with you about updates, security alerts, and support
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

4. Data Sharing & Disclosure

We do not sell your personal information. We may share data with:

• Service Providers: Trusted third parties who assist in operating the Service (hosting, analytics, support), bound by confidentiality agreements.
• Assessment Participants: Vendor assessment data is shared between the requesting organization and the assessed vendor as part of the evaluation workflow.
• Legal Requirements: When required by law, regulation, or legal process.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice.

5. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Service. Assessment data is retained according to your organization's configured retention policies. You may request deletion of your data at any time by contacting us.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Export your data in a portable format
• Withdraw consent at any time

7. Cookies & Tracking Technologies

We use essential cookies to maintain session state and authentication. We may use analytics cookies to understand Service usage. You can control cookie preferences through your browser settings. The Service does not respond to "Do Not Track" signals, but we limit tracking to essential and analytics purposes only.

8. Security

We implement industry-standard security measures including encryption in transit (TLS 1.3) and at rest (AES-256), access controls, regular security audits, and SOC 2 Type II certified processes. While we strive to protect your information, no method of transmission or storage is 100% secure.

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at privacy@cyberseccloud.com.