Privacy Policy

1. Introduction

CyBEARSec ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage our cybersecurity services.

By using our services or website, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Contact Information: Name, email address, phone number, business address
• Business Information: Company name, job title, industry, business size
• Technical Information: IP addresses, browser type, device information, access logs
• Service Information: Details about requested services, project requirements, technical specifications
• Communication Records: Emails, phone calls, meeting notes, and other correspondence

2.2 Information Collected During Security Testing

During penetration testing and security assessments, we may encounter:

• System configurations and network information
• Application data and database structures
• Security vulnerabilities and technical findings
• Access logs and system metadata

Important: We do not intentionally access, copy, or retain personal data or confidential business information during security testing unless specifically required for the engagement and authorised in writing.

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: Providing penetration testing, vulnerability assessments, and security consulting
• Communication: Responding to inquiries, providing updates, and delivering reports
• Business Operations: Managing client relationships, billing, and administrative tasks
• Legal Compliance: Meeting regulatory requirements and legal obligations
• Service Improvement: Enhancing our services and developing new offerings
• Marketing: Sending relevant industry updates and service information (with consent)

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information in the following circumstances:

• Service Providers: With trusted third-party vendors who assist in our operations (under strict confidentiality agreements)
• Legal Requirements: When required by law, court order, or regulatory authority
• Business Protection: To protect our rights, property, or safety, or that of our clients or others
• Business Transfers: In connection with a merger, acquisition, or sale of business assets

5. Data Security and Protection

As a cybersecurity company, we implement industry-leading security measures:

• Encryption: All data is encrypted in transit and at rest using AES-256 encryption
• Access Controls: Strict role-based access controls and multi-factor authentication
• Network Security: Secure networks with monitoring and intrusion detection systems
• Physical Security: Secured facilities with restricted access
• Data Minimisation: We collect and retain only necessary information
• Regular Audits: Periodic security assessments and compliance reviews

6. Data Retention

We retain personal information for as long as necessary to:

• Provide our services and maintain our business relationship
• Comply with legal and regulatory requirements
• Resolve disputes and enforce our agreements

Typical retention periods:

• Client project data: 7 years from project completion
• Contact information: Until relationship ends or withdrawal of consent
• Technical testing data: Securely destroyed within 30 days of report delivery
• Website analytics: 24 months

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request copies of your personal information
• Rectification: Request correction of inaccurate information
• Erasure: Request deletion of your personal information
• Portability: Request transfer of your data to another service
• Restriction: Request limitation of processing activities
• Objection: Object to certain types of processing
• Withdraw Consent: Withdraw previously given consent

To exercise these rights, please contact us at privacy@cybearsec.com.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

• Improve website functionality and user experience
• Analyse website traffic and usage patterns
• Remember your preferences and settings
• Provide relevant content and information

You can control cookies through your browser settings. Disabling cookies may affect website functionality.

9. International Data Transfers

If we transfer your personal information outside your country of residence, we ensure appropriate safeguards are in place, including:

• Adequacy decisions by relevant authorities
• Standard contractual clauses
• Binding corporate rules
• Certification schemes

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware of such collection, we will take steps to delete the information promptly.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing personal information.

12. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Providing notice during your next interaction with our services

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

14. Regulatory Information

This Privacy Policy is designed to comply with applicable data protection laws, including:

• Australian Privacy Principles (Privacy Act 1988)
• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Other applicable local data protection laws