Privacy Policy

1. Introduction

TrustCyber ("we", "our", or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our Risk & Compliance Copilot platform, website, and related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Services immediately.

2. Information We Collect

We collect information in the following categories:

2.1 Information You Provide

• Account registration details (name, email address, organisation name)
• Assessment responses and self-attested security posture data
• Communications you send to us (support requests, feedback, booking enquiries)
• Payment information processed by our third-party payment processor (we do not store card numbers)

2.2 Information Collected Automatically

• Log data (IP address, browser type, pages visited, timestamps)
• Device identifiers and operating system information
• Usage analytics collected via privacy-respecting analytics tools
• Session cookies required for authentication and security

2.3 Information from Third Parties

When you authenticate via our OAuth provider, we receive your name, email address, and a unique identifier. We do not receive your password or payment credentials from third-party identity providers.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Services
• Generate your Risk Score, Compliance Score, and board-ready reports
• Communicate with you about your account, assessments, and service updates
• Respond to support requests and enquiries
• Detect, prevent, and investigate fraud, abuse, or security incidents
• Comply with applicable legal obligations
• Send you marketing communications where you have provided consent (you may opt out at any time)

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4. Legal Basis for Processing (EEA / UK Users)

If you are located in the European Economic Area or United Kingdom, we process your personal data under the following legal bases: performance of a contract (to deliver the Services), legitimate interests (to improve security and prevent fraud), compliance with a legal obligation, and consent (for marketing communications).

5. Data Sharing and Disclosure

We may share your information with trusted service providers who assist us in operating the Services (hosting, analytics, payment processing, email delivery). These providers are contractually obligated to protect your data and may not use it for their own purposes.

We may also disclose your information when required by law, to protect the rights and safety of TrustCyber or others, or in connection with a merger, acquisition, or sale of assets (in which case you will be notified).

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Services. Assessment data and generated reports are retained for a minimum of 12 months to support your compliance audit trail. You may request deletion of your account and associated data at any time by contacting us.

7. Security

We implement industry-standard technical and organisational measures to protect your information, including encryption in transit (TLS 1.2+), encryption at rest, access controls, and regular security reviews. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but are committed to maintaining appropriate safeguards.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Request deletion of your personal information
• Object to or restrict certain processing activities
• Data portability (receive your data in a structured, machine-readable format)
• Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

9. Cookies

We use strictly necessary cookies for authentication and session management. We use analytics cookies (privacy-respecting, no cross-site tracking) to understand how users interact with the Services. You may disable non-essential cookies in your browser settings; doing so may affect functionality.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date. Continued use of the Services after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact: