Effective Date: March 1, 2026  |  Last Updated: March 1, 2026

CyberGuards ("we," "us," or "our") operates the website cyberguards.ai and provides offensive cybersecurity, penetration testing, and security consulting services. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our website or engage our services.

1. Information We Collect

1.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you:

• Fill out our contact or consultation request forms (name, email address, phone number, company name, job title)
• Subscribe to our newsletter or security advisories
• Engage us for professional services (billing information, company details, technical environment information)
• Communicate with us via email at [email protected]
• Participate in surveys, webinars, or events

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain information, including:

• Device and Browser Data: IP address, browser type and version, operating system, device type, screen resolution
• Usage Data: Pages visited, time spent on pages, referring URLs, click patterns, scroll depth
• Cookie and Tracking Data: Cookie identifiers, session data, and analytics information (see our Cookie Policy for details)
• Log Data: Server logs including access times, error logs, and request metadata

1.3 Information From Third Parties

We may receive information from third-party sources such as:

• Business directories and public databases
• Referral partners and professional networks
• Analytics providers (Google Analytics)

2. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: To provide penetration testing, security assessments, red team operations, and consulting services you request
• Communication: To respond to inquiries, send service updates, security advisories, and marketing communications (with your consent)
• Website Improvement: To analyze usage patterns, optimize content, and improve user experience
• Security: To detect, prevent, and respond to security incidents, fraud, and abuse
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Business Operations: For invoicing, account management, and internal record-keeping

3. Legal Bases for Processing (GDPR)

For individuals in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data under the following legal bases:

• Consent: Where you have given explicit consent for specific processing activities, such as marketing communications
• Contractual Necessity: Where processing is necessary to perform a contract with you or take pre-contractual steps at your request
• Legitimate Interests: Where processing is necessary for our legitimate business interests, such as website analytics and security, provided these interests do not override your rights
• Legal Obligation: Where processing is necessary to comply with applicable law

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

• Service Providers: Trusted third parties who assist with website hosting, analytics, email delivery, and payment processing, bound by contractual data protection obligations
• Professional Advisors: Attorneys, accountants, and auditors as necessary for business operations
• Legal Requirements: When required by law, subpoena, court order, or governmental regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice provided to affected individuals
• With Your Consent: When you have explicitly authorized the disclosure

5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Specifically:

• Client records: Retained for 7 years after the conclusion of services for legal and compliance purposes
• Marketing contacts: Retained until you unsubscribe or request deletion
• Website analytics: Aggregated data retained for up to 26 months
• Server logs: Retained for up to 90 days

6. Data Security

As a cybersecurity firm, we implement robust technical and organizational measures to protect your personal information, including:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Access controls and authentication mechanisms
• Regular security assessments and vulnerability testing
• Employee security awareness training
• Incident response procedures

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. CCPA/CPRA Compliance — Your California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you specific rights regarding your personal information.

7.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, phone number, IP address, company name
• Professional/Employment Information: Job title, employer, professional role
• Internet/Electronic Activity: Browsing history on our site, search queries, interaction data
• Commercial Information: Services purchased, engagement history
• Inferences: Preferences and characteristics derived from the above categories

7.2 Your Consumer Rights

As a California resident, you have the right to:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: Direct us not to sell or share your personal information
• Right to Limit Use of Sensitive Information: Limit our use of sensitive personal information to purposes necessary for providing services
• Right to Non-Discrimination: You will not be discriminated against for exercising any of your CCPA/CPRA rights

7.3 Do Not Sell or Share My Personal Information

CyberGuards does not sell your personal information and has not sold personal information in the preceding 12 months. We do not share personal information for cross-context behavioral advertising purposes.

If you wish to exercise your right to opt out of any future sale or sharing of personal information, you may:

• Email us at [email protected] with the subject line "Do Not Sell My Personal Information"
• Use the cookie preference controls available on our website to disable non-essential tracking

We will process your request within 15 business days and confirm the action taken.

7.4 Submitting a Verifiable Consumer Request

To exercise your CCPA/CPRA rights, submit a verifiable consumer request by emailing [email protected]. We must verify your identity before fulfilling your request. You may also designate an authorized agent to submit a request on your behalf with proper written authorization.

We will respond to verifiable consumer requests within 45 calendar days. If additional time is needed, we will notify you of the extension and the reason.

8. GDPR Provisions — Rights for EEA, UK, and Swiss Individuals

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following additional rights:

• Right of Access: Obtain confirmation of whether we process your personal data and request a copy
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data under certain circumstances
• Right to Restrict Processing: Request limitation of processing under certain circumstances
• Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw previously given consent at any time
• Right to Lodge a Complaint: File a complaint with your local supervisory authority

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8.1 International Data Transfers

CyberGuards is based in San Francisco, California, United States. If you access our website from outside the United States, your information may be transferred to and processed in the United States. We implement appropriate safeguards, including Standard Contractual Clauses (SCCs), to ensure adequate protection of your personal data during international transfers.

9. Children's Privacy

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us immediately.

10. Third-Party Links

Our website may contain links to third-party websites, services, or resources. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page with a revised "Last Updated" date. Material changes will be communicated via email or a prominent notice on our website. Your continued use of our website after such modifications constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Address: CyberGuards, San Francisco, CA 94114, United States