Skip to main content
Legal

Privacy Policy

Last updated: February 1, 2025

GetCybr, Inc. ("GetCybr," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform and services. Please read this policy carefully.

1. Information We Collect

Account and Contact Data

When you create an account or contact us, we collect information such as your name, work email address, company name, job title, phone number, and billing information.

Usage Data

We automatically collect information about how you interact with our Services, including pages viewed, features used, time spent, IP address, browser type, device identifiers, and referring URLs. This data is used to improve platform performance and user experience.

Security and Compliance Data

To deliver our vCISO and compliance services, we process data you provide about your organization's security posture, infrastructure, policies, vendors, and compliance requirements. This data is processed exclusively to provide the Services.

Communications

We retain records of communications between you and our team, including support requests, emails, and meeting notes related to your engagement.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Services
  • Process transactions and send billing-related communications
  • Personalize your experience and deliver relevant security recommendations
  • Send product updates, security alerts, and service announcements
  • Respond to support requests and communicate with you
  • Train and improve our AI models in an aggregated, anonymized manner
  • Comply with legal obligations and enforce our Terms of Service
  • Detect, prevent, and address security incidents and fraud

We rely on the following legal bases for processing (where applicable under GDPR): contract performance, legitimate interests, legal obligation, and consent.

3. Data Sharing and Disclosure

We do not sell your personal data. We may share information in the following circumstances:

Service Providers

We use third-party service providers to support our operations, including cloud infrastructure (Google Cloud Platform), database services, payment processors, email delivery, and analytics tools. These providers access data only as necessary to perform services on our behalf and are bound by confidentiality obligations.

Legal Requirements

We may disclose your information when required by law, subpoena, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

In connection with a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and a prominent notice on our website of any such change in ownership.

4. Data Retention

We retain your personal data for as long as necessary to provide the Services and comply with our legal obligations. Account data is retained for the duration of your subscription and for up to three (3) years following termination for legal and audit purposes.

Security assessment data and compliance records may be retained longer where required by applicable regulations. You may request deletion of your data as described in Section 7.

5. Security Measures

We implement industry-standard technical and organizational security measures to protect your information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • SOC 2 Type II compliance with annual third-party audits
  • ISO 27001-aligned information security management practices
  • Role-based access controls and multi-factor authentication
  • Regular vulnerability assessments and penetration testing
  • Incident response plan with defined notification procedures

No method of transmission over the Internet is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Your Rights

GDPR Rights (EEA/UK Residents)

If you are located in the European Economic Area or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access — request a copy of the personal data we hold about you
  • Right to Rectification — request correction of inaccurate or incomplete data
  • Right to Erasure — request deletion of your personal data ("right to be forgotten")
  • Right to Portability — receive your data in a structured, machine-readable format
  • Right to Restriction — request restriction of processing in certain circumstances
  • Right to Object — object to processing based on legitimate interests
  • Right to Withdraw Consent — withdraw consent at any time where processing is based on consent

CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know — request disclosure of the categories and specific pieces of personal information collected about you
  • Right to Delete — request deletion of personal information collected from you
  • Right to Opt-Out — opt out of the sale of personal information (we do not sell personal data)
  • Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA rights

To exercise any of these rights, please contact us at [email protected]. We will respond within thirty (30) days of your request.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. Types of cookies we use include:

  • Essential Cookies — required for the platform to function (authentication, session management)
  • Analytics Cookies — help us understand how visitors interact with our website
  • Preference Cookies — remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our Services.

8. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

9. International Data Transfers

GetCybr operates primarily in the United States. If you access our Services from outside the United States, your information may be transferred to and processed in the US and other countries where data protection laws may differ from those in your jurisdiction.

For transfers of personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission. Contact us at [email protected] to obtain a copy of the relevant transfer mechanisms.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our website. The updated policy will be effective upon posting unless we state otherwise. We encourage you to review this policy periodically.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team:

GetCybr, Inc. — Privacy Team
Email: [email protected]

If you are located in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.

Get a Demo