Privacy Policy

Privacy Policy

CyberHacker.ai is a provider of cybersecurity services located in the United States of America. In this policy, “CyberHacker.ai,” “we,” “us,” and “our” refer to CyberHacker.ai.

This policy outlines how we manage personal information (also referred to as ‘personal data’), including:

• The types of personal information we collect, use, and hold;
• How, when, and why we collect, use, and hold personal information;
• How, when, and why we disclose personal information, including overseas transfers;
• How we secure personal information;
• A person’s right to access their personal information and correct it; and
• How to contact us regarding privacy matters.

This policy covers how CyberHacker.ai manages personal information when:

• Providing services and products to our customers; and
• Dealing with our internal business operations (such as employment, events, and procurement).

Many of our services do not involve us collecting personal information, but where necessary, we collect, use, hold, and disclose personal information of our customers. This can include the personal information of our customers’ own customers, employees, and representatives (referred to as “End Users”).

We only use this personal information to perform our services for customers. For example, we may use personal information to administer our contracts with a customer or we may access personal information when engaged to provide a security monitoring service. We do not copy or hold a customer’s personal information unless it is necessary for the service and only for such time as is necessary or as required by law.

In many cases, we rely on our customers to give or obtain the consents we require to collect, use, hold, and disclose personal information. This includes our customers notifying their End Users that they will be disclosing an End User’s personal information to us.

Some of our services make it impracticable to obtain consent directly from an individual—for example, if we are engaged to conduct a security penetration or vulnerability test of a database, we would not be able to obtain the consent of the individuals in that database prior to performing the test. We ask our customers to clearly understand our services so that they are aware of any privacy implications and obtain any required consents from their End Users.

When we store personal information, it will be kept in our U.S.-based cloud environments provided by trusted third-party vendors, such as Microsoft or Amazon Web Services.

Outside of our service offerings, for activities such as our internal functions (e.g., employing staff and engaging contractors) and public events (e.g., industry functions), we may collect personal information. The way we collect, use, hold, and disclose personal information for those activities will depend on the nature of the activities.

1. Personal Information We Collect from Our Service Offerings

We collect personal information based on our different service offerings, which can be categorized as:

1. Business Contact Information (BCI): Information relating to each person involved in procuring or operationalizing an engagement with us. This includes a person’s name, email, telephone numbers, title, their employer’s name, authority to sign documents or place orders with us, and any other details the person may disclose.

2. Scope Dependent Information (SDI): Information related to our client’s customers, employees, and representatives, which is provided to us or we may access during our engagement due to the nature of the service being supplied. This can include names, email or physical addresses, telephone numbers, banking details, payment card details, government identifiers, health, or other sensitive information.

All of our service offerings involve collecting BCI, but only some involve collecting SDI.

2. Personal Information We Collect Outside Our Service Offerings

When an individual interacts with CyberHacker.ai outside of our service offerings (such as employment, contractor engagements, internal functions, or public events), we may need to collect certain personal information depending on the interaction. This information includes:

• Contact Information: Name, contact details, identification, mailing address, email address, telephone number, and other personal identifiers.
• Online and Technical Information: Affiliations, dealings and transactions with us online, IP address, browser type, domain names, times, interactions with our websites and applications, operating system, and information collected using cookies and similar technologies.
• Biometric Identifiers: Facial recognition data, fingerprints, and information obtained via CCTV footage.
• Employment and Contractor Information:
  • When you apply to work with us, we collect your contact information, education, experience, character references, information about your right to work in the U.S., and details required for background checks.
  • When you are employed by us, we collect information about your employment activities, performance, emergency contacts, conduct, use of IT resources, leave and payroll matters, bank and retirement plan details, medical certificates, and other supporting documents.
• Interaction Information: Visitor logs and information collected when you attend CyberHacker.ai offices or sponsored events.
• Health Information: Where required by law or government directives, we collect health information such as vaccination status or details about chronic health conditions or disabilities to assist in your working role.

3. How and When We Collect Personal Information

We collect personal information directly from individuals and may also receive information from customers or third parties depending on the circumstances.

Examples of Direct Collection:

• When an individual provides us with their details via telephone, email, or business cards.
• When an individual or their organization purchases services from us or sells goods or services to us.
• When an individual creates an account with us.
• When processing orders and payment transactions.
• When obtaining feedback about our solutions and services.
• When an individual registers for our events, workshops, and seminars.
• When an individual applies to work for us.

Examples of Third-Party Collection:

• When an individual uses our services or products while working for or interacting with one of our customers.
• When an individual’s organization is our customer.
• When an individual’s details are used as contact information or for signing receipts of products or services.
• When third parties make inquiries about an individual (e.g., law enforcement agencies or during reference checks).
• When engaging with data or information brokers, credit reporting bodies, or recruitment companies.
• When using publicly available sources of information.

We may also automatically collect information about a person’s activity on our website through cookies. Please refer to our Cookies Notice for more information about our use of cookies.

4. How We Use the Personal Information We Collect

CyberHacker.ai uses personal information to:

• Fulfill the purposes for which it was collected under a customer engagement or employment relationship.
• Improve, develop, and provide our services.
• Inform and contact our customers, their employees, and other contacts regarding insights, events, and marketing activities.
• Participate in tender processes requiring referees, testimonials, or endorsements (with permission).
• Use as part of threat intelligence for analysis, alerts, investigations, and security activities related to cybersecurity threats or threat actors.
• Carry out internal business functions such as customer or employee onboarding, financial due diligence, or background checks.
• Process and respond to privacy questions or complaints.
• Fulfill any legal duty or obligation required under applicable laws or regulations.

5. How We Disclose Personal Information

We may disclose personal information to third parties to fulfill contractual or legal obligations or for business activities. These third parties include:

• Third-Party Suppliers for Service Provision: To facilitate transactions and licensing with product vendors when an individual or their company orders products.
• Third-Party Suppliers for Internal Activities: For background checks, building access, or event participation.
• Current or Former Employers or Nominated Persons: For reference and character checks when considering employment.
• External Professional Advisors and Representatives: For legal, financial, accounting, or professional advice.
• Government Agencies or Authorities: When required by law or when appropriate (e.g., when an individual is at risk of harm).

We will only disclose personal information to other third parties where the law requires it, for legal proceedings, to protect our rights, or to buyers or potential buyers if we sell all or part of our business.

International Data Transfers

When transferring your personal data to another country, we will only do so if:

• The country has been deemed to have adequate data protection by relevant authorities; or
• We have implemented appropriate safeguards, such as entering into standard data protection contractual clauses with the recipient.

Data Processors and Hosting

CyberHacker.ai uses AWS and Microsoft for cloud hosting. Our services are primarily based in the United States, and we utilize AWS instances to store specific types of data and personal information. We also use other service providers located around the world as listed on our Sub-processors page.

6. Your Rights to Access and Correct Your Personal Information

Individuals have the right to request access to or correction of the personal information we hold about them. To do so, please see the Contacting Us section below.

7. How We Store and Secure Your Personal Information

We hold personal information electronically and in hard copy form, both at our own premises and digitally in our cloud hosting with the assistance of third-party service providers.

We have systems in place to:

• Audit and monitor access to information we hold.
• Identify and block unauthorized information from leaving our systems.
• Prevent unauthorized access to our systems.
• Encrypt, log, delete, or anonymize information as needed.
• Keep personal information secure during storage and encrypt it during transit.

8. Contacting Us

Access or Correction Requests

To request access to or correction of your personal information, please contact our Privacy Officer in writing using the details below. We may need to verify your identity before fulfilling your request.

Direct Marketing & Opting Out

We may send you emails about our products, services, events, and other engagement activities if you have provided us with your contact details. You have the right to opt out of receiving marketing communications from us—the process for opting out will be included in the communications.

Right to Withdraw Consent or “Opt-Out”

If you have given consent for us to collect, use, disclose, process, or manage your personal information, you may withdraw that consent at any time by contacting us. Please note that withdrawing consent may affect our ability to provide products or services to you.

Complaints

If you believe we have mishandled your personal information, you may file a complaint with our Privacy Officer. We will assess and investigate your complaint and provide a summary of our findings and determination.

Minors

We do not intentionally collect personal information from minors. If a minor has provided us with personal information, their parent or guardian may contact our Privacy Officer.

Contact Information

Privacy Officer
CyberHacker.ai
Email: [email protected] 

* Please do not include any sensitive information in your email or mail.

9. Geographic Region Specific Notices

United States of America

Residents of certain U.S. states have rights to access, delete, correct, or opt out of certain types of processing or sharing of their personal data. Depending on your state of residency and subject to legal limitations and exceptions, you may be able to exercise the following rights:

• Access Your Personal Data: Request a copy of your personal data and additional information about our data collection practices.
• Correct Your Personal Data: Submit a request to correct inaccurate personal data.
• Delete Your Personal Data: Request that we delete your personal data (may affect our ability to provide services).
• Opt-Out of Certain Sharing: Opt out of sharing your personal data with third parties for purposes unrelated to our services or for monetary value.
• Limit Use of Sensitive Personal Data: Request limitations on the use and disclosure of sensitive personal data.
• Right to Appeal: Appeal our decision if we decline to take action on a privacy-related request.

State-Specific Rights

• California:

  • Right to access, delete, correct, or restrict the use of personal data.
  • Right to opt out of the sale or sharing of personal data.
  • Right to limit the use of sensitive personal data.
  • No discrimination for exercising privacy rights.

• Colorado, Connecticut, and Virginia:

  • Right to access, delete, or correct personal data.
  • Right to opt out of the sale of personal data and targeted advertising.
  • No discrimination for exercising privacy rights.
  • Right to appeal.

• Utah:

  • Right to access or delete personal data.
  • Right to opt out of the sale of personal data and targeted advertising.
  • No discrimination for exercising privacy rights.

Your Privacy Rights Under the California Shine the Light Act

California residents with an established business relationship with us may request information about personal data disclosed to third parties for direct marketing purposes in the preceding calendar year. To make such a request, please contact our Privacy Officer.