GDPR & CCPA Compliance

Last Updated: | Effective Date: January 1, 2024

CyberVault is committed to protecting your privacy and complying with the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA).

1. Introduction

Welcome to CyberVault's compliance documentation. This policy outlines how we collect, use, process, and protect personal data in accordance with applicable data protection laws, specifically the GDPR (EU/EEA) and the CCPA/CPRA (California).

Note: As a cybersecurity provider, we process sensitive operational data. This document ensures transparency regarding your rights, our obligations, and the safeguards we implement to protect your information.

2. Information We Collect

We collect only the data necessary to deliver our cybersecurity services, maintain compliance, and improve our platforms. Categories include:

  • Identifiers: Name, email address, phone number, company name, job title, IP address.
  • Commercial & Transactional Data: Billing information, service usage logs, contract terms, support ticket history.
  • Technical & Security Data: Device identifiers, browser types, security logs, threat detection metadata, and anonymized network traffic patterns required for service delivery.
  • Communications: Records of correspondence, support requests, and webinar/event registrations.

4. How We Use Your Information

Your data is used strictly for the following purposes:

  • Provision, maintenance, and improvement of our cybersecurity platform and SOC services.
  • Identity verification, access control, and account management.
  • Processing payments and managing billing.
  • Providing technical support and responding to inquiries.
  • Conducting threat analysis, vulnerability assessments, and compliance reporting.
  • Sending service updates, security alerts, and (with consent) marketing materials.
  • Fraud prevention, abuse mitigation, and legal compliance.

5. Data Sharing & Third-Party Disclosures

We do not sell personal data. We may share information with trusted third parties strictly necessary for service delivery, under strict Data Processing Agreements (DPAs):

  • Cloud Infrastructure Providers: AWS, Azure, GCP (hosting & compute).
  • Security & Compliance Tools: SIEM providers, threat intelligence feeds, audit firms.
  • Payment Processors: PCI-DSS compliant vendors for billing.
  • Legal & Regulatory Authorities: When required by law, subpoena, or to prevent imminent harm.

6. Your Rights Under GDPR

If you are located in the EU/EEA or Switzerland, you have the following rights:

  1. Right of Access: Request a copy of your personal data.
  2. Right to Rectification: Correct inaccurate or incomplete data.
  3. Right to Erasure: Request deletion under certain conditions.
  4. Right to Restrict Processing: Limit how we use your data.
  5. Right to Data Portability: Receive your data in a structured, machine-readable format.
  6. Right to Object: Opt out of processing based on legitimate interests or direct marketing.
  7. Right to Withdraw Consent: At any time, without affecting prior lawful processing.

To exercise these rights, contact our Data Protection Officer via the details in Section 11. We will respond within 30 days, extendable if necessary.

7. Your Rights Under CCPA/CPRA

California residents have additional rights under the CCPA and CPRA:

  • Right to Know: Request details about categories and specific pieces of personal data collected.
  • Right to Delete: Request deletion of personal data collected through our services.
  • Right to Opt-Out of Sale/Sharing: CyberVault does not sell or share personal data for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Data: Opt out of the use of sensitive categories (e.g., precise geolocation, health info, account credentials).
  • Right to Correct: Request correction of inaccurate personal data.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Requests can be submitted via our contact portal. We verify your identity to protect your data before fulfilling requests.

8. Security & Data Retention

CyberVault implements industry-leading technical and organizational measures, including AES-256 encryption, zero-trust architecture, role-based access controls, and continuous monitoring to safeguard your data.

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type, typically ranging from 1 to 7 years post-termination of service, in accordance with applicable law.

9. Cookies & Tracking Technologies

Our website uses essential cookies for security, authentication, and session management. We do not use tracking cookies for behavioral advertising. You may manage or disable cookies through your browser settings, though this may impact functionality.

10. International Data Transfers

If your data is transferred outside the EU/EEA or California, we ensure adequate protection via Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or equivalent mechanisms approved by relevant regulators. We conduct regular transfer impact assessments to maintain compliance.

11. Contact & Data Protection Officer

For privacy inquiries, rights requests, or concerns regarding this policy, please contact:

Data Protection Officer (DPO)
CyberVault Security Inc.
Privacy Team: privacy@cybervault.io
Phone: +1 (800) 555-SECURE
Mailing: 100 Security Blvd, Suite 400, San Francisco, CA 94105, USA

*This document is a compliance template. CyberVault recommends consulting independent legal counsel to ensure alignment with your specific jurisdictional requirements and operational workflows.

"}