Privacy Policy
Introduction
At CyberITEX, we respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website and tell you about your privacy rights and how the law protects you.
This policy was last updated on March 14, 2025.
Information We Collect
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar identifier.
- Contact Data includes email address, telephone numbers, and physical address.
- Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.
- Usage Data includes information about how you use our website and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Authentication Data includes information used to verify your identity when you sign in, including email address and encrypted password hash, or information received from third-party authentication providers like Google or Microsoft if you use Single Sign-On.
- Service Data includes information we collect in the course of providing our cybersecurity, IT management, and other services, such as system logs, security events, network traffic data, and user activity logs. This data is collected only as necessary to provide the contracted services.
- Security Assessment Data includes information gathered during security audits and penetration testing, such as vulnerability scan results, security control effectiveness, and related findings.
For our MSSP clients, we may collect and process additional security-related information as necessary to provide protection and monitoring services. This may include system logs, network traffic data, user activity, and security events. This data is processed solely for security monitoring and incident response purposes.
How We Use Your Information
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- To provide and maintain our service, including to monitor the usage of our website.
- To manage your account and registration as a user of our services.
- To authenticate your identity when you log in, including through third-party authentication providers if you use Single Sign-On.
- To contact you regarding updates or informative communications related to our services.
- To provide customer support and respond to inquiries.
- To gather analysis or valuable information so that we can improve our service.
- To detect, prevent and address technical issues and security vulnerabilities.
- To monitor and protect your systems and network as part of our managed security services.
- To conduct security assessments, vulnerability scans, and penetration tests if you've contracted these services.
- To set up and manage third-party services that you purchase through us as part of our partnership and reseller arrangements.
For clients of our cybersecurity and MSSP services, we process security event data, system logs, and related information to identify and respond to security threats. This processing is necessary for the legitimate interests of protecting your systems and data from security breaches, as contracted in our service agreement.
Data Security
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.
As a cybersecurity and managed security service provider, we implement industry-standard security controls to protect our systems and client data, including but not limited to:
- Encryption of sensitive data both in transit and at rest
- Multi-factor authentication for system access
- Regular security assessments and penetration testing of our own systems
- Robust access controls and principle of least privilege
- Regular security awareness training for our staff
- Security monitoring and incident response capabilities
For client systems that we manage or monitor, we implement security controls as agreed upon in service agreements. We treat all client data and systems with the highest level of confidentiality and apply the same rigorous security standards to protect them.
We do not store payment information directly. All payment processing is handled by our third-party payment processors (Stripe and PayPal/Braintree), which maintain their own security measures to protect your payment information.
Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
For security monitoring data collected as part of our MSSP services, we retain logs and security events for varying periods depending on the specific service agreement and compliance requirements. Typically, this ranges from 30 days to one year, with certain security events potentially retained longer for incident response purposes, trend analysis, and compliance requirements.
For security assessment reports and findings, we maintain records for the duration of our service relationship plus an additional period as required for legal and liability purposes, typically up to seven years following service completion.
Account information is retained for as long as you maintain an active account with us, plus a reasonable period thereafter to address any account-related issues or legal requirements.
Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent at any time.
If you wish to exercise any of the rights set out above, please contact us at privacy@cyberitex.com.
Cookies Policy
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "last updated" date at the top of this policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy, you can contact us:
By email: privacy@cyberitex.com
By phone: +1 (970) 460-8020
By mail: CyberITEX Privacy Department, 30 N Gould St SHERIDAN, WY 82801