Privacy Policy – CyberSec Excellence

Who we are

At CyberSec Excellence, we understand the critical nature of operational security and data privacy. We practice what we preach. This Privacy Policy outlines how we collect, use, process, and protect your personal data when you visit our website, contact us, or engage our services.

What data we collect

We only collect information that is strictly necessary to provide our services, communicate with you, and comply with legal obligations. This may include:

Identity & Contact Data: Name, email address, company name, phone number, and public PGP keys provided via our contact form or direct email.

Financial & Transaction Data: Billing address, VAT number, wire transfer details, and cryptocurrency wallet addresses used for invoicing and payment processing.

Technical Data: Standard server logs (IP address, browser type, timestamp) generated when you visit our website.

How We Use Your Data

We process your personal data for the following purposes:

To Provide Services: To scope, schedule, and execute penetration tests, red team engagements, and training workshops (Legal Basis: Performance of a Contract).

To Communicate Securely: To respond to your inquiries and exchange sensitive project details using encrypted channels (Legal Basis: Legitimate Interest / Consent).

For Invoicing and Accounting: To process fiat and cryptocurrency payments and maintain legally required financial records (Legal Basis: Legal Obligation).

Data Sharing and Third Parties

We do not sell, rent, or trade your personal data.
It’s as simple.

Data Security

As offensive security professionals, securing (y)our data is our baseline. We implement stringent technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. This includes the use of end-to-end encryption (PGP) for sensitive communications, secure configurations on our web infrastructure, and strict access controls.

Your GDPR Rights

Under the GDPR, you possess the following rights regarding your personal data:

Right of Access: Request a copy of the data we hold about you.
Right to Rectification: Request corrections to inaccurate or incomplete data.
Right to Erasure (Right to be Forgotten): Request the deletion of your data, subject to our legal retention obligations.
Right to Restrict Processing: Request a halt on processing your data under certain conditions.
Right to Data Portability: Request the transfer of your data to another organization.

To exercise any of these rights, please contact us.

Changes to this Policy

We may update this Privacy Policy periodically to reflect changes in our operational practices or legal obligations. The “Last Updated” date at the top of this page will reflect the most recent revisions.