Cyblitrades is committed to protecting your privacy. This policy explains how we collect, use, and protect your information. Our services are for business entities only. We do not sell your data.
1. Scope
This Privacy Policy applies to all business clients, authorized users, and visitors who access or use the Cyblitrades platform, website, or services.
2. Information We Collect
2.1 Account and Registration Information
- Full name and business email address
- Company name and website
- Billing information (processed by Stripe; we do not store raw card data)
- Account credentials (passwords are hashed; we never store plaintext passwords)
2.2 Assessment Data
- Responses to cybersecurity maturity questions (150 questions across 14 NIST-aligned domains)
- Company profile information (employee count, infrastructure details, compliance status)
- Industry/sector classification
- Assessment scores and domain-level results
2.3 Usage and Technical Data
- IP address and browser type
- Pages visited and features used
- Session duration and interaction data
2.4 Communications
Messages exchanged through the platform's direct messaging feature between clients and the Cyblitrades team.
3. How We Use Your Information
- Provide, maintain, and improve our services
- Generate assessment scores, reports, and benchmarks
- Communicate about your account and security insights
- Process payments and manage subscriptions
- Detect and prevent fraud and security threats
- Generate anonymized, aggregated industry benchmarks
- Comply with legal obligations
4. Data Sharing
4.1 Service Providers
We share data with vendors who help us operate the platform: Clerk (authentication), Supabase (database), Stripe (payments), Netlify (hosting), and Resend (email). All vendors are contractually required to protect your data.
4.2 No Sale of Data
We do not sell, rent, or lease personal data to third parties for marketing purposes.
4.3 Legal Requirements
We may disclose information if required by law, court order, or to protect the rights and safety of Cyblitrades, clients, or others.
5. Data Retention and Deletion
5.1 Active Accounts
We retain account and assessment data for the duration of your active subscription plus 90 days.
5.2 Account Deletion
When you delete your account, we permanently delete your profile, contact information, messages, and detailed assessment answers. We retain anonymized assessment scores (all identifying information removed) for industry benchmarking. This anonymized data cannot be linked back to you.
5.3 Payment Records
Retained as required by applicable tax and financial regulations (typically 7 years).
6. Data Security
We implement commercially reasonable security measures including encrypted data transmission (TLS/HTTPS), database-level row security policies, JWT-based authentication, and access controls limiting employee data access. No method of transmission or storage is 100% secure.
7. Regulated Industries
We serve clients in financial services, fintech, healthcare, and other regulated sectors. Assessment results are informational and do not constitute compliance certification. Clients subject to HIPAA, PCI-DSS, SOX, GLBA, GDPR, or CCPA should contact us to discuss a Data Processing Agreement.
8. Your Rights
- Access: Request a copy of data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and personal data
- Portability: Request your assessment data in a portable format
To exercise these rights, contact privacy@cyblitrades.com. We will respond within 30 days.
9. Cookies
We use essential cookies and session tokens necessary to operate the platform. We do not use third-party advertising or tracking cookies.
10. Changes to This Policy
We may update this policy periodically. We will notify you of material changes via email or platform notice at least 14 days before changes take effect.