Login | Sign Up

Privacy Policy

Last updated: November 4, 2025
GDPR Compliant: This privacy policy complies with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Table of Contents

  1. Introduction
  2. Data Controller
  3. Data We Collect
  4. Legal Basis for Processing
  5. How We Use Your Data
  6. Data Sharing and Disclosure
  7. Data Retention
  8. Cookies and Tracking
  9. Data Security
  10. International Data Transfers
  11. Your Rights
  12. Data Export and Deletion
  13. Children's Privacy
  14. Changes to This Policy
  15. Contact Us

1. Introduction

InfoSecHCC ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cybersecurity training platform.

This policy applies to all users of our Service, including visitors to our website and registered users of our platform.

2. Data Controller

InfoSecHCC is the data controller responsible for your personal data under this Privacy Policy.

Data Protection Officer: privacy@infosechcc.com

3. Data We Collect

3.1 Personal Data You Provide

  • Account Information: Name, email address, username, password
  • Profile Data: Organization, role, phone number, preferences
  • Campaign Data: Phishing campaign details, SMS campaign content
  • Target Data: Email addresses and phone numbers of training targets
  • Communication: Messages sent through contact forms or support tickets

3.2 Automatically Collected Data

  • Usage Data: IP address, browser type, device information, pages visited
  • Cookies: Session cookies, preference cookies, analytics cookies
  • Campaign Analytics: Click tracking, open rates, response patterns
  • Log Data: Access times, features used, error reports

3.3 Sensitive Data

We do not intentionally collect sensitive personal data (racial/ethnic origin, political opinions, religious beliefs, etc.) unless necessary for specific security training scenarios approved by your organization.

5. How We Use Your Data

We use your personal data for the following purposes:

  • Service Provision: Creating and managing your account, providing platform access
  • Campaign Management: Executing phishing and SMS training campaigns
  • Analytics: Measuring campaign effectiveness and user engagement
  • Security: Protecting against fraud, abuse, and unauthorized access
  • Communication: Sending service updates, security alerts, and support responses
  • Compliance: Meeting legal obligations and regulatory requirements
  • Improvement: Analyzing usage patterns to enhance our Service

6. Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your data in the following circumstances:

6.1 Service Providers

We share data with trusted service providers who help us operate our Service:

  • Cloud hosting providers (for infrastructure)
  • Email service providers (for notifications)
  • Analytics providers (for usage insights)
  • Payment processors (for subscription billing)

6.2 Legal Requirements

We may disclose your data if required by law, court order, or government request.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity.

6.4 With Your Consent

We may share data with third parties when you explicitly consent to such sharing.

7. Data Retention

We retain your personal data for as long as necessary to provide our Service and fulfill the purposes outlined in this policy:

  • Account Data: Retained while your account is active and for 3 years after deactivation
  • Campaign Data: Retained for 7 years for compliance and analysis purposes
  • Analytics Data: Aggregated and anonymized after 2 years
  • Log Data: Retained for 1 year for security and troubleshooting

You can request deletion of your data at any time (see Your Rights section below).

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience and analyze usage. You can manage your cookie preferences through our Privacy Settings page.

8.1 Types of Cookies We Use

  • Essential Cookies: Required for basic website functionality
  • Analytics Cookies: Help us understand how visitors use our site
  • Marketing Cookies: Used to deliver personalized content and advertisements

8.2 Cookie Management

You can control cookies through:

  • Our cookie consent banner and settings page
  • Your browser settings
  • Third-party opt-out tools

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: Data encrypted in transit and at rest
  • Access Controls: Role-based access and multi-factor authentication
  • Regular Audits: Security assessments and penetration testing
  • Incident Response: Procedures for data breaches and security incidents
  • Employee Training: Regular security awareness training

Despite our efforts, no security measure is 100% effective. We cannot guarantee absolute security.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

  • Adequacy decisions by relevant authorities
  • Standard contractual clauses
  • Binding corporate rules
  • Certification schemes

11. Your Rights

Under GDPR and other privacy laws, you have the following rights:

11.1 Right of Access (Article 15)

You can request a copy of your personal data and information about how it's processed.

11.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

11.3 Right to Erasure (Article 17)

You can request deletion of your personal data in certain circumstances.

11.4 Right to Restrict Processing (Article 18)

You can request limitation of how we process your personal data.

11.5 Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format.

11.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or direct marketing.

11.7 Right to Withdraw Consent

You can withdraw consent at any time where processing is based on consent.

12. Data Export and Deletion

You can manage your data through our Privacy Settings page:

  • Data Export: Request a complete export of your personal data (processed within 30 days)
  • Account Deletion: Request permanent deletion of your account and data (30-day grace period)
  • Data Updates: Modify or correct your personal information

To exercise these rights, visit your Privacy Settings or contact our Data Protection Officer.

13. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification to your registered email address
  • Prominent notice on our website
  • Update to the "Last updated" date at the top of this policy

Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Data Protection Officer

Email: privacy@infosechcc.com
Response time: Within 30 days

General Inquiries

Email: support@infosechcc.com
Phone: [Your Phone Number]

Complaints: If you believe we have not complied with applicable data protection laws, you have the right to lodge a complaint with your local data protection authority.

This Privacy Policy was last updated on November 4, 2025 and is effective immediately.

InfoSecHCC is committed to protecting your privacy and complying with all applicable data protection regulations.