Privacy Policy
Last updated: 2025-09-29
Cyber Army (“we,” “us”) respects your privacy. This policy explains what we collect, how we use it, and the limited cases where we share it.
What we collect
- Contact & lead info: name, work email, company, and details you submit via forms or email.
- Website/operational logs: IP address, referrers, user-agent/device metadata, pages viewed, timestamps—used for security, reliability, and abuse prevention.
- Surface Monitor scan data (non-PII technical data) you explicitly ask us to check:
- IP addresses and open ports/service banners
- DNS records (A/AAAA, NS, MX, TXT, CAA, etc.) and WHOIS
- TLS/SSL certificate details and certificate transparency (CT) log entries
- HTTP response metadata and security headers (e.g., HSTS, CSP, XFO, XCTO, Referrer-Policy)
How we use data
- To provide and improve Surface Monitor, alerts, and reporting you request.
- To respond to inquiries, onboarding, and support.
- To secure our systems, prevent abuse, and comply with law.
Sharing & subprocessors
We do not sell your data. We use vetted subprocessors (e.g., email delivery, bot mitigation, hosting/CDN) under data protection agreements and minimal necessary access. See Subprocessors.
Retention
- Contact/lead info: retained while you are a customer or active prospect.
- Surface Monitor technical data: retained only as needed for reporting and historical change tracking, then securely purged.
- Operational logs: rotated and purged on a time-bound basis.
Your choices & rights
- Request access, correction, or deletion of your personal data.
- Opt out of non-essential communications.
- Regional rights (e.g., GDPR/CCPA) are honored where applicable.
International transfers
Data may be processed in regions where we or our vendors operate. We use contractual safeguards (e.g., DPAs, SCCs) as required.
Contact
Privacy questions? Email security@cyberarmy.tech. To report a vulnerability, see Security. Our security.txt is at https://cyberarmy.tech/.well-known/security.txt.