プライバシーポリシー

最終更新:2026年3月

CyberSec Pro ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal data in compliance with GDPR, CCPA, and other applicable data protection regulations.

Information We Collect

Account Information

Full name, email address, company name, job title, and billing address provided during registration.

Usage Data

  • Scan configurations and target domains
  • Tool selections and parameters
  • Report generation history
  • Login timestamps and session duration
  • Feature usage analytics

Payment Data

Payment processing is handled entirely by Stripe. We never store credit card numbers on our servers. We only retain transaction IDs and subscription status.

How We Use Your Information

  • Provide, maintain, and improve the CyberSec Pro platform
  • Process subscription payments and manage billing
  • Send critical security alerts and scan completion notifications
  • Generate anonymized usage statistics for platform improvements
  • Ensure platform security and prevent unauthorized access
  • Comply with legal obligations

We never sell, rent, or share your personal data with third parties for marketing purposes.

Data Security

End-to-End Encryption

AES-256 at rest, TLS 1.3 in transit

SOC 2-Aligned Controls

Designed against SOC 2 Trust Services Criteria (no certification claimed)

Role-Based Access Control

Granular RBAC with least-privilege principle

Multi-Factor Authentication

TOTP-based MFA for all accounts

Data Retention

Scan Results: Retained for 12 months from scan date. Older results are automatically purged.

Account Data: Retained for 90 days after account deletion. You can request immediate deletion at any time.

Audit Logs: Security and access logs are retained for 24 months for compliance and forensic purposes.

Payment Records: Transaction records are retained as required by tax and financial regulations (typically 7 years).

Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you

Right to Rectification

Correct inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

Right to Data Portability

Export your data in a machine-readable format (JSON)

Right to Restrict Processing

Limit how we use your data while a dispute is resolved

Right to Object

Object to processing based on legitimate interests

We respond to all GDPR requests within 30 days. Contact our Data Protection Officer at the address below.

Third-Party Services

Stripe: Payment processing — PCI DSS Level 1 certified. We never access or store your full card number.

GitHub OAuth: Optional authentication provider. We only access your email and profile name.

Redis (self-hosted): Session management and caching — hosted on our own infrastructure, no third-party access.

PostgreSQL (self-hosted): Primary database — encrypted at rest, hosted in EU data centres.

Cookies

We use essential cookies only for session management and authentication. We do not use tracking cookies, advertising cookies, or any third-party ad cookies. No consent banner is required because we only use strictly necessary cookies.

Contact & DPO

For privacy-related inquiries, data access requests, or to exercise your GDPR rights:

[email protected]

We respond to all privacy requests within 72 hours. GDPR formal requests are processed within 30 days as required by law.