Privacy Policy

Who we are

CyBehave is a behavioural cybersecurity research organisation and SaaS platform provider registered in England and Wales. We are the data controller for personal data processed through cybehave.com and CyBehave Heroes (heroes.cybehave.com). Contact: privacy@cybehave.com

Data we collect

Information you provide directly

• Name and email address when registering for Heroes or subscribing to updates
• Organisation name and job title when signing up or completing assessments
• Content submitted through contact forms or surveys
• Payment information - processed by our payment provider, not stored by CyBehave

Information collected automatically

• IP address and browser information for security and analytics
• Pages visited and navigation patterns through our own analytics system
• Session information to maintain your logged-in state

How we use your data

• To provide and maintain access to CyBehave Heroes and associated tools
• To send service communications relevant to your account
• To send research updates where you have opted in
• To improve our products through aggregated, anonymised usage analysis
• To comply with legal and regulatory obligations

Legal basis for processing

We process personal data under the following legal bases under UK GDPR:

• Contract - processing necessary to provide the services you have signed up for
• Legitimate interests - improving our products, security monitoring, and fraud prevention
• Consent - marketing communications and optional cookies
• Legal obligation - where required by law

Data sharing

We do not sell your personal data. We share data only with service providers under data processing agreements and with law enforcement where legally required. All data is stored on UK-based infrastructure.

Retention

Platform account data is retained for the duration of your account and for 90 days following deletion. Contact form submissions are retained for 12 months. Financial records are retained for 7 years in accordance with legal requirements.

Your rights

Under UK GDPR you have the right to: access your personal data; correct inaccurate data; request erasure; restrict or object to processing; data portability; and to withdraw consent. Contact privacy@cybehave.com to exercise any right. You may also complain to the Information Commissioner's Office (ICO).

Cookies

We use strictly necessary cookies for session management. Optional analytics cookies are only set with your consent. See our Cookie Policy for full details.

Contact us

Privacy queries: privacy@cybehave.com
General enquiries: Contact page