CyBehave Logo

Privacy Policy

Your privacy is fundamental to everything we do. This policy explains how we collect, use, and protect your information in compliance with UK GDPR and data protection laws.

Last updated: November 30, 2025

Our Commitment to Privacy

At CyBehave, privacy isn't just compliance, it's core to our mission. We believe in demonstrating that security intelligence can be achieved without surveillance or compromising individual privacy.


This Privacy Policy explains how CyBehave ("we", "our", or "us") collects, uses, shares, and protects information when you use our website (cybehave.com) and services. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller Information

CyBehave is the data controller responsible for your personal information.

Contact Details:
Email: privacy@cybehave.com

For any privacy-related questions or to exercise your rights, please contact us using the details above.

2. Information We Collect

We collect only what's necessary to provide our services, always with transparency and consent.

Information You Provide

  • Contact Information: Name, email address, organisation (when you subscribe to newsletters, register for courses, or contact us)
  • Account Information: Username, password (encrypted), profile preferences
  • Communication Data: Your messages, feedback, or support requests
  • Payment Information: Processed securely through third-party providers (we don't store card details)

Information Automatically Collected

  • Usage Data: Pages visited, time spent, links clicked (anonymous)
  • Technical Data: IP address (anonymised), browser type, device type, operating system
  • Cookies: Session cookies and preference cookies (see Section 7)
  • Analytics: Aggregated, anonymous usage patterns to improve our services

3. Legal Basis for Processing

We process your personal data only when we have a valid legal reason to do so.

Consent

When you explicitly agree to receive our newsletter, marketing communications, or in use of the CyBehave360 platform. You can withdraw consent at any time.

Contract Performance

To provide services you've requested, such as accessing courses, downloading resources, or using the CyBehave360 platform.

Legitimate Interests

To improve our services, ensure security, and communicate important updates, always balanced against your rights and freedoms.

4. How We Use Your Information

We use your information only for legitimate purposes:

  • To provide and improve our services, including the CyBehave360 platform
  • To send newsletters and updates (only with your consent)
  • To respond to your inquiries and provide support
  • To process payments for courses or services
  • To comply with legal obligations
  • To protect against fraud and maintain security
  • To conduct anonymous, aggregated analysis to improve our offerings

We never: Sell your personal data, use your data for surveillance, share your data with third parties for their marketing purposes, or process individual-level behavioural tracking.

5. Who We Share Data With

We share your data only when necessary and always with appropriate safeguards.

Service Providers

Trusted third parties who help us operate our services (hosting, email, payment processing) under strict confidentiality agreements and GDPR compliance.

Legal Requirements

When required by law, court order, or to protect rights, property, or safety. We will notify you when possible.

Business Transfers

In the event of a merger or acquisition, your data protection rights will be maintained and you will be notified of any changes.

With Your Consent

We may share information with other parties when you give us explicit permission to do so.

6. Data Retention

We keep your data only as long as necessary.

Personal data is retained based on the following criteria:

  • Active accounts: As long as your account is active or as needed to provide services
  • Newsletter subscribers: Until you unsubscribe
  • Course participants: Up to 3 years after course completion for certification purposes
  • Support inquiries: Up to 1 year for quality and training purposes
  • Legal obligations: As required by applicable laws (e.g., 6 years for financial records)

When data is no longer needed, it is securely deleted or anonymised.

7. Cookies and Tracking

We use cookies minimally and transparently.

Essential Cookies

Required for the website to function properly (e.g., maintaining your session, remembering preferences).

Analytics Cookies

Help us understand how visitors use our site (anonymous, aggregated data only). You can opt out at any time.

No Third-Party Marketing Cookies

We don't use tracking cookies for advertising or allow third-party advertising cookies on our site.

You can control cookies through your browser settings. Disabling cookies may affect some website functionality.

8. Your Rights Under UK GDPR

You have comprehensive rights over your personal data.

Access & Portability

Request a copy of your personal data we hold and receive it in a portable format.

Rectification & Erasure

Correct inaccurate data or request deletion of your personal information ("right to be forgotten").

Restriction & Objection

Limit how we process your data or object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@cybehave.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Data Security

We implement industry-standard security measures to protect your data.

Technical Measures

  • Encryption in transit and at rest
  • Secure servers and firewalls
  • Secure software development lifecycle
  • Access controls and authentication
  • Zero-trust architecture

Organisational Measures

  • Limited access on need-to-know basis
  • Confidentiality agreements
  • Regular training on data protection
  • Incident response procedure

While we implement robust security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but commit to notifying you promptly of any breach affecting your personal data.

10. International Data Transfers

Your data is primarily stored and processed in the UK. If we need to transfer data outside the UK, we ensure:

  • The receiving country has adequate data protection (as determined by UK authorities)
  • Appropriate safeguards are in place (such as Standard Contractual Clauses)
  • Your rights and protections travel with your data

11. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us at privacy@cybehave.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes

We encourage you to review this Privacy Policy periodically.

Questions About Privacy?

We're here to help with any privacy concerns or questions about how we handle your data.

Email: privacy@cybehave.com

Contact Us