CISO Safe
Last updated: May 2025

Privacy Policy

CISOSAFE ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage with our services.

1. Information We Collect

We collect information you voluntarily provide to us when you:

  • Complete a compliance assessment on our platform
  • Submit a contact or inquiry form
  • Schedule a consultation or meeting
  • Subscribe to our security news or updates
  • Engage with us by email, phone, or other communication channels

This information may include your name, email address, company name, job title, phone number, and any details you share within the context of your inquiry or assessment. We also collect anonymized usage data (such as pages visited and time on page) through standard web analytics to improve the performance and usability of our platform.

2. How We Use Your Information

We use the information we collect to:

  • Respond to your inquiries and provide requested services
  • Deliver compliance assessments, reports, and recommendations tailored to your organization
  • Send transactional emails, including consultation confirmations and assessment summaries
  • Send service updates, security alerts, or relevant cybersecurity intelligence (where you have opted in)
  • Improve our platform, services, and content based on aggregate usage patterns
  • Comply with applicable legal obligations and regulatory requirements

We do not sell, rent, or trade your personal information to any third party for marketing purposes. Period.

3. Legal Basis for Processing

Where applicable under GDPR, UK GDPR, or equivalent data protection legislation, we process your personal data on the following legal bases:

  • Contractual necessity — to fulfill our obligations when you engage CISOSAFE for services
  • Legitimate interests — to operate and improve our platform, respond to inquiries, and send relevant content to existing contacts
  • Consent — where you have explicitly opted in to receive marketing communications or newsletters
  • Legal obligation — where we are required to retain or disclose data under applicable law

4. Data Sharing and Disclosure

We do not share your personal information except in the following circumstances:

  • Service providers: We engage trusted third-party providers (such as email, calendar, and hosting services) who process data on our behalf under strict data processing agreements
  • Legal requirements: We may disclose your information if required to do so by law, court order, or government authority
  • Business transfers: In the event of a merger, acquisition, or sale of business assets, your information may be transferred as part of that transaction, subject to continued privacy protections
  • Protection of rights: To protect the rights, safety, or property of CISOSAFE, its employees, or users where legally permissible

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. Assessment data and engagement records are retained for a minimum of 3 years to support ongoing client relationships and compliance documentation. You may request deletion of your data at any time (see Section 8).

6. Security of Your Information

Given the nature of our business, data security is not a compliance checkbox for us — it is a core operational commitment. We implement appropriate technical and organizational security measures including encryption in transit and at rest, access controls, and regular security reviews. However, no transmission over the internet or electronic storage method is 100% secure, and we cannot guarantee absolute security.

7. Cookies and Tracking Technologies

Our website uses essential cookies necessary for site functionality and optional analytics cookies to understand how visitors interact with our content. You may adjust your browser settings to decline non-essential cookies at any time. We do not use third-party advertising cookies or behavioral tracking technologies on our platform.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete information
  • Delete your personal data (the "right to be forgotten")
  • Restrict processing of your data in certain circumstances
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us using the details in Section 10. We will respond to all legitimate requests within 30 days.

9. International Data Transfers

CISOSAFE serves clients across the US, GCC (Saudi Arabia, UAE), UK, and EU. If your information is transferred across jurisdictions, we ensure appropriate safeguards are in place consistent with the requirements of GDPR, UK GDPR, and applicable GCC data protection laws.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us:

CISOSAFE

Privacy & Data Protection Inquiries

Contact us at: cisosafe.com/contact

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of our services after any such changes constitutes your acknowledgment of the updated policy.