// Legal Document

Privacy Policy.

Entity Cyberethra Core
Jurisdiction Commonwealth of Kentucky, USA
Effective Date January 1, 2024
Last Revised January 1, 2024
Back to Home
// 01

Overview

Cyberethra Core ("Company," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website cyberethra-core.com or engage with our consulting, audit, and digital transformation services.

This policy applies to all information collected through our website, electronic communications, and the course of any professional engagement. By accessing our website or initiating a service engagement, you acknowledge and agree to the practices described in this document.

We operate in regulated enterprise environments and hold ourselves to the highest standards of data governance — the same standards we apply to our clients. This is not a boilerplate policy. It reflects how we actually operate.

// Core Principle

We collect only what we need, use it only for stated purposes, protect it with appropriate controls, and do not sell or rent it — ever. Your data is not our product.

// 02

Information We Collect

We collect information in two primary ways: information you provide directly to us, and information collected automatically through your use of our website.

Information You Provide Directly:

  • Full name, job title, and organizational affiliation submitted through our engagement request form
  • Corporate email address and direct phone number for communication purposes
  • Description of your organization's operating environment, technical challenges, and engagement objectives
  • Financial and billing information required to process service payments, handled via PCI-compliant third-party processors
  • Documents, data, or materials you share with us during the course of a consulting or audit engagement
  • Communications you initiate with us via email, phone, or any other channel

Information Collected Automatically:

  • IP address and approximate geographic location at country or region level
  • Browser type, version, and operating system
  • Pages visited, time spent on each page, and navigation path through our website
  • Referring URL — the page that directed you to our site
  • Device type and screen resolution
  • Session duration and interaction timestamps

We do not collect sensitive personal information such as government identification numbers, financial account credentials, health information, or biometric data through our website under any circumstances.

// 03

How We Use Your Information

Every piece of information we collect has a defined purpose. We do not use your data for purposes beyond what is outlined here without your explicit consent or a lawful basis for doing so.

  • To respond to engagement inquiries, scope consulting projects, and communicate with prospective clients
  • To deliver contracted services including IT audits, strategic consulting, digital transformation programs, and compliance engagements
  • To process payments and maintain accurate billing and financial records as required by law
  • To send transactional communications directly related to an active or proposed engagement
  • To improve our website's performance, navigation, and user experience using aggregated analytics data
  • To comply with applicable federal and state laws, regulations, and legal obligations
  • To protect the security and integrity of our systems, services, and client data
  • To enforce our Terms of Service and other contractual agreements
  • To conduct internal business analysis, capacity planning, and service development

We do not use your information for automated decision-making or profiling that produces legal or similarly significant effects. All decisions relating to engagements involve human review and judgment.

// Marketing Communications

We do not send unsolicited marketing emails. If we contact you regarding a new service or relevant update, it will be because you have an existing relationship with us. You may opt out of any non-transactional communication at any time by contacting privacy@cyberethra-core.com.

// 04

Data Sharing & Third Parties

We do not sell, trade, rent, or otherwise transfer your personal information to third parties for their own use. Any sharing of your information is strictly limited to what is necessary to deliver our services or comply with legal requirements.

Service Providers: We may share information with carefully vetted third-party service providers who assist in our operations — including cloud hosting, email delivery infrastructure, payment processing, and analytics. All such providers operate under binding data processing agreements that require them to maintain confidentiality and process data only per our instructions.

Legal Requirements: We may disclose your information where required by law, court order, or regulatory authority, or to protect the rights, safety, or property of Cyberethra Core, our clients, or the public.

Business Transfers: In the event of a merger, acquisition, or sale of substantially all of our assets, your information may be transferred as part of that transaction. You will be notified in advance of any such transfer and the applicable privacy policy changes.

  • We never share client engagement data with competitors or industry peers
  • We never sell client contact information to data brokers or list aggregators
  • We never use client data for cross-organizational analytics without explicit written consent
  • All third-party processors are assessed for security and compliance posture before onboarding
// 05

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements.

  • Contact and inquiry data from non-engaged prospects: 12 months from last contact
  • Client contact and organizational data: 5 years from the conclusion of the engagement
  • Billing and financial transaction records: 7 years as required by U.S. tax law
  • Engagement deliverables and supporting documentation: 5 years from engagement close
  • Website analytics data: 13 months on a rolling basis
  • Email communications: 3 years from the date of the last relevant communication

Upon expiration of the applicable retention period, personal data is securely deleted or anonymized such that it can no longer be associated with any individual. If you request deletion of your data prior to the end of the applicable retention period, we will evaluate the request against our legal obligations and notify you of the outcome within 30 days.

// 06

Security Measures

Given the nature of our business — we conduct IT audits and advise on enterprise security architecture — we hold ourselves to a demonstrably high standard of information security. We implement layered technical and organizational controls to protect your data.

  • All data transmitted through our website is encrypted using TLS 1.2 or higher
  • Access to client data is restricted on a strict need-to-know basis with role-based access controls
  • All personnel with access to client information are bound by confidentiality agreements
  • We conduct regular internal security reviews of our own systems and processes
  • Sensitive documents shared during engagements are handled via encrypted file transfer protocols
  • We maintain an incident response procedure for data security events

In the event of a data breach that affects your personal information, we will notify you and relevant regulatory authorities in accordance with applicable law, without undue delay and no later than 72 hours after becoming aware of the breach where feasible.

// Security Contact

If you discover a security vulnerability in our systems or believe your data may have been compromised, contact us immediately at compliance@cyberethra-core.com. We take all security reports seriously and will respond within one business day.

// 07

Cookies & Tracking Technologies

Our website uses a minimal set of cookies and similar tracking technologies. We do not use advertising cookies, cross-site tracking pixels, or social media retargeting tools. Our cookie use is limited to what is operationally necessary and what helps us understand aggregate usage patterns.

Essential Cookies: Required for the website to function correctly — session management, security tokens, and preference storage. These cannot be disabled without impacting site functionality.

Analytics Cookies: We use privacy-respecting analytics tools to understand aggregate visitor behavior. This data is never linked to individual identities.

Session cookies are deleted when you close your browser. Persistent cookies we set expire within 12 months. You may manage or delete cookies at any time through your browser settings.

// 08

Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding the personal information we hold about you. We honor these rights regardless of whether they are specifically mandated in your jurisdiction.

  • Right of Access: Request a copy of the personal information we hold about you, including information about how it is used and with whom it has been shared
  • Right of Correction: Request correction of inaccurate or incomplete personal information we hold about you
  • Right of Deletion: Request deletion of your personal information where we have no legal obligation to retain it
  • Right to Restrict Processing: Request that we limit how we use your data in certain circumstances
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal information based on legitimate interests
  • Right to Withdraw Consent: Where processing is based on your consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy@cyberethra-core.com. We will respond within 30 calendar days. We may require verification of your identity before processing requests.

// 09

Children's Privacy

Cyberethra Core's services are directed exclusively at business organizations and their representatives. Our website is intended for use by professionals and corporate decision-makers. We do not knowingly collect, solicit, or process personal information from individuals under the age of 18.

If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@cyberethra-core.com and we will take prompt action to delete the relevant information from our systems.

// 10

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or our services. When we make material changes, we will update the "Last Revised" date at the top of this document and, where appropriate, notify active clients directly via email.

We encourage you to review this policy periodically. Continued use of our website or services following the posting of any changes constitutes your acceptance of the revised policy. If you disagree with any changes, please discontinue use of our services and contact us to discuss your concerns.

Archived versions of this policy are available upon written request to legal@cyberethra-core.com.

// 11

Contact & Data Controller

Cyberethra Core is the data controller responsible for your personal information. If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through any of the channels below.

Cyberethra Core — Privacy Office

Address 1502 Oxford Dr, Georgetown, KY 40324
Phone +1 (364) 246-0566
General consult@cyberethra-core.com