Privacy Policy

1. Introduction

Cywarden, Inc. ("Company," "we," "us," or "our") is committed to protecting your privacy and ensuring you have a positive experience on our website and when interacting with our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at cywarden.com and use our services, including but not limited to cloud security consulting, threat detection, incident response, and risk assessments.

Cywarden is a global cloud and artificial intelligence security consulting firm founded in 2022 and headquartered in San Francisco, California, with additional operations in Dubai, Australia, India, and Canada.

Effective Date: February 2026

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our website or services. Your continued use of our website and services following the posting of revised Privacy Policy means that you accept and agree to the changes.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Contact information: Name, email address, phone number, physical address, job title, and company name
• Communication content: Content from contact forms, email inquiries, chat messages, and support requests
• Event registration data: Information collected when you register for webinars, conferences, or virtual events
• Service inquiry information:Details about your organization's security needs and service requirements
• Job application data: Resume, cover letter, employment history, and qualifications
• Payment information: Billing address and payment details (processed securely through third-party payment processors)
• Newsletter signups: Email address and subscription preferences

2.2 Information Collected Automatically

We automatically collect certain information about your interactions with our website and services:

• Technical information: IP address, browser type, operating system version, device identifiers, and unique device IDs
• Usage data: Pages visited, time spent on pages, links clicked, features used, and interaction patterns
• Referral information: Referring URLs and search terms used to find our website
• Cookies and tracking technologies: Information collected through cookies, web beacons, pixels, and similar technologies. Please see our separate Cookie Policy for detailed information.
• Analytics data: Website performance, traffic patterns, and user behavior metrics (collected via Google Analytics)

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Business partners: Information shared by partners, affiliates, and referral sources
• Marketing platforms: Data from advertising and marketing platforms for targeting and analytics purposes
• Public databases: Publicly available information from online directories and business information services
• Social media platforms: Information shared when you interact with our social media presence

3. How We Use Your Information

We use the information we collect for various business and legitimate purposes:

3.1 Service Delivery and Management

• Providing, maintaining, and improving our services and website
• Responding to your inquiries, requests, and communications
• Processing service orders and managing client relationships
• Providing customer support and technical assistance

3.2 Marketing and Communications

• Sending promotional materials, newsletters, and marketing communications (with your consent)
• Notifying you about changes to our services or policies
• Event invitations and webinar registrations

3.3 Analytics and Optimization

• Analyzing website usage patterns and user behavior
• Improving website performance, functionality, and user experience
• Conducting market research and identifying trends

3.4 Legal Compliance and Security

• Complying with legal obligations, court orders, and regulatory requirements
• Detecting, preventing, and addressing fraud, abuse, and security incidents
• Protecting the rights, property, and safety of Cywarden, our users, and the public

3.5 Business Operations

• Accounting, auditing, and administrative purposes
• Financial reporting and tax compliance
• Personnel management and employment matters

4. Legal Bases for Processing (GDPR and Similar Regulations)

For individuals in jurisdictions with privacy laws such as GDPR, we process your personal information on the following legal bases:

4.1 Consent

We process information based on your explicit consent, such as for marketing communications and non-essential cookies.

4.2 Contractual Necessity

Processing is necessary to enter into, maintain, or fulfill a contract with you.

4.3 Legitimate Interests

We process information to serve our legitimate business interests, including improving our services, marketing, fraud prevention, and data security.

4.4 Legal Obligation

Processing is necessary to comply with applicable laws, regulations, and legal requests.

5. How We Share Your Information

We may share your information in the following circumstances:

5.1 Service Providers and Data Processors

We share information with third-party service providers, vendors, and contractors who assist us in operating our website, providing services, and conducting business activities. These include cloud hosting providers, analytics services, payment processors, email service providers, and customer relationship management platforms. All service providers are contractually obligated to use your information only as necessary to provide services and to maintain the confidentiality and security of your data.

5.2 Business Partners

With your consent, we may share information with business partners, resellers, and affiliates to provide products or services you have requested.

5.3 Legal Requirements and Law Enforcement

We may disclose information if required by law, court order, government request, or when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, and legal processes
• Enforce our Terms of Service and other agreements
• Protect the safety and security of individuals and the public

5.4 Business Transfers

If Cywarden is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

5.5 Professional Advisors

We may share information with our legal, accounting, and consulting advisors as necessary to provide professional services.

5.6 Non-Sale of Personal Information

Cywarden does not sell your personal information to third parties for their independent marketing purposes. We are committed to protecting your privacy and do not engage in the sale of personal data as defined by applicable privacy laws such as CCPA and CPRA.

6. International Data Transfers

Cywarden operates globally with offices in the United States, UAE, Australia, India, and Canada. Your personal information may be transferred to, stored in, and processed in countries other than your country of residence, which may have data protection laws that differ from those in your home country.

6.1 Standard Contractual Clauses (SCCs)

For transfers from the EU/EEA to jurisdictions without adequate privacy protections, we rely on Standard Contractual Clauses (SCCs) approved by the EU Commission as our transfer mechanism.

6.2 Adequacy Decisions

Where applicable, we rely on adequacy decisions recognizing that certain jurisdictions provide an adequate level of data protection equivalent to GDPR standards.

6.3 Binding Corporate Rules

Where applicable, we may implement Binding Corporate Rules (BCRs) to govern data transfers within the Cywarden group of companies.

6.4 Jurisdiction-Specific Transfer Mechanisms

For each jurisdiction in which we operate, we implement appropriate transfer mechanisms compliant with local data protection regulations to ensure your information remains protected.

7. Data Retention

We retain your personal information for as long as necessary to provide our services, fulfill the purposes outlined in this Privacy Policy, and comply with legal obligations.

7.1 Retention Periods by Data Type

7.2 Criteria for Determining Retention

Retention periods are determined by:

• The duration of our business relationship with you
• Legal and regulatory requirements
• The purpose for which we collected the data
• Our legitimate business interests

7.3 Deletion Upon Request

You may request deletion of your personal information at any time, subject to legal and contractual obligations. We will comply with deletion requests within applicable timeframes unless we are required to retain the data for legal, regulatory, or legitimate business purposes.

8. Your Privacy Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information. We are committed to respecting these rights. To exercise any of the following rights, please contact us at privacy@cywarden.com.

8.1 Right to Access

You have the right to request access to the personal information we hold about you.

8.2 Right to Rectification

You have the right to request correction or update of inaccurate or incomplete personal information.

8.3 Right to Deletion

You have the right to request deletion of your personal information (right to be forgotten), subject to legal and contractual obligations that may require us to retain certain data.

8.4 Right to Data Portability

You have the right to request a copy of your personal information in a portable, commonly used, machine-readable format.

8.5 Right to Restrict Processing

You have the right to request restriction of processing of your personal information while we verify a dispute or determine the lawfulness of processing.

8.6 Right to Object

You have the right to object to processing of your personal information for marketing purposes or based on legitimate interests.

8.7 Right to Withdraw Consent

If we process your information based on consent, you have the right to withdraw that consent at any time.

8.8 Right to Lodge Complaints

You have the right to lodge a complaint with the data protection authority or supervisory authority in your jurisdiction regarding our processing of your personal information.

8.9 How to Exercise Your Rights

To exercise any of these rights, please send a written request to privacy@cywarden.com with details of your request and verification of your identity. We will respond within the timeframe required by applicable law (typically 30–45 days). In some cases, we may require additional information to verify your identity before processing your request.

9. Jurisdiction-Specific Provisions

9.1 GDPR (European Union, European Economic Area, United Kingdom, and Switzerland)

If you are located in the EU, EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent laws. We process your personal information in compliance with GDPR principles, including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality. You have the rights enumerated in Section 8 of this policy, including the right to access, rectify, delete, restrict, portability, and object to processing. For GDPR-related inquiries, you may contact our Data Protection Officer at privacy@cywarden.com. You also have the right to lodge a complaint with your local data protection authority.

9.2 CCPA and CPRA (California)

California residents have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These rights include:

• Right to Know: You have the right to request what personal information we collect, use, share, and sell about you.
• Right to Delete: You have the right to request deletion of personal information we have collected, subject to certain exceptions.
• Right to Opt-Out: You have the right to opt out of the sale or sharing of your personal information for targeted advertising.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
• Authorized Agent: You may designate an authorized agent to make requests on your behalf.
• No Sale of Personal Information: Cywarden does not sell personal information to third parties.

9.3 PIPEDA and Quebec Law 25 (Canada)

For Canadian residents, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Law 25 (Bill 64). You have the right to access, correct, and request deletion of your personal information. You also have the right to know what information we collect, how it's used, and with whom it's shared. Quebec residents have additional rights under Law 25, including the right to object to processing. For privacy requests, contact privacy@cywarden.com.

9.4 DPDPA 2023 (India)

We comply with India's Digital Personal Data Protection Act, 2023. Cywarden acts as a Data Fiduciary and is committed to:

• Processing personal data only with your consent
• Maintaining data accuracy and integrity
• Providing transparency in data collection and use
• Enabling your rights of access, correction, and erasure

Our Data Protection Officer in India is responsible for handling grievances and data protection matters. Please send any complaints or inquiries to privacy@cywarden.com with reference to India DPO. Responses will be provided within 30 days.

9.5 UAE PDPL (United Arab Emirates)

We comply with the United Arab Emirates Personal Data Protection Law (Federal Decree-Law No. 45 of 2021). We ensure your personal information is processed fairly and transparently, used only for specified purposes, and protected from unauthorized access. You have rights to access, correct, and request deletion of your information. For PDPL-related inquiries in the UAE, contact our Privacy Team at privacy@cywarden.com.

9.6 Australian Privacy Act 1988 and APPs (Australia)

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). You have the right to access your personal information and request corrections. You can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) regarding our handling of your personal data. For Australian residents, contact privacy@cywarden.com for privacy-related inquiries.

10. Security Measures

Cywarden implements comprehensive security measures to protect your personal information from unauthorized access, alteration, disclosure, and destruction. Our security practices include:

10.1 Encryption

• AES-256 encryption for data at rest
• TLS 1.2 or higher for data in transit

10.2 Access Controls

• Role-based access control (RBAC)
• Multi-factor authentication (MFA)
• Regular access reviews and privilege audits

10.3 Regular Security Assessments

• Annual penetration testing
• Vulnerability assessments and remediation
• Security audits by independent third parties

10.4 Incident Response

We maintain an incident response plan to detect, investigate, and respond to security breaches. In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by law.

10.5 Compliance Certifications

• SOC 2 Type II Compliance
• ISO 27001 Certification

10.6 Note on Security

While we implement industry-leading security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information, and you assume responsibility for maintaining the confidentiality of your access credentials.

11. Children's Privacy

Cywarden's website and services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will promptly delete such information and terminate the child's account. If you believe we have collected information from a child under 16, please contact us immediately at privacy@cywarden.com.

12. Third-Party Links and Content

Our website may contain links to third-party websites, applications, and services operated by companies not affiliated with Cywarden. This Privacy Policy applies only to information collected through our website and services. We are not responsible for the privacy practices of third-party websites, and we encourage you to review their privacy policies before providing your information. Your use of third-party websites is subject to their terms and conditions.

13. Do Not Track and Global Privacy Control

13.1 Do Not Track (DNT)

Some browsers include a "Do Not Track" (DNT) feature. Currently, we do not respond to or honor DNT browser signals as there is no industry-wide standard for recognizing DNT signals. However, you may use other tools to control cookies and tracking, such as browser settings and privacy extensions.

13.2 Global Privacy Control (GPC)

We honor Global Privacy Control (GPC) signals where required by applicable law. If you enable GPC in your browser or device, we will treat it as a request to opt out of the sale or sharing of personal information as applicable to your jurisdiction.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. When we make material changes, we will notify you by updating the "Effective Date" and, where required by law, we will obtain your consent or provide you with notice through our website or email. Your continued use of our website and services following the posting of revisions constitutes your acceptance of the revised Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Cywarden, Inc. — Privacy Team
Email: privacy@cywarden.com
Headquarters: San Francisco, California

15.1 India — Data Protection Officer and Grievance Officer

For data protection inquiries specific to India under DPDPA 2023: Email privacy@cywarden.com(mark as "DPO Request").

15.2 EU/UK/Switzerland — Representative

For data protection inquiries from EU/EEA, UK, and Swiss residents: Email privacy@cywarden.com(mark as "GDPR Request").

California Residents: You may submit a request under CCPA/CPRA by emailing privacy@cywarden.com or using our online form at cywarden.com/privacy-request.

Response Time: We will respond to all privacy requests within the timeframe required by applicable law, typically 30–45 business days. We may request additional information to verify your identity and process your request.

Thank you for trusting Cywarden with your information. We are committed to protecting your privacy and maintaining your trust.