Privacy Policy

1. Overview

Cyberency Inc ("Cyberency," "we," "our," or "us") is a cybersecurity company incorporated in the State of California, United States. We provide healthcare compliance consulting and penetration testing services to organizations across the United States.

We are committed to protecting the privacy of our website visitors and clients. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.

This policy does not apply to information processed under client service agreements, which are governed by separate data processing agreements and applicable law including HIPAA where relevant.

2. Information We Collect

2.1 Information You Provide Directly

When you contact us, request an assessment, or otherwise interact with our website, we may collect:

• Full name and job title
• Work email address and phone number
• Organization or company name
• Information about your security needs or environment (as described in inquiry forms)
• Any other information you voluntarily provide

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information, including:

• IP address and approximate geographic location
• Browser type and version
• Operating system
• Pages visited and time spent on each page
• Referring URLs
• Date and time of access

This information is collected through server logs and, where applicable, cookies and similar technologies (see Section 5).

2.3 Information We Do Not Collect

We do not collect sensitive personal information such as Social Security numbers, government-issued IDs, financial account numbers, or health information through this website. Any protected health information (PHI) shared in the context of a service engagement is handled under a separate Business Associate Agreement (BAA) and applicable HIPAA regulations.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To respond to inquiries — We use your contact information to respond to messages and consultation requests.
• To deliver services — Contact and organizational information is used to scope, deliver, and manage our engagements.
• To improve our website — Automatically collected data helps us understand how visitors use our site and improve its content and performance.
• To comply with legal obligations — We may process your data to meet our obligations under applicable law, including California law.
• To protect our rights and interests — We may use information to detect, investigate, or prevent fraud or other harmful activity.

We do not sell your personal information. We do not use your information for automated profiling or decision-making that produces legal or similarly significant effects.

4. Sharing of Information

We do not sell, rent, or trade personal information. We may share information in the following limited circumstances:

• Service providers — We may share information with trusted third-party vendors who assist in operating our website or business (e.g., email hosting, analytics), subject to confidentiality obligations.
• Legal requirements — We may disclose information if required by law, regulation, court order, or governmental authority.
• Business transfers — In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction, subject to equivalent privacy protections.
• With your consent — We may share information for any other purpose with your explicit consent.

5. Cookies & Tracking Technologies

Our website uses cookies and similar technologies. For full details on what we use and how to control it, please see our Cookie Policy.

In summary, we use:

• Strictly necessary cookies — Required for the website to function. Cannot be disabled.
• Analytics cookies — Help us understand site usage. Can be disabled via cookie preferences.

We do not use advertising, tracking, or third-party profiling cookies.

6. Data Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:

• HTTPS encryption for all data in transit
• Access controls limiting who can view personal data
• Regular security assessments of our own infrastructure
• Secure email handling practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If you believe your information has been compromised, please contact us immediately at contact@cyberency.com.

7. Data Retention

We retain personal information only as long as necessary for the purposes outlined in this policy, or as required by law. Specifically:

• Inquiry and contact form submissions are retained for up to 3 years for business purposes.
• Client engagement records are retained for a minimum of 7 years in accordance with California business record requirements.
• Server log data is retained for up to 12 months.

You may request deletion of your data at any time (see Section 8).

8. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights:

• Right to Know — You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete — You may request deletion of personal information we hold about you, subject to certain exceptions.
• Right to Correct — You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing — We do not sell or share personal information for cross-context behavioral advertising. No opt-out is necessary.
• Right to Non-Discrimination — We will not discriminate against you for exercising any of your rights.
• Right to Limit Use of Sensitive Personal Information — We do not use or disclose sensitive personal information for purposes beyond what is necessary.

How to Exercise Your Rights

To submit a CCPA request, contact us at:

• Email: contact@cyberency.com
• Subject line: "California Privacy Request"

We will respond within 45 days of receiving a verifiable request. We may need to verify your identity before processing the request.

9. Children's Privacy

Our website and services are directed at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Your continued use of our website following the posting of changes constitutes acceptance of those changes.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: