The short and sweet summary:
We’ve designed our website to maximize your privacy. We do not know who you are, unless you engage with us by booking a meeting or give us your email address in the chat. We can delete this information whenever, just ask. If you don’t ask, we will delete it after 6 months. Booking a meeting with us or chatting with us will not put you on any mailing list. No spam, we promise.
The full truth and nothing but the truth:
Because we want to make it quick and easy for you to meet us and chat with us, we’ve added a meeting scheduler and a live chat. These are both powered by HubSpot and they serve cookies.
If you decline cookies, the following three (2) anonymous cookies are still required:
- This cookie remembers to not ask you to accept cookies again.
- It contains the string "yes" or "no".
- It is deleted after 6 months.
- This cookie is used to prevent the banner from always displaying if you are browsing in strict mode.
- It contains the string "yes" or "no".
- It expires in seven days.
If you accept cookies, you get five (5) additional cookies:
- This cookie keeps track of sessions.
- It contains our domain (cultsecurity.com), viewCount (increments each pageView in a session), and session start timestamp.
- It expires in 30 minutes.
- If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
- It contains the value "1" when present.
- It expires at the end of the session.
- It contains our domain (cultsecurity.com), the opaque GUID, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
- It expires in 6 months.
- This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
- It contains an opaque GUID to anonymously represent you.
- It expires in 6 months.
If you would like to book a meeting with us with the help of HubSpot, you’ll need to provide us and HubSpot with your name and email. These details are automatically added to our HubSpot contacts database. Our HubSpot data is hosted in the EU/ETA. We will only use this personal information to arrange the meeting. We will not add you to any mailing list or spam you in any way. We will also delete this information after the meeting, if you request us to do so. Otherwise, we periodically delete all contacts we’ve not had contact with in 6 months.
Our live chat only collects your personal data if you type it in. Please do not share any personal data other than your contact information in the chat.
If you trust us but don’t trust HubSpot, you can always just email us at bookademo[at]cultsecurity.com with a couple of time slot suggestions and we can set up a call or online meeting on your choice of platform.
So this is a description of how our CyberCoach and we at Cult Security as its hosts and creators handle your personal information and what we do to protect it.
CyberCoach has two “sides”: your coach and your trainer. (No, not like Jekyll and Hyde, both of them are fun and friendly.) As your coach, the CyberCoach answers your questions. This side is anonymous unless you want human assistance in resolving the issue and specifically allow CyberCoach to forward that request within your organization. As your trainer, you work through fictional training scenarios together with CyberCoach to learn about security and privacy. Your organization may need to know who has completed what training, so we may provide that information at the end of the training if you allow us to do so.
From both coach and trainer sides, we aggregate dashboard views for your organization. We encourage the admin of your organization to share these views with you for transparency, and take care that no individual can be identified from these organization and role/unit level graphs. Read on for more details on how we protect your information and only process the very minimum needed to provide you a stellar service.
What do you know about me and why?
We want you to be able to ask anything and learn without pressure, so we work extra hard to ensure you remain anonymous. Even though you are logged into your organization’s Microsoft Teams or Slack when you chat with CyberCoach, CyberCoach does not collect or store your name or account information during your conversation.
We at Cult Security do not know who you are or what you discuss with CyberCoach, unless
you specifically allow CyberCoach to assist you in reporting security issues or requesting further support. In that case we need to pass your name, e-mail and issue information based on the discussion (you will be able to preview this before submitting) forward to the appropriate service in your organization. We will delete this information from our systems within 48 hrs.
you have completed a training scenario and wish to push this record to your organization’s training or HR system. We will also delete this information within 48 hrs of submitting it to your organization.
The table below summarizes the kind of data we process, why we need to process it, and for how long we maintain it.
|Session ID, duration of the conversation, information on completion/dropping out||For us to develop CyberCoach, diagnose issues, and keep the service up. Also to aggregate organization-wide usage analytics for your organization.||As long as your organization has the service in use, and the maximum of 90 days after. 1|
|IP address||For us to diagnose issues, and keep the service up. Not combined with what you have discussed with CyberCoach.||90 days|
|Name and organizational email address||To record training scenario completion. Also if you wish CyberCoach to help you forward a ticket for you to receive further assistance. CyberCoach will make it very clear if this information is required and ask you specifically if you still wish to proceed.||As long as your organization has the service in use, and the maximum of 90 days after.|
|Training scores, right or wrong answers||To record training scenario completion.||As long as your organization has the service in use, and the maximum of 90 days after.|
Where is my data?
We keep and process everything in highly security-certified Microsoft Azure Cloud, and make sure nothing leaves the EU/ETA.
What are my rights?
|Right to be informed||We need to be transparent about what we do with your data, notify you of what your rights are and how you can exercise them. This document explains all that.|
|Right to rectification||We can’t help you much here. CyberCoach and we at Cult Security only process automatically generated data (log information) and information passed down from your organization, so anything inaccurate needs to be corrected at the source by contacting your organization’s IT.|
|Right to be forgotten||We got you covered! Everything that could possibly be used to identify you (IP address, or in the case you have asked CyberCoach to pass your information within your organization for further assistance, your name and e-mail address) gets automatically deleted after 48 hrs.|
|Right of access and data portability||The EU General Data Privacy Regulation grants you the right to receive a copy of information you provide to a service provider in a digital format. While CyberCoach receives input from you, everything is deleted from our systems within 48 hrs. This information you have inputted will still remain available to you through Microsoft Teams or Slack as long as your chat session remains open, and you will be able to copy it from there.|
|Right to restriction of processing||This one is quite simple. We only process information you can be identified from when you use CyberCoach and 48 hrs after. As the information collected is already strictly minimized, and you are in full control of when CyberCoach is allowed to know who you are, this processing can only be further restricted by you electing not to use the service. Please do so and talk to us or a representative from your organization in case you have concerns before returning to using the service.|
|Automated decision-making or profiling||CyberCoach does not judge. Or profile, or make decisions impacting you.|
Question or beef?
You can reach us at privacy[at]cultsecurity.com