Privacy Policy

Last Updated: January 2025

1. Introduction

OneByte Security ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cybersecurity services and website.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We collect information you provide directly:

  • Contact Information: Name, email address, phone number, company name
  • Account Information: Username, password (encrypted), billing details
  • Payment Information: Processed securely by third-party payment providers
  • Communications: Support requests, feedback, survey responses

2.2 Technical and Network Data

  • Scan Data: IP addresses, open ports, network configurations, vulnerability findings
  • Usage Data: Browser type, device information, operating system
  • Analytics: Pages visited, time spent, click patterns
  • Cookies: Session management, preferences, analytics (see Cookie Policy)

2.3 Information from Third Parties

We may receive information from threat intelligence databases, security research organizations, and public vulnerability databases to enhance our services.

3. How We Use Your Information

We use collected information for:

  • Service Delivery: Perform security scans, generate reports, provide security scores
  • Account Management: Create and maintain your account, process payments
  • Communication: Send security alerts, service updates, newsletters (with consent)
  • Improvement: Analyze usage patterns, develop new features, improve accuracy
  • Security: Detect fraud, prevent abuse, protect against security threats
  • Legal Compliance: Meet regulatory requirements, respond to legal requests

4. Legal Basis for Processing (UK GDPR)

We process your data based on:

  • Contract Performance: Necessary to provide our services you've requested
  • Legitimate Interests: Improving our services, preventing fraud, ensuring security
  • Legal Obligation: Compliance with laws and regulations
  • Consent: For marketing communications and optional features (withdrawable anytime)

5. How We Share Your Information

We do not sell your personal information. We may share data with:

  • Service Providers: Cloud hosting, payment processing, email delivery (under strict contracts)
  • Legal Requirements: When required by law, court orders, or regulatory authorities
  • Business Transfers: In case of merger, acquisition, or asset sale (with notice to you)
  • With Your Consent: When you explicitly authorize us to share information

6. Data Security

We implement industry-standard security measures:

  • Encryption in transit (TLS/SSL) and at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication requirements
  • Employee training on data protection
  • Incident response procedures

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but continuously work to protect your data.

7. Data Retention

We retain data for as long as necessary to:

  • Provide our services and fulfill contractual obligations
  • Comply with legal and regulatory requirements (typically 6-7 years)
  • Resolve disputes and enforce agreements
  • Support legitimate business purposes

When data is no longer needed, we securely delete or anonymize it.

8. Your Privacy Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (with certain exceptions)
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Opt-out of marketing communications anytime

To exercise these rights, contact us at privacy@onebytesecurity.com. We'll respond within 30 days.

9. Cookies and Tracking

We use cookies and similar technologies:

  • Essential Cookies: Required for the site to function (login, security)
  • Analytics Cookies: Help us understand usage patterns (Google Analytics)
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Track ad performance (only with consent)

You can control cookies through your browser settings. Note that disabling cookies may affect site functionality.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the UK. When we do this, we ensure:

  • Adequate protection through Standard Contractual Clauses
  • Transfers only to countries with adequate data protection laws
  • Compliance with UK GDPR requirements for international transfers

11. Children's Privacy

Our services are not intended for individuals under 18. We do not knowingly collect data from children. If we become aware that we've collected data from a child, we'll delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. We'll notify you of significant changes via email or a prominent notice on our website. Continued use after changes constitutes acceptance.

13. Contact Us

For privacy questions or to exercise your rights:

Data Protection Officer: privacy@onebytesecurity.com

Website: www.onebytesecurity.com

Address: OneByte Security Ltd, United Kingdom

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we've mishandled your data.