Privacy Policy
Last updated: February 15, 2026
PsyberSec is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you visit our website. It also describes your rights under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA).
1. Information We Collect
We collect information in the following ways when you interact with PsyberSec:
a) Information You Provide Directly
When you create an account, submit a contact form, or interact with features on our site, you may provide personal information such as your name, email address, and any content you choose to submit. We collect only what is necessary for the purpose you have consented to.
b) Information Collected Automatically
When you visit our website, certain technical information may be collected automatically, including your IP address, browser type, operating system, referring URL, pages viewed, and timestamps. This data is collected through server logs and, if you consent, through analytics cookies. We use this information to maintain site security, diagnose technical issues, and improve user experience.
c) Information Collected Through Cookies and Similar Technologies
We use cookies and local storage to operate our website, remember your preferences, and, with your consent, gather anonymous analytics. Full details of the specific cookies we use, their purposes, and their retention periods are set out in Section 7 of this policy and in our Cookie Policy.
2. How We Use Your Information
We process your personal information only for lawful purposes. Specifically, we use your data to:
- Provide, operate, and maintain the PsyberSec website and its features
- Authenticate your identity and manage your user account
- Respond to your inquiries, comments, or support requests
- Analyze usage patterns and improve site performance (only when analytics consent is granted)
- Remember your display preferences such as theme settings (functional cookies)
- Store and honor your cookie consent choices for the duration stated in our policy
- Comply with legal obligations and enforce our terms of service
- Detect, prevent, and address security vulnerabilities or fraudulent activity
We do not sell, rent, or trade your personal information to third parties. We do not use your data for automated decision-making or profiling.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:
- Consent — For non-essential cookies (analytics, functional, marketing), we rely on your explicit, informed consent as recorded through our cookie consent mechanism. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
- Legitimate Interest — For essential cookies required for site operation, authentication, and security. These are strictly necessary and do not require consent under GDPR Recital 47.
- Contractual Necessity — When processing is necessary to deliver a service you have requested, such as account creation and access.
- Legal Obligation — When we are required to process data to comply with applicable laws or regulations.
4. Data Storage and Security
PsyberSec takes the security of your data seriously. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- HTTPS encryption for all data transmitted between your browser and our servers
- Secure authentication through Supabase with session-based token management
- Row Level Security (RLS) policies on database tables to enforce access controls
- Regular review of data processing practices and security configurations
Your cookie consent preferences are stored exclusively in your browser via localStorage and are never transmitted to our servers. Authentication session tokens are managed by Supabase and expire according to their documented retention schedule.
5. Third-Party Services
We use the following third-party services to operate PsyberSec. Each service has its own privacy policy governing how it handles data:
| Service | Purpose | Data Processed |
|---|---|---|
| Supabase | Authentication and database | Account credentials, session tokens, user-generated content |
| Vercel | Hosting and deployment | Server logs, IP addresses, request metadata |
| Vercel Analytics | Anonymous site analytics (requires consent) | Page views, performance metrics (no PII) |
We do not share your personal data with any third party for marketing or advertising purposes. Analytics data is collected only when you have provided explicit consent through our cookie consent mechanism.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods are as follows:
- Account data — Retained for the duration of your active account. Upon account deletion, your data is permanently removed from our database within 30 days.
- Cookie consent preferences — Stored in your browser for exactly 1 year from the date you set them. After one year, they are automatically deleted and you will be prompted to re-confirm your choices. See Section 7 for full details.
- Authentication session tokens — Expire after the session ends or after 7 days of inactivity, whichever occurs first.
- Analytics data — Anonymized and aggregated; retained by Vercel Analytics according to their data retention policy.
- Server logs — Retained for up to 30 days for security and diagnostic purposes, then automatically purged.
7. Cookies and Consent Management
PsyberSec uses cookies and browser local storage to operate the website and, with your consent, to understand how it is used. This section summarizes our cookie practices. For a comprehensive list of every cookie by name, provider, purpose, and duration, please refer to our dedicated Cookie Policy.
a) Essential Cookies (Always Active)
These cookies are strictly necessary for the website to function. They enable secure authentication via Supabase session tokens and store your cookie consent preferences. Essential cookies cannot be disabled. They do not collect personal information beyond what is required for site operation.
b) Analytics Cookies (Consent Required)
With your explicit consent, we use Vercel Analytics and Speed Insights to collect anonymous, aggregated data about page views and performance metrics (Core Web Vitals). No personally identifiable information is collected through analytics cookies. These cookies are session-based and are not set unless you opt in.
c) Functional Cookies (Consent Required)
Functional cookies remember your display preferences, such as your chosen theme. They enhance your experience but are not required for the site to operate. These cookies are stored in localStorage for up to 1 year.
d) Marketing Cookies
PsyberSec does not currently use marketing or advertising cookies. If this changes in the future, this policy will be updated and fresh consent will be requested before any marketing cookies are set.
Consent Preference Storage and Expiration
When you make a cookie consent choice—whether you accept all cookies, decline non-essential cookies, or customize your preferences—your selection is saved in your browser's localStorage under the key psybersec-cookie-consent. The stored record includes:
- version— The consent schema version, used to invalidate outdated formats
- preferences— An object recording your choice for each cookie category (essential, analytics, functional, marketing)
- date— The ISO 8601 timestamp of when you set your preferences
- expiryDate— The exact date your preferences expire, calculated as your consent date plus 365 days
- status— A record of how you consented: accepted, declined, or customized
Automatic expiration and deletion: On every page load, PsyberSec checks whether the stored expiry date has passed. If your preferences have exceeded the 1-year retention period, they are automatically deleted from localStorage and the cookie consent banner is displayed again, requiring you to re-confirm your choices. This mechanism ensures compliance with GDPR Article 7(4), which requires that consent remain current and demonstrable, and CCPA Section 1798.135, which requires that opt-out preferences be honored without indefinite storage.
No server-side storage: Your cookie consent preferences are stored exclusively in your browser. They are never transmitted to PsyberSec servers, meaning this data is under your direct control at all times. You may clear it manually through your browser settings or by using the “Reset Consent” option in the cookie preferences panel.
Browser Privacy Signals
PsyberSec honors Do Not Track (DNT) and Global Privacy Control (GPC) signals. If your browser transmits either signal, we automatically default to essential-only cookies without displaying a consent banner. You retain the ability to adjust your preferences at any time using the cookie icon in the bottom-left corner of any page or the “Manage Cookies” link in the site footer.
8. Your Rights
Depending on your location, you may be entitled to specific rights under data protection legislation. The following outlines your rights under the GDPR and CCPA:
Under the GDPR (EEA and UK residents)
- Right of Access — Request a copy of the personal data we hold about you.
- Right to Rectification — Request correction of inaccurate or incomplete personal data.
- Right to Erasure — Request deletion of your personal data, subject to legal retention requirements.
- Right to Restrict Processing — Request that we limit how we use your data in certain circumstances.
- Right to Data Portability — Receive your personal data in a structured, machine-readable format.
- Right to Withdraw Consent — Withdraw any consent you have given at any time, without affecting the lawfulness of processing prior to withdrawal. For cookie consent, you may do this instantly via the preferences panel on any page.
Under the CCPA (California residents)
- Right to Know — Request disclosure of the categories and specific pieces of personal information collected about you.
- Right to Delete — Request deletion of personal information we have collected.
- Right to Opt-Out — Opt out of the sale or sharing of personal information. PsyberSec does not sell personal information.
- Right to Non-Discrimination — Exercise your privacy rights without receiving discriminatory treatment.
To exercise any of these rights, please contact us. We will respond to your request within the timeframe required by applicable law (typically 30 days under the GDPR and 45 days under the CCPA).
9. Children's Privacy
PsyberSec is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe that we have inadvertently collected information from a child under 16, please contact us immediately, and we will take steps to delete the information promptly.
10. International Data Transfers
PsyberSec is hosted on Vercel, which operates infrastructure globally. If you access our website from outside the United States, your data may be transferred to and processed in the United States or other jurisdictions where our service providers operate. We ensure that any such transfers comply with applicable data protection laws, including through the use of standard contractual clauses where required by the GDPR.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the “Last updated” date at the top of this page. If changes affect how we use cookies or process consent, we will reset stored consent preferences (by incrementing the consent schema version) and request fresh consent from all visitors.
We encourage you to review this policy periodically to stay informed about how we protect your information.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us through our contact page. We are committed to transparency and will respond to inquiries promptly.