PRIVACY POLICY

CybersecTools is operated by Mandos Cyber, a company registered in the Netherlands (KVK: 97994448, VAT: NL005301434B12, registered address: 124, 1230 AC, Loosdrecht, Netherlands).

We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR) and Dutch data protection laws.

1. INFORMATION WE COLLECT

1.1 Account Information
When you create an account, we collect:
- Name
- Email address

1.2 LinkedIn Verification (Optional)
When you connect LinkedIn for verification: name, email, profile picture, email verification status, and locale. Connecting LinkedIn marks your account as "verified". We do NOT collect work history, connections, or endorsements.

1.3 Authentication Cookies
We use essential cookies to:
- Keep you logged in
- Maintain your session
- Ensure platform security
- Remember your preferences

1.4 Usage Analytics (Plausible Analytics)
We use Plausible Analytics, a GDPR-compliant, privacy-friendly analytics tool that does NOT use cookies. Plausible collects anonymous, aggregated data including:
- Page views and visit duration
- Referral sources
- General geographic location (country level only)
- Device type and browser information
- No personal information or identifying data

All analytics data is anonymous and cannot be used to identify individual visitors.

1.5 Payment Information
ALL payment processing is handled exclusively by Stripe. We DO NOT store, access, or process your credit card, bank account, or payment information. We only receive transaction confirmation data.

1.6 Vendor Contact Information (Lead Capture)
When you voluntarily choose to contact a vendor through our Platform, we collect and share: name, business email, phone number, company details, job title, location, and optional message. This sharing only occurs when you fill out the contact form, check the consent box, and submit. The vendor receives your information via email.

1.7 User-Submitted Content
- Reviews, comments, and feedback you submit
- Tool submissions and edits from vendors
- Communication through contact forms

1.8 Automatically Collected Information
- IP address (for security purposes only)
- Browser type and version
- Operating system
- Access times and pages visited

2. HOW WE USE YOUR DATA

We use collected data to:
- Provide and maintain the Platform
- Manage your account and authentication
- Process subscriptions and payments (via Stripe)
- Facilitate vendor contact requests (when you choose to contact vendors)
- Improve user experience and Platform functionality
- Analyze Platform usage and performance
- Communicate with you about your account
- Prevent fraud and ensure security
- Comply with legal obligations

2.1 Legal Basis (GDPR)
We process your data based on:
- Contractual necessity (to provide our services)
- Legitimate interests (platform improvement, security)
- Your consent (where applicable)
- Legal obligations (compliance requirements)

3. DATA SHARING AND DISCLOSURE

3.1 We DO NOT sell, rent, or trade your personal data.

3.2 We share data only with:
- Stripe (payment processing) - https://stripe.com/privacy
- Plausible Analytics (anonymous usage) - https://plausible.io/data-policy
- LinkedIn (optional verification) - https://www.linkedin.com/legal/privacy-policy
- Vendors/tool providers (only when you explicitly request contact via lead capture)

3.3 We may disclose data when required by law or to:
- Comply with legal processes
- Protect our rights and property
- Prevent fraud or security threats
- Protect user safety

4. DATA STORAGE AND SECURITY

4.1 Data Storage:
- Data is stored on secure servers in the European Union
- Plausible Analytics data is hosted in EU data centers
- We implement industry-standard security measures

4.2 Security Measures:
- Encrypted passwords
- Secure HTTPS connections
- Regular security audits
- Access controls and authentication

4.3 Data Retention:
- Account data: Retained while your account is active
- Lead capture data: Processed and transmitted to vendors immediately; we retain records for compliance purposes (12 months)
- Analytics data: Retained for 24 months (aggregated, anonymous)
- Backup data: Retained for disaster recovery purposes
- Deleted data: Permanently removed within 90 days of deletion request

5. YOUR GDPR RIGHTS

As a data subject under GDPR, you have the right to:

5.1 Access: Request a copy of your personal data
5.2 Rectification: Correct inaccurate or incomplete data
5.3 Erasure ("Right to be Forgotten"): Request deletion of your data
5.4 Restriction: Limit how we process your data
5.5 Data Portability: Receive your data in a structured format
5.6 Object: Object to processing based on legitimate interests
5.7 Withdraw Consent: Withdraw consent at any time (where applicable)
5.8 Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us via: https://cybersectools.com/contact

6. COOKIES POLICY

6.1 Essential Cookies (Required):
- Authentication and session management
- Security and fraud prevention
- These cookies are necessary for Platform functionality

6.2 Analytics (Optional - No Cookies Used):
- Plausible Analytics does NOT use cookies
- All analytics data is anonymous and aggregated
- No tracking across websites

6.3 Managing Cookies:
You can manage cookies through your browser settings. Disabling essential cookies may affect Platform functionality.

7. THIRD-PARTY SERVICES

7.1 Vendor Lead Capture:
When you contact a vendor, you provide explicit consent to share your information. The vendor becomes an independent data controller and is responsible for their own privacy practices. We transmit the information via email and are not responsible for how vendors handle your data thereafter.

7.2 External Links:
Our Platform may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies.

8. CHILDREN'S PRIVACY

Our Platform is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

9. INTERNATIONAL DATA TRANSFERS

9.1 EU Data Protection:
- Data is primarily stored and processed in the EU
- We comply with GDPR for all international transfers
- Adequate safeguards are in place for non-EU transfers

9.2 Standard Contractual Clauses:
Where necessary, we use Standard Contractual Clauses approved by the European Commission.

10. AI TECHNOLOGY NOTICE

We use artificial intelligence technology from Anthropic and other providers for certain Platform features (such as search, recommendations, and operational purposes).

IMPORTANT: We do NOT use AI to process your personal information or personal data. AI is only used for non-personal Platform functionality.

11. DATA BREACH NOTIFICATION

In the event of a data breach affecting your personal data, we will:
- Notify affected users within 72 hours
- Report to relevant data protection authorities as required by GDPR
- Take immediate action to mitigate the breach

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically. Material changes will be posted on this page with an updated "Last Updated" date. Continued use of the Platform after changes constitutes acceptance of the updated policy.

13. CONTACT US

For privacy-related questions, to exercise your GDPR rights, or to file a complaint:

Mandos Cyber
Website: https://cybersectools.com
Contact Form: https://cybersectools.com/contact
Terms of Service: https://cybersectools.com/tos

Company Registration:
KVK Number: 97994448
VAT Number: NL005301434B12
Registered Address: 124, 1230 AC, Loosdrecht, Netherlands

Data Protection Inquiries: Use the contact form with "Privacy Request" in the subject line.

14. THIRD-PARTY SERVICE DETAILS

For detailed privacy policies of our third-party services:
- Stripe Payment Processing: https://stripe.com/privacy
- Plausible Analytics (cookieless, GDPR-compliant): https://plausible.io/data-policy
- LinkedIn Verification: https://www.linkedin.com/legal/privacy-policy