1. Who We Are
Cybersecurity Forefront LLC, a Wyoming limited liability company (registered office: 30 N Gould St, Ste N, Sheridan, WY 82801, USA), is the data controller for personal data processed through cybersecurityforefront.com and related services.
2. What We Collect
We collect the following categories of personal data:
- Account data: name, email, hashed password (or Google OAuth identifier), role, plan, subscription status, account timestamps.
- Usage data: pages visited, features used, IP address, user agent, referrer (collected via standard server logs).
- Customer content: clients, hardware inventories, subnets, configurations, assessments, and chat transcripts you create inside the product.
- Billing data: handled by Stripe; we receive transaction metadata but never full payment-card numbers.
3. Why We Process Your Data
We process personal data to:
- operate, secure, and improve the Service;
- authenticate you and protect against fraud and abuse;
- provide AI-assisted answers via the concierge chat;
- process subscriptions and send transactional emails (receipts, security notices, product updates relevant to your plan);
- comply with legal and regulatory obligations.
Legal bases (GDPR Art. 6): contract, legitimate interest, legal obligation, and — where applicable — your explicit consent.
4. Sub-Processors
We use the following sub-processors. Each is bound by a data processing agreement and processes only the minimum data necessary:
- MongoDB Atlas — primary database hosting (US region).
- Stripe, Inc. — payment processing.
- Google LLC (OAuth & Workspace) — social login and transactional email delivery.
- OpenAI / model providers — AI inference for the concierge chat. We do not send your stored customer content to model providers for training.
5. Data Retention
We retain account data for as long as your account is active and for up to 24 months after deletion for legal, accounting, and anti-abuse purposes. Chat transcripts are retained for up to 12 months unless you delete them earlier. You can request earlier deletion at any time.
6. Your Rights
Under GDPR (EU/EEA/UK) and CCPA (California), you may have the right to:
- access the personal data we hold about you;
- correct inaccurate or incomplete data;
- request deletion (“right to be forgotten”);
- restrict or object to processing;
- data portability (machine-readable export);
- opt out of the “sale” or “sharing” of personal information (we do not sell data);
- lodge a complaint with your local data protection authority.
To exercise any right, email info@cybersecurityforefront.com. We respond within 30 days (45 for CCPA, with extension where permitted).
7. Cookies & Tracking
We use strictly necessary cookies for authentication and CSRF protection. We do not deploy advertising cookies. Product analytics, when enabled, are gated behind a runtime flag and run in anonymous mode by default.
8. International Transfers
Personal data may be transferred to and processed in the United States. For data originating in the EU/EEA/UK, transfers rely on the European Commission's Standard Contractual Clauses (SCCs) and supplementary measures where appropriate.
9. Security
We protect personal data with industry-standard measures: encryption in transit (TLS 1.2+), bcrypt-hashed passwords, scoped service credentials, and least-privilege access controls. No system is perfectly secure; we will notify affected users without undue delay in the event of a confirmed breach involving personal data.
10. Children
The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, email us and we will delete it.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be notified in-product or by email at least 14 days before they take effect.
12. Contact
Privacy questions? Email info@cybersecurityforefront.com or write to Cybersecurity Forefront LLC, 30 N Gould St, Ste N, Sheridan, WY 82801, USA.