Legal

Privacy Policy

Last updated: March 2026

Cyber353 Ltd ("Cyber353", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website at cyber353.ai or interact with our services.

We comply with the EU General Data Protection Regulation (GDPR) and the Brazilian Lei Geral de Proteção de Dados (LGPD).

1. Data Controller

The data controller responsible for your personal data is:
Cyber353 Ltd
Dublin, Ireland
Email: [email protected]

2. What Data We Collect

We collect only the data you voluntarily provide through our contact form:

• Name — to address you properly
• Email address — to respond to your enquiry
• Business type — to understand your needs
• Message — the content of your enquiry

We do not collect data through cookies, analytics trackers, or any other automated means. See our Cookie Policy for details.

3. How We Use Your Data

We use the data you provide for the following purposes:

• Responding to your enquiry or request
• Providing our services (AI assistant development, business automation, website design)
• Communicating about projects and deliverables

We do not use your data for marketing, profiling, or automated decision-making unless you explicitly opt in.

4. Legal Basis for Processing

We process your personal data on the following legal grounds:

• Consent (Article 6(1)(a) GDPR) — when you voluntarily submit the contact form
• Legitimate interest (Article 6(1)(f) GDPR) — to respond to business enquiries and provide our services
• Contractual necessity (Article 6(1)(b) GDPR) — where processing is required to fulfil a service agreement

5. Data Processors and Third Parties

We share your data only with the following processors, all of which maintain appropriate data protection agreements:

• Cloudflare, Inc. — website hosting (Cloudflare Pages) and bot protection (Cloudflare Turnstile). Cloudflare processes limited technical data to deliver and secure the website. Cloudflare Privacy Policy
• Resend — transactional email delivery. When you submit the contact form, your name, email, and message are transmitted via Resend to deliver the notification. Resend Privacy Policy

We do not sell, rent, or share your personal data with any other third parties.

6. Cookies and Tracking

Our website does not use cookies for analytics, advertising, or tracking purposes. The only cookies that may be set are strictly necessary cookies from Cloudflare Turnstile, used solely for bot protection on our contact form. Cloudflare Web Analytics, which we use for aggregate traffic insights, is entirely cookieless.

For more information, see our Cookie Policy.

7. International Data Transfers

Our data processors (Cloudflare and Resend) may process data outside the European Economic Area (EEA). In such cases, transfers are protected by Standard Contractual Clauses (SCCs) or equivalent safeguards as required by GDPR and LGPD.

8. Data Retention

• Contact form submissions are retained for 12 months from the date of submission, unless a client relationship is established.
• Client data related to active engagements is retained for the duration of the service agreement and for a reasonable period thereafter to comply with legal obligations.

After the retention period, data is securely deleted or anonymised.

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Rectification — request correction of inaccurate or incomplete data
• Erasure — request deletion of your data ("right to be forgotten")
• Restriction — request that we limit processing of your data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interest
• Withdraw consent — withdraw consent at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In Ireland, this is the Data Protection Commission (DPC).

10. Your Rights Under LGPD (Brazilian Users)

If you are located in Brazil, the Lei Geral de Proteção de Dados (LGPD) grants you the following additional rights:

• Confirmation of the existence of processing
• Access to your data
• Correction of incomplete, inaccurate, or outdated data
• Anonymisation, blocking, or deletion of unnecessary or excessive data
• Portability of data to another service provider
• Deletion of data processed with your consent
• Information about third parties with whom data is shared
• Information about the possibility of denying consent and its consequences
• Revocation of consent

To exercise your rights under the LGPD, contact us at [email protected].

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted data transmission (TLS/SSL), secure hosting infrastructure, and access controls. However, no method of transmission over the internet is 100% secure.

12. Data Processing Agreement

A Data Processing Agreement (DPA) is available on request for clients and partners. Contact us at [email protected] to request a copy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Cyber353 Ltd
Dublin, Ireland
Email: [email protected]