Privacy Policy

Last updated: May 5, 2026

1. Purpose

CYBER PHYLAX operates an authorized security assessment workflow for tenants, administrators, and assigned security personnel. This Privacy Policy explains how information is collected, used, protected, and retained when using the platform.

2. Information We Process

• Account information, including name, email address, company or tenant name, role, verification status, and login timestamps.
• Assessment request information, including target domain, scope, IP ranges, testing windows, selected service, business impact, special instructions, and domain verification status.
• Operational records, including NDA and Rules of Engagement acceptance hashes, IP address, user agent, audit logs, status changes, assignments, invoices, and notifications.
• Secure workflow content, including encrypted chat messages, encrypted chat attachments, temporary test credentials, reports, findings archives, and uploaded invoice files.

3. How Information Is Used

Information is used only to operate authorized assessment workflows, verify authorization and ownership, assign work to approved personnel, communicate progress, maintain auditability, deliver reports, manage billing, and satisfy legal, security, and compliance obligations.

4. Security Controls

The platform applies tenant isolation, role-based access control, CSRF protection, Content Security Policy headers, audit logging, server-side validation, rate limiting, and encrypted storage for sensitive workflow data where implemented.

5. Retention and Deletion

Assessment records are retained to preserve legal authorization, auditability, and service history. After deliverables are downloaded and payment is confirmed, tenants may request deletion of report and findings files through the right-to-oblivion workflow.

6. Contact

Privacy and security requests may be sent to security@cyberphylax.com.