Introduction
Akinciborg Security ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or communicate with us.
This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Data Controller: Akinciborg Security, SIRET 891 836 413 00015, based in Metz, Grand Est, France, is the data controller responsible for your personal data.
Information We Collect
2.1 Information You Provide Directly
We collect information that you voluntarily provide to us when you:
- Request a quote or contact us through our website forms
- Engage our penetration testing services
- Subscribe to our newsletter or communications
- Communicate with us via email, phone, or other channels
This may include:
| Data Type | Examples | Purpose |
|---|---|---|
| Contact Information | Name, email, phone, company | Communication, service delivery |
| Business Information | Company details, role, industry | Understanding client needs |
| Technical Information | Target domains, URLs, infrastructure | Penetration testing services |
| Payment Information | Billing address, payment method | Processing transactions |
| Communication Data | Email content, support tickets | Customer support, service quality |
2.2 Information Collected Automatically
When you visit our website, we automatically collect certain information:
- Log Data: IP address, browser type, device information, operating system
- Usage Data: Pages visited, time spent, referral sources, clickstream data
- Cookies: See our Cookie Policy section below for details
2.3 Information from Third Parties
We may receive information from:
- Payment processors (transaction confirmations)
- Email service providers (delivery status)
- Analytics providers (aggregated usage data)
2.4 Sensitive Data During Testing
During penetration testing engagements, we may temporarily access sensitive data including:
- Test account credentials
- System logs and configuration files
- Sample data from your applications
Important: We access this data solely for testing purposes and delete it immediately after engagement completion unless retention is required for reporting. We never use client data for any purpose other than the contracted service.
How We Use Your Information
3.1 Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
- Contract Performance: To provide penetration testing services you've requested
- Legitimate Interests: To improve our services, prevent fraud, and maintain security
- Consent: For marketing communications (you can withdraw consent anytime)
- Legal Obligation: To comply with tax, accounting, and legal requirements
3.2 Specific Uses
We use your information to:
- Provide Services: Execute penetration tests, deliver reports, provide support
- Communication: Respond to inquiries, send project updates, provide quotes
- Payment Processing: Process transactions and send invoices
- Service Improvement: Analyze usage patterns, improve methodologies
- Marketing: Send newsletters, service updates (with your consent)
- Legal Compliance: Maintain records, comply with regulations
- Security: Protect against fraud, abuse, and security threats
Data Sharing & Disclosure
4.1 We Do NOT Sell Your Data
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
4.2 Service Providers
We may share data with trusted service providers who assist us:
- Web3Forms: Contact form processing
- Payment Processors: Stripe, PayPal (for payment processing)
- Email Services: For sending transactional emails and communications
- Cloud Infrastructure: Secure hosting and data storage
All service providers are bound by confidentiality agreements and process data only according to our instructions.
4.3 Legal Requirements
We may disclose your information if required by law or in response to:
- Valid legal process (subpoenas, court orders)
- Government or regulatory requests
- Protection of rights, property, or safety
- Investigation of fraud or security issues
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.
Data Security
5.1 Security Measures
As security professionals, we take data protection seriously and implement:
- Encryption: TLS/SSL for data transmission, AES-256 for data at rest
- Access Controls: Role-based access, multi-factor authentication
- Secure Storage: Data stored on encrypted, secure servers
- Regular Audits: Security assessments and vulnerability testing
- Employee Training: Staff trained on data protection and confidentiality
- Incident Response: Procedures for detecting and responding to breaches
5.2 Data Breach Notification
In the unlikely event of a data breach affecting your personal data, we will:
- Notify you within 72 hours of becoming aware of the breach
- Inform relevant supervisory authorities as required by GDPR
- Provide details about the breach and steps taken to mitigate harm
- Offer guidance on protective measures you can take
Data Retention
6.1 Retention Periods
We retain your personal data only as long as necessary for the purposes outlined in this policy:
| Data Type | Retention Period | Reason |
|---|---|---|
| Contact form inquiries | 2 years | Follow-up, service improvement |
| Client project data | 3 years after completion | Legal, warranty, support |
| Financial records | 7 years | Tax and legal compliance |
| Marketing communications | Until unsubscribe | Consent-based retention |
| Website analytics | 26 months | Usage analysis |
6.2 Secure Deletion
When data is no longer needed, we securely delete or anonymize it using industry-standard methods to prevent recovery.
Your Privacy Rights (GDPR)
Under GDPR and applicable data protection laws, you have the following rights:
Right to Access
Request a copy of the personal data we hold about you
Right to Rectification
Request correction of inaccurate or incomplete data
Right to Erasure
Request deletion of your personal data ("right to be forgotten")
Right to Restriction
Request limitation on how we process your data
Right to Data Portability
Receive your data in a structured, machine-readable format
Right to Object
Object to processing based on legitimate interests or direct marketing
Right to Withdraw Consent
Withdraw consent for processing at any time
Right to Lodge a Complaint
File a complaint with your local supervisory authority
7.1 Exercising Your Rights
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
7.2 Supervisory Authority
If you're not satisfied with how we handle your data, you have the right to lodge a complaint with:
CNIL (Commission Nationale de l'Informatique et des Libertés)
Website: www.cnil.fr
Cookies & Tracking Technologies
8.1 What Are Cookies?
Cookies are small text files stored on your device that help us provide and improve our services.
8.2 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Required for website functionality | Session |
| Analytics Cookies | Understand how visitors use our site | Up to 26 months |
| Functional Cookies | Remember your preferences | Up to 12 months |
8.3 Managing Cookies
You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.
- Chrome: Settings → Privacy and security → Cookies
- Firefox: Options → Privacy & Security → Cookies
- Safari: Preferences → Privacy → Cookies
- Edge: Settings → Privacy → Cookies
International Data Transfers
9.1 Data Location
Your data is primarily stored and processed within the European Union. However, some service providers may be located outside the EU/EEA.
9.2 Safeguards for International Transfers
When we transfer data internationally, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs): EU-approved data transfer agreements
- Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
- Privacy Shield (where applicable): For transfers to certified US companies
- Additional Safeguards: Encryption, access controls, contractual obligations
Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately so we can delete it.
Third-Party Websites
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies before providing any personal information.
Marketing Communications
12.1 Newsletter and Updates
With your consent, we may send you:
- Service updates and announcements
- Security tips and best practices
- Blog posts and educational content
- Promotional offers (rarely)
12.2 Opting Out
You can unsubscribe from marketing communications at any time by:
- Clicking the "unsubscribe" link in any email
- Emailing us at [email protected]
- Updating your communication preferences in your account
Note: You cannot opt out of transactional emails (order confirmations, service updates, security alerts) as these are essential for service delivery.
California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: What personal information we collect, use, and share
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt out of the sale of personal information (we don't sell data)
- Right to Non-Discrimination: Equal service regardless of privacy rights exercise
To exercise these rights, contact us at [email protected]
Data Protection Contact
For questions about this Privacy Policy or our data practices, contact:
Data Protection Officer
Akinciborg Security
Email: [email protected]
Address: Metz, Grand Est, France
SIRET: 891 836 413 00015
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
15.1 Notification of Changes
- We will post the updated policy on this page with a new "Last Updated" date
- For material changes, we will notify you via email or prominent website notice
- Continued use of our services after changes constitutes acceptance
15.2 Review Regularly
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. All penetration testing and security assessments are performed by human security professionals.
Your Consent
By using our website and services, you consent to the collection, use, and sharing of your information as described in this Privacy Policy.
For processing that requires explicit consent (such as marketing communications), we will obtain your clear, affirmative consent before proceeding.
Remember: You can withdraw your consent at any time by contacting us. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.
Privacy Questions?
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data:
Email: [email protected]
Company: Akinciborg Security
SIRET: 891 836 413 00015
Location: Metz, Grand Est, France
We will respond to your request within 30 days as required by GDPR.