Last updated: April 2026
1. Information We Collect
We collect information you voluntarily provide through our contact form: name, email address, organisation name, and the message content. We do not use cookies for tracking, and we do not sell or share your information with third parties.
2. How We Use Your Information
Information submitted through our contact form is used solely to respond to your enquiry or process your engagement request. We do not add you to marketing lists without explicit consent.
3. Data Storage
Contact form submissions are stored in our internal systems (Notion and Microsoft 365) and used solely to schedule, conduct, and follow up on the requested consultation. The data we collect includes your name, email address, phone number, company information, and the contents of your inquiry. Your information will not be sold or shared with third parties except as required to deliver the requested services or comply with legal obligations. You may request access, correction, or deletion of your data at any time by emailing info@cybersecpentesting.com. Engagement-related communications are retained for the duration of the engagement and for three years thereafter for legal and compliance purposes; non-engagement inquiries follow a 90-day operational retention.
4. Security
All API traffic is encrypted with TLS 1.2 or higher. Stored data is protected by AES-256 encryption at rest. Administrative access requires SSH ed25519 key authentication. All cloud accounts enforce two-factor authentication. Web traffic is filtered through a Web Application Firewall. API tokens are stored in root-only protected files with mode 0600. Hosting and storage reside in a Canadian region (Toronto, TOR1); Notion data resides on AWS US-East under Notion's GDPR Data Processing Addendum (Standard Contractual Clauses).
4a. Compliance Posture
Our processing meets GDPR Article 32 (security of processing) via AES-256 at rest, TLS in transit, and access logging. We meet PIPEDA Principle 7 (Safeguards) via encrypted storage, two-factor authentication, and key segregation. Automated retention jobs apply data minimisation by limiting personally identifiable execution history to three days of operational necessity.
5. Your Rights
You have the right to request access to, correction of, or deletion of any personal data we hold about you. Contact us at info@cybersecpentesting.com.
6. Contact
Cyber Security Pentesting Inc., Toronto, Ontario, Canada.
Email: info@cybersecpentesting.com