Privacy Policy

Cyber Horizon Intelligence Ltd ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use our website, platform, and services. This Policy is designed to comply with:

• UK GDPR
• EU GDPR (where applicable)
• Data Protection Act 2018

1. Who We Are

Cyber Horizon Intelligence Ltd
Email: privacy@cyberhorizon.co
Data Protection Officer: dpo@cyberhorizon.co

We act as: Data Controller for website visitors, account management, billing, and marketing; and Data Processor when processing customer data within our platform under a Data Processing Agreement.

2. Personal Data We Collect

2.1 Information You Provide

• Name
• Business email address
• Company details
• Billing information
• Account credentials
• Support communications

2.2 Information Collected Automatically

• IP address
• Device and browser information
• Login timestamps
• Audit logs
• Usage metrics
• Platform interaction data

2.3 Customer-Uploaded Data

Customers may upload compliance documentation, audit evidence, risk registers, and other data. In these cases we act strictly as a Data Processor and do not access or use this data except as required to provide the service.

3. Legal Basis for Processing

4. How We Use Personal Data

• Provide, operate, and maintain our platform
• Authenticate users and enforce access controls
• Process payments and manage subscriptions
• Provide customer support
• Monitor, detect, and prevent security incidents
• Improve platform performance and usability
• Comply with legal and regulatory obligations

We do not sell personal data.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our services. Types: Strictly Necessary Cookies (required for platform functionality), Analytics Cookies (to understand usage), Preference Cookies (to remember settings). Where required, we obtain consent before placing non-essential cookies. See our Cookie Policy.

6. Data Sharing and Subprocessors

We may share personal data with cloud hosting providers, payment processors, analytics providers, and customer support tools. All subprocessors are subject to strict contractual safeguards. We may also share with legal/regulatory authorities where required by law, and in the event of corporate transactions.

7. International Data Transfers

Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards including Standard Contractual Clauses (SCCs), UK International Data Transfer Addendum, and Adequacy Decisions.

8. Data Retention

9. Security Measures

• Encryption in transit and at rest
• Role-Based Access Control (RBAC)
• Multi-Factor Authentication (MFA)
• Logging and continuous monitoring
• Vulnerability scanning and penetration testing
• Secure development practices
• Incident response procedures

10. Data Breach Notification

• We will investigate and take appropriate remedial action
• Where required, we will notify affected customers without undue delay
• We comply with applicable legal breach notification obligations

11. Your Rights

Under UK GDPR you have the right to: access your personal data, rectify inaccurate data, request erasure, restrict processing, object to processing, and request data portability. You also have the right to lodge a complaint with the Information Commissioner's Office.

To exercise your rights: privacy@cyberhorizon.co. We will respond within 30 days.

12. Automated Decision-Making

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

13. Children's Data

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

14. Data Processing Agreement

Where we act as a Data Processor, our processing is governed by a DPA. Customers may request a DPA by contacting: dpo@cyberhorizon.co

15. Data Hosting and Location

Our services are hosted in secure data centres in the United Kingdom and/or European Economic Area (EEA).

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last Updated" date and posting notice on our website.