Privacy Policy

Last updated 12/02/2025

Cyjax (“we”, “our”, or “us”) is committed to protecting and respecting your privacy. This Privacy Notice explains how we collect, use, disclose, and safeguard your personal data when you use our services, including access to our threat intelligence platform (the “Service”). It also covers any personal data we collect through marketing activities, interactions with us, or when you visit our website or express interest in our services.  

Please read this Privacy Notice carefully to understand our views and practices regarding your personal data, how we collect it, and how we treat it during your interactions with us, whether through service use, marketing outreach, or website engagement.

The Privacy Policy for Candidates can be found here

The Privacy Policy for Investors can be found here

CYJAX services, platform and website

CYJAX is a Threat Intelligence company that provides businesses with Threat Intelligence and alerting. We collect publicly available information from varying sources, enabling us to provide consultancy and advisory services to clients about the risks they face, and to help ensure their critical assets are secured. We do this through technologies designed to perform both automated and manual sourcing of threat intelligence information, alongside advanced analytic features that generate outputs in the form of alerts, reports or data feeds to enable business entities to conduct analysis of the threats they face.

1. Collection and use of personal data

We collect and use personal data for several purposes:

1.1 Information provided by you

Information provided by you is collected and used:

  • to fulfil a contract that we have entered with you or with the entity that you represent. In these circumstances it may be your entity, rather than you, that has provided us with your personal data. 
  • to provide you with information that you have requested or that we think may be relevant to a subject you have demonstrated an interest in.
  • to initiate a contract and/or commercial transaction with you or the entity you represent for the purchase of one of our products.
  • to ensure the security and safe operation of our websites and underlying business infrastructure and understand visitors’ usage of our website.
  • to manage any communication between you and us. 
1.2 Technical information

To ensure that each visitor to any of our websites can use and navigate the site effectively, we collect the following:

  • technical information, including the IP (Internet Protocol) address used to connect your device to the Internet.
  • your login information, browser type and version, time zone setting, browser plug-in types and versions.
  • operating system and platform.
  • information about your visit, including the URL (Uniform Resource Locators) clickstream to, through, and from our site.

Our Cookies Policy is available here.

As a visitor, you do not need to submit any personal information to use our website. Certain areas of the site allow you to provide us with personal information for purposes such as communicating with us, gaining access to view protected and secured content, or requesting communications about specific areas of interest.

1.3 Information we obtain from third party sources

Marketing: We may receive information from certain third-party sources such as social media platforms, event sponsors or commercial lead sources/lead generation companies, other data providers and our marketing partners. We may collect the following:

  • your business contact information – your name, email address, telephone number
  • Your role and interest – company name and department/job role and interest in our product.

Lead generation: We periodically appoint agents to conduct lead generating and marketing activities on our behalf. Such activity may result in the processing of personal information where we believe we have a legitimate interest in marketing our goods and services to existing and prospective customers and those who have expressed an interest in our services. 

We, or our carefully selected third-party service providers, will only use this information to contact you by email or by phone to:

  • provide you with information about our products and services.
  • keep you up to date with our latest service announcements, updates or offers.
  • respond to your enquiries.
  • invite you to view or discuss our products and services.

If we send you invitations, alerts or other sales and marketing communications, we will provide you with the ability to opt out/unsubscribe from receiving future sales and marketing communications. The ability for our product users to unsubscribe from marketing communications does not mean that users unsubscribe from formal notices concerning the legal or contractual communications. We will never:

  • sell, lease, your information or otherwise make available to another company for their marketing purposes. It will only be shared with our marketing partners for our marketing activities.
  • make your email address visible to other subscribers. All emails will be sent with technology that will not disclose your email address.

We use HubSpot for customer account management and marketing activities. Their data privacy policies can be found at legal.hubspot.com/privacy-policy.

Website analytics and protection: By using this website, you acknowledge that we employ tracking technologies, including heat maps and session recordings through Hotjar, to enhance user experience. We also use Google Analytics to collect standard internet log information and details of visitor behaviour patterns, and Cloudflare to help maintain the security and performance of our website. All collected data is anonymised and does not include personally identifiable information (PII) unless provided by you through forms (where the information is masked). This information does not identify visitors, and we ensure that no method of collection would allow the identities of those visiting our website to be revealed. You can opt out of session recordings at any time by adjusting your preferences in the privacy settings.

Advertising: We use your personal data to show you relevant advertisements based on your interests and interactions on Google and LinkedIn. This includes information like your browsing history, job title, location, and engagement with ads. Google and LinkedIn help us deliver and measure these ads. You can manage your ad preferences or opt out at any time by visiting Google Ads Settings or LinkedIn Ad Preferences.

1.4 In the event that our business is sold

If CYJAX or the majority of its assets are acquired by somebody else, your personal information will be transferred to the buyer.

2. How we use your data

We use your personal data for the following purposes: 

  • Providing the Service: To provide you with access to our platform, deliver threat intelligence services, and manage your account. 
  • Improving Our Services: To analyse usage patterns, improve our platform’s performance, and enhance user experience. 
  • Customer Support: To respond to your inquiries, resolve issues, and provide technical support. 
  • Billing and Payments: To process your payments and manage your subscription. 
  • Compliance and Security: To ensure our services are secure, prevent fraud, and comply with applicable legal requirements. 

          3. Lawful basis for processing personal data

          When you supply any personal information to us, we have legal obligations towards you in the way we use it. We will always ensure that whenever personal data processed, industry standards and legal requirements are maintained.

          The table below describes the various forms of personal data we collect and the lawful basis for processing this data. We have processes in place to make sure that only those people in our organisation who need to access your data can do so. Several data elements are collected for multiple purposes, as the table below shows.

          Purpose for collection Data collected Reason for collection Information category Lawful basis for processing Data shared with Retention period
          Fulfilment information
          Threat Intelligence Service Provision          		 Name, company name, job title and email address To create and provide access to the Digital Threat Intelligence Platform User credentials Contractual Performance Internally, email sending platform, and Business entity you are a member of 1 month following end of contract
          Prevent & mitigate cyber threats *Name, telephone, address/location, and email addresses, contact details, aliases, social media accounts, financial information e.g. credit card information, photographs, DOB * To provide Threat Intelligence services to clients to enable risk management to their business and potentially fraudulent activity Personal data – Open source on internet and dark net Contractual Performance, Public interest & Legitimate Interests Internally and with clients up to 4 years
          Transactional/invoice Information Name, and physical business: address, email address, telephone number, bank account & details / payment information To process payments and associated documentation for the Services provided to your organisation and to ensure any issues can be dealt with. For accounting, VAT and taxation purposes should any contractual legal claim arise Transaction/ invoice details Contractual performance
          Statutory obligation
          Legitimate interest          		 Internally & Professional advisors 7 Years
          Security Technical information,IP addresses, login information (where applicable), To protect our websites and infrastructure from attacks and threats. To enable trouble shooting. To collect statistics of website usage Security information Legitimate interest Internally 18 months
          Analytics Technical information, IP addresses, login information (where applicable), To understand user behaviour on the website. To enable trouble shooting. To collect statistics of website usage Analytic information Legitimate interest Internally 12 months
          Communications and account servicing Names, contact details To communicate with you regarding the service and new products. Personal data -Contact information Contractual Performance Internally and CRM provider 6 months following end of contract
          Marketing and sales Name, contact details To communicate with you regarding our services and provide articles that we believe will be of interest with you Personal data – Contact information Legitimate Interest Internally, CRM provider and trusted third parties 2 years
          Advertising Name, job title, business entity To deliver personalised and relevant advertisements, improving the effectiveness of our marketing campaigns Ad personalisation data Legitimate Interest Internally, Ad provider and trusted third parties 2 years

          *We collect open-source information published on the internet and darknet in order to supply our clients with threat intelligence services. As part of this we may capture any information relating to individuals which has been made publicly available. However, we do not specifically target the collection of information relating to members of the public. The processing of this information enables our clients to be:

          • aware of vulnerabilities or exploits targeting them, ensuring they keep their networks secure
          • aware of data breaches either directly impacting them or third parties
          • protecting their critical assets
          • preventing PII-enabled attacks against them or their customers
          • aware of exposure of employee, or customer information
          • aware of direct threats to them or third parties

          Due to the volume of data CYJAX is collecting for this purpose, we rely on exemptions in Articles 14 a) and b) of the General Data Protection Regulation (GDPR) as it cannot feasibly be verified whether individuals are already aware that their personal data has been exposed, and it would involve a disproportionate effort to notify them and ask their consent for storing this data. CYJAX’s processing of this data does minimise the threat to them and potentially mitigate against PII-related attacks that could be carried out against them.

          http://www.privacy-regulation.eu/en/article-14-information-to-be-provided-where-personal-data-have-not-been-obtained-from-the-data-subject-GDPR.htm

          3.1 If our business is sold

          We will share your information with the purchaser of our business and your personal information will be shared for this purpose. In this instance, we have a legitimate interest to ensure that our business can continue for the buyer. If you object to the use of your personal information in this way, the buyer will not be able to provide the services you have subscribed to. In some circumstances we will need to share your personal information if we are under a legal obligation to do so.

          4. Retention

          We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. When your data is no longer needed, we will securely delete or anonymise it

          5. Security

          CYJAX is dedicated to ensuring that all information is protected against unauthorised access, processed appropriately, and held securely in accordance with the UK  and EU General Data Protection Regulation (GDPR) and Data Protection Act 2018. 

          Our ISMS (information security management system) is certified to ISO/IEC 27001, demonstrating that we have the appropriate Framework in place to ensure that all our information assets and networks are secure. 

          All data is encrypted both in transit, end-to-end and at rest using AES-258.

          6. Storage

          We will make every practical effort to store and process your information in the country in which it was submitted. However, some of our third-party suppliers may be based outside the UK and European Economic Area (EEA), so there may be instances when data is stored and transferred outside the UK or EEA. In the eventuality that data is transferred outside these areas, we have the following safeguards in place:

          • the country or relevant territory has an adequate level of protection as recognised by the Information Commission Office
          • specific contracts approved by the appropriate Commission which give your personal information the same protection it has as if it stayed in the UK or EEA along with effective data controls
          • the third-party supplier has met our data security standards and is compliant with our information management security framework
          • all data is encrypted both in transit, end-to-end and at rest
          • data is stored within defined retention periods and is regularly reviewed
          6.1 Third parties and sub-processors

          We may disclose information to our carefully selected third parties to provide elements of our services and management of these services, such as hosting, invoicing system administration, file management. If the third-party processes data on our behalf, we will ensure that the processor only has the information they require to perform their specific service and is only entitled to process personal data to our specific instructions.

          If we need to transfer your personal information to another organisation for processing in countries that are not located in the United Kingdom, European Economic Area or listed as ‘adequate’ by the Information Commissioner’s Office, we will only do so if we have sufficient protections in place to safeguard information, including, where appropriate, contractual terms approved by the relevant regulatory authorities

          7. Sharing

          Any information you provide to CYJAX, or that CYJAX collects, will only be used within CYJAX. It will not be shared with any third parties for commercial gain or sold.

          The only other instances in which we would share this information is where we are obliged or permitted to by law, or consent has been given.

          8. Your rights in relation to personal data

          Under data protection laws in the European Union and the UK, you have certain rights in relation to your personal information. You have the right:

          • to be informed about the collection and the use of their personal data
          • to access personal data and supplementary information
          • to have inaccurate personal data rectified, or completed if it is incomplete
          • to erasure (to be forgotten) in certain circumstances
          • to restrict processing in certain circumstances
          • to data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services
          • to cease/object to processing in certain circumstances
          • rights in relation to automated decision making and profiling
          • to complain to the Information Commissioner
          • to withdraw your consent at any time (where relevant) by contacting [email protected]

          full list of your rights under the General Data Protection Regulation (GDPR) is available on the Information Commissioner’s Office (ICO) website.

          We will handle all requests in accordance with applicable law. However, depending on the right you wish to exercise, and the nature of the personal information involved, there may be legal reasons why we cannot grant your request. If this is the case, we will write to you to explain the reasons why.

          9. Accessing, rectifying, restricting, objecting to processing of, or erasure of your personal information

          To exercise your right to access, rectify, restrict, object to processing of, or erase the personal information CYJAX holds about you, please contact our Data Privacy Manager at privacy[at]cyjax.com or, if you are based in the EU or our EU Representative (details below).

          Requests will be acknowledged within three working days, with the final response and disclosure of information (subject to exemptions) within 30 calendar days.

          A ‘cease processing request’ from an individual will be acknowledged immediately with an automatic email response stating that CYJAX intends to comply with the request.

          For information on the Privacy and Electronic Communications (EC Directive) Regulations 2003, UK General Data Protection Regulation (GDPR), Data Protection Act 2018 and the Information Commissioner’s Office, please follow this link: https://ico.org.uk/.

          CYJAX is registered with the United Kingdom Information Commissioner’s Office (ICO) under reference ZA053004, as required by UK (United Kingdom) legislation. 

          9.1 EU (European Union) Representative

          As we do not have an establishment in the European Union (“EU”), we have appointed a representative based in Ireland, who you may contact if you are located in the EU to raise any issues or queries you may have relating to our processing of your Personal Data and/or this Privacy Notice.  Our EU representative is Data Protection Limited, located at 2 Pembroke House, 28-32 Upper Pembroke Street, Dublin, Ireland D02 EK84. Our EU representative can be contacted directly on 00 353 1 447 0402 or at [email protected].

          9.2 Disclaimer

          As far as is possible, CYJAX will ensure that information provided on this website is accurate. We cannot accept any liability whatsoever for omission or error. Equally, as we regularly virus-check materials, we cannot accept any responsibility for any disruption or damage that may occur during use of this website.

          Links to other websites included on this website do not imply any endorsement, validation, or responsibility by CYJAX as to the content or privacy policies of such sites. We cannot guarantee that these links will work all the time and we have no control over the availability of the linked pages.

                    Scroll to Top