Privacy Policy
Effective date: April 21, 2026
ZeroRisk Labs ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website at zerorisklabs.com and our services.
1. Information We Collect
When you interact with our website, we may collect the following types of information:
a) Information You Provide
- Contact details — first name, last name, and email address submitted through our contact or service request forms.
- Message content — the text you include in form submissions describing your inquiry or project requirements.
- Service selection — the type of cybersecurity service you are interested in, if applicable.
b) Information Collected Automatically
- IP address — used solely for rate limiting to protect our services from abuse. We do not use IP addresses for tracking or profiling.
- Request metadata — user agent string and request origin, used for rate limiting identity and abuse prevention.
2. How We Use Your Information
- Respond to your inquiries and service requests.
- Scope and deliver cybersecurity engagements you have requested.
- Protect our website and API from abuse via rate limiting.
- Improve the quality and reliability of our services.
- Comply with applicable legal obligations.
We do not use your information for advertising, profiling, or automated decision-making.
3. Lawful Basis for Processing
Where required by applicable law, we process personal data only when we have a valid legal basis to do so.
- To take steps at your request before entering into a contract and to perform contractual obligations.
- To pursue our legitimate interests, such as securing our website, preventing abuse, and responding to business inquiries, where such interests are not overridden by your rights.
- To comply with legal and regulatory obligations.
- Based on your consent, where consent is required by law.
4. Data Storage and Security
Form submissions are stored in secured systems with strict access controls and role-based authorization.
Data is encrypted in transit and protected using industry-standard administrative, technical, and organizational safeguards.
We apply layered security controls, security monitoring, and access auditing to reduce the risk of unauthorized access, disclosure, alteration, or destruction of data.
For security reasons, we do not publicly disclose internal architecture, tooling, or implementation details of our defensive controls.
5. Data Sharing
We do not sell, rent, or trade your personal information to third parties.
Your data may be shared only in the following circumstances:
- With your explicit consent.
- To comply with a legal obligation, court order, or regulatory requirement.
- To protect the rights, safety, or property of ZeroRisk Labs, our users, or the public.
6. Data Retention
We retain form submission data for as long as necessary to fulfill the purpose for which it was collected, typically for the duration of an active engagement plus a reasonable post-engagement period.
Security and abuse-prevention records are retained only for the period needed to detect, prevent, and investigate misuse.
You may request deletion of your personal data at any time by contacting us at the address below.
7. Cookies and Tracking
Our website does not use cookies for tracking, analytics, or advertising purposes. We do not integrate third-party analytics or tracking scripts.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Correction — request correction of inaccurate or incomplete data.
- Deletion — request deletion of your personal data.
- Objection — object to the processing of your personal data.
- Portability — request transfer of your data in a machine-readable format.
To exercise any of these rights, please contact us using the details in Section 16.
9. International Data Transfers
Where personal data is transferred across borders, we apply appropriate legal and contractual safeguards consistent with applicable data protection laws.
By using our website or submitting information to us, you acknowledge that your information may be processed in jurisdictions with data protection standards that differ from those in your country.
10. Children's Privacy
Our website and services are not directed to children, and we do not knowingly collect personal data from children in violation of applicable law.
If you believe a child has provided personal data to us, please contact us so we can review and delete the information where required.
11. Do Not Track Signals
Some browsers provide a "Do Not Track" (DNT) setting. At this time, we do not respond to DNT signals with a separate processing workflow because no uniform technical standard exists.
We do not use cross-site behavioral advertising or profiling cookies.
12. Security Incidents and Breach Notification
If we determine that a security incident has resulted in unauthorized access to personal data, we will take appropriate containment, investigation, and remediation actions.
Where required by applicable law, we will provide notifications to affected individuals and/or competent authorities within legally required timeframes.
13. Sub-processors and Service Providers
We may use carefully selected service providers to support operations such as communications delivery, infrastructure management, and security operations.
These providers process personal data only on our instructions and are subject to confidentiality and data protection obligations.
14. Third-Party Links
Our website may contain links to external sites. We are not responsible for the privacy practices or content of those external sites. We encourage you to review their privacy policies independently.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Any updates will be posted on this page with a revised effective date. We encourage you to review this page periodically.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: