Privacy Policy
How Cyber Solutions Inc. collects, uses, and protects personal information, including your rights under GDPR and CCPA/CPRA.
Active Monitoring
Live threat intel · less than an hour response SLA · US-based senior engineers.
Support · 24/7
Effective date: June 30, 2026 · Last updated: June 30, 2026
1. About this notice
This Privacy Policy explains how Cyber Solutions Inc. ("Cyber Solutions", "we", "us", "our") collects, uses, shares, and protects personal information when you visit discovercybersolutions.com (the "Site"), use our managed IT, cybersecurity, compliance, incident response, AI, and voice services (the "Services"), or otherwise interact with us. It is designed to satisfy the EU and UK General Data Protection Regulation (GDPR/UK GDPR), the California Consumer Privacy Act as amended by the CPRA (collectively, "CCPA"), and other applicable US state privacy laws including those of Virginia, Colorado, Connecticut, Utah, and Texas.
2. Who we are (controller)
Cyber Solutions Inc., 210 S Main St, Anderson, SC 29624, United States, is the "controller" of personal information collected through the Site and most marketing activities. When we process personal information on behalf of a client under a written services agreement, we act as a "processor" or "service provider" and the client is the controller. In that role we only process personal information on documented instructions and pursuant to that agreement.
Privacy contact: privacy@discovercybersolutions.com · 864-224-0008
3. Categories of personal information we collect
In the past 12 months and going forward we may collect the following CCPA categories of personal information:
- Identifiers: name, email, phone, company, job title, IP address, online identifiers.
- Customer records: billing contact, mailing address, signatory details for service agreements.
- Commercial information: services purchased or considered, support tickets, assessment responses.
- Internet or network activity: pages visited, referrer, device and browser data, interactions with the Site, cookies, log files.
- Geolocation: approximate location derived from IP address.
- Professional or employment information: role, team size, industry, when shared in inquiries or assessments.
- Inferences: general interest in particular Services drawn from the above.
We do not knowingly collect "sensitive personal information" as defined under CCPA, "special categories of data" under GDPR, or information from children under 16. Do not submit such information through the Site.
4. Sources of information
- Directly from you (forms, email, phone, contracts, assessments, support tickets).
- Automatically through cookies, server logs, and analytics tools.
- From clients on whose behalf we provide Services.
- From service providers, partners, and publicly available sources.
5. Purposes and GDPR legal bases
| Purpose | GDPR legal basis |
|---|---|
| Respond to inquiries; deliver requested information | Performance of a contract / legitimate interests |
| Provide, maintain, and improve the Services | Performance of a contract / legitimate interests |
| Billing, accounting, and contract administration | Contract / legal obligation |
| Security, fraud prevention, incident response | Legitimate interests / legal obligation |
| Marketing communications you can opt out of | Consent (EEA/UK) / legitimate interests (US) |
| Analytics and product improvement | Consent (where required) / legitimate interests |
| Compliance with law, audits, dispute resolution | Legal obligation / legitimate interests |
6. Cookies and similar technologies
We use strictly necessary, analytics, and preference cookies. Where consent is required, we obtain it through our cookie banner before setting non-essential cookies, and you can withdraw consent at any time using the "Cookie preferences" link in the footer. See our Cookie Policy for details.
7. How we share information
We do not sell personal information for money. In the previous 12 months we have not "sold" personal information as that term is traditionally understood, and we do not knowingly "share" personal information for cross-context behavioral advertising under CCPA. We disclose personal information to:
- Service providers and subprocessors (hosting, analytics, email, CRM, ticketing, billing) under written contracts requiring confidentiality and CCPA-compliant restrictions.
- Clients when we deliver Services on their behalf, as their processor.
- Professional advisors (lawyers, auditors, accountants) under confidentiality obligations.
- Authorities when required by law, subpoena, or to protect rights, property, or safety.
- In a corporate transaction such as a merger, acquisition, or asset sale, subject to confidentiality.
8. International transfers
We are based in the United States and primarily process information in the US. If we receive personal information from the EEA, UK, or Switzerland, we rely on appropriate safeguards including the European Commission's Standard Contractual Clauses and the UK Addendum, supplementary measures where required, and where applicable our certification under the EU-US, UK Extension, and Swiss-US Data Privacy Frameworks (subject to the relevant adequacy decisions in force). Contact us for a copy of the relevant transfer mechanism.
9. Retention
We retain personal information only as long as needed for the purposes described, to satisfy contractual and legal obligations, to enforce our agreements, and to resolve disputes. Typical retention: inquiry data up to 24 months from last contact; assessment responses up to 24 months; client records for the term of the engagement plus 7 years; security and log data per our internal retention schedule. Backups are cycled on a regular schedule and removed in the ordinary course.
10. Security
We maintain an information security program aligned with NIST CSF and apply administrative, technical, and physical safeguards proportionate to the risk, including encryption in transit, role-based access, MFA, monitoring, vulnerability management, and vendor due diligence. No system is perfectly secure; if a breach occurs we will notify you and authorities as required by law.
11. Your GDPR / UK GDPR rights
If GDPR or UK GDPR applies to you, you have the right to:
- Access the personal information we hold about you.
- Request correction of inaccurate or incomplete information.
- Request erasure ("right to be forgotten") in certain circumstances.
- Restrict or object to processing, including profiling and direct marketing.
- Receive your information in a portable format and have it transmitted to another controller where technically feasible.
- Withdraw consent at any time, without affecting prior lawful processing.
- Lodge a complaint with your supervisory authority, such as the Irish Data Protection Commission, the UK ICO, or your local DPA.
To exercise any right, email privacy@discovercybersolutions.com. We will verify your identity and respond within 30 days (extendable by 60 days for complex requests under GDPR).
12. Your California (CCPA/CPRA) rights
California residents have the right to:
- Know the categories and specific pieces of personal information collected, the sources, business purposes, and categories of recipients.
- Delete personal information we have collected, subject to exceptions.
- Correct inaccurate personal information.
- Opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under CCPA; if this changes we will provide a "Do Not Sell or Share My Personal Information" link.
- Limit the use of sensitive personal information (we do not use sensitive personal information for any purpose requiring this right today).
- Non-discrimination for exercising these rights.
- Designate an authorized agent to make a request on your behalf, subject to verification.
Submit a request by emailing privacy@discovercybersolutions.com or calling 864-224-0008. We respond to verifiable consumer requests within 45 days, with one 45-day extension where reasonably necessary.
13. Other US state rights
Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws have similar rights to access, correct, delete, obtain a portable copy, and opt out of targeted advertising, sale of personal data, and certain profiling. We honor global privacy control (GPC) signals where required. To exercise rights, use the contact information above. You may appeal a denial by replying to our response within 60 days.
14. Marketing communications
You may opt out of marketing email at any time by using the unsubscribe link in any message or by emailing us. Service-related communications such as security advisories and billing notices are not promotional and will continue while you are a client.
15. Automated decision-making
We do not make decisions producing legal or similarly significant effects about you based solely on automated processing.
16. Children
The Site and Services are intended for businesses. We do not direct the Site to, or knowingly collect personal information from, individuals under 16. If you believe a child has provided us personal information, contact us and we will delete it.
17. Third-party links
The Site may link to third-party websites and tools. We are not responsible for their privacy practices; review their notices before sharing information.
18. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be highlighted on the Site and, where required, communicated by email. The "Last updated" date reflects the most recent revision.
19. Contact
Cyber Solutions Inc., 210 S Main St, Anderson, SC 29624, United States · privacy@discovercybersolutions.com · 864-224-0008.
