Legal

Privacy Policy

How Cyber Solutions Inc. collects, uses, and protects personal information, including your rights under GDPR and CCPA/CPRA.

[ STATUS ]
24/7 SOC

Active Monitoring

Live threat intel · less than an hour response SLA · US-based senior engineers.

[ CALL ]
864-224-0008

Support · 24/7

Dial

Effective date: June 30, 2026 · Last updated: June 30, 2026

1. About this notice

This Privacy Policy explains how Cyber Solutions Inc. ("Cyber Solutions", "we", "us", "our") collects, uses, shares, and protects personal information when you visit discovercybersolutions.com (the "Site"), use our managed IT, cybersecurity, compliance, incident response, AI, and voice services (the "Services"), or otherwise interact with us. It is designed to satisfy the EU and UK General Data Protection Regulation (GDPR/UK GDPR), the California Consumer Privacy Act as amended by the CPRA (collectively, "CCPA"), and other applicable US state privacy laws including those of Virginia, Colorado, Connecticut, Utah, and Texas.

2. Who we are (controller)

Cyber Solutions Inc., 210 S Main St, Anderson, SC 29624, United States, is the "controller" of personal information collected through the Site and most marketing activities. When we process personal information on behalf of a client under a written services agreement, we act as a "processor" or "service provider" and the client is the controller. In that role we only process personal information on documented instructions and pursuant to that agreement.

Privacy contact: privacy@discovercybersolutions.com · 864-224-0008

3. Categories of personal information we collect

In the past 12 months and going forward we may collect the following CCPA categories of personal information:

  • Identifiers: name, email, phone, company, job title, IP address, online identifiers.
  • Customer records: billing contact, mailing address, signatory details for service agreements.
  • Commercial information: services purchased or considered, support tickets, assessment responses.
  • Internet or network activity: pages visited, referrer, device and browser data, interactions with the Site, cookies, log files.
  • Geolocation: approximate location derived from IP address.
  • Professional or employment information: role, team size, industry, when shared in inquiries or assessments.
  • Inferences: general interest in particular Services drawn from the above.

We do not knowingly collect "sensitive personal information" as defined under CCPA, "special categories of data" under GDPR, or information from children under 16. Do not submit such information through the Site.

4. Sources of information

  • Directly from you (forms, email, phone, contracts, assessments, support tickets).
  • Automatically through cookies, server logs, and analytics tools.
  • From clients on whose behalf we provide Services.
  • From service providers, partners, and publicly available sources.

5. Purposes and GDPR legal bases

PurposeGDPR legal basis
Respond to inquiries; deliver requested informationPerformance of a contract / legitimate interests
Provide, maintain, and improve the ServicesPerformance of a contract / legitimate interests
Billing, accounting, and contract administrationContract / legal obligation
Security, fraud prevention, incident responseLegitimate interests / legal obligation
Marketing communications you can opt out ofConsent (EEA/UK) / legitimate interests (US)
Analytics and product improvementConsent (where required) / legitimate interests
Compliance with law, audits, dispute resolutionLegal obligation / legitimate interests

6. Cookies and similar technologies

We use strictly necessary, analytics, and preference cookies. Where consent is required, we obtain it through our cookie banner before setting non-essential cookies, and you can withdraw consent at any time using the "Cookie preferences" link in the footer. See our Cookie Policy for details.

7. How we share information

We do not sell personal information for money. In the previous 12 months we have not "sold" personal information as that term is traditionally understood, and we do not knowingly "share" personal information for cross-context behavioral advertising under CCPA. We disclose personal information to:

  • Service providers and subprocessors (hosting, analytics, email, CRM, ticketing, billing) under written contracts requiring confidentiality and CCPA-compliant restrictions.
  • Clients when we deliver Services on their behalf, as their processor.
  • Professional advisors (lawyers, auditors, accountants) under confidentiality obligations.
  • Authorities when required by law, subpoena, or to protect rights, property, or safety.
  • In a corporate transaction such as a merger, acquisition, or asset sale, subject to confidentiality.

8. International transfers

We are based in the United States and primarily process information in the US. If we receive personal information from the EEA, UK, or Switzerland, we rely on appropriate safeguards including the European Commission's Standard Contractual Clauses and the UK Addendum, supplementary measures where required, and where applicable our certification under the EU-US, UK Extension, and Swiss-US Data Privacy Frameworks (subject to the relevant adequacy decisions in force). Contact us for a copy of the relevant transfer mechanism.

9. Retention

We retain personal information only as long as needed for the purposes described, to satisfy contractual and legal obligations, to enforce our agreements, and to resolve disputes. Typical retention: inquiry data up to 24 months from last contact; assessment responses up to 24 months; client records for the term of the engagement plus 7 years; security and log data per our internal retention schedule. Backups are cycled on a regular schedule and removed in the ordinary course.

10. Security

We maintain an information security program aligned with NIST CSF and apply administrative, technical, and physical safeguards proportionate to the risk, including encryption in transit, role-based access, MFA, monitoring, vulnerability management, and vendor due diligence. No system is perfectly secure; if a breach occurs we will notify you and authorities as required by law.

11. Your GDPR / UK GDPR rights

If GDPR or UK GDPR applies to you, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request erasure ("right to be forgotten") in certain circumstances.
  • Restrict or object to processing, including profiling and direct marketing.
  • Receive your information in a portable format and have it transmitted to another controller where technically feasible.
  • Withdraw consent at any time, without affecting prior lawful processing.
  • Lodge a complaint with your supervisory authority, such as the Irish Data Protection Commission, the UK ICO, or your local DPA.

To exercise any right, email privacy@discovercybersolutions.com. We will verify your identity and respond within 30 days (extendable by 60 days for complex requests under GDPR).

12. Your California (CCPA/CPRA) rights

California residents have the right to:

  • Know the categories and specific pieces of personal information collected, the sources, business purposes, and categories of recipients.
  • Delete personal information we have collected, subject to exceptions.
  • Correct inaccurate personal information.
  • Opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under CCPA; if this changes we will provide a "Do Not Sell or Share My Personal Information" link.
  • Limit the use of sensitive personal information (we do not use sensitive personal information for any purpose requiring this right today).
  • Non-discrimination for exercising these rights.
  • Designate an authorized agent to make a request on your behalf, subject to verification.

Submit a request by emailing privacy@discovercybersolutions.com or calling 864-224-0008. We respond to verifiable consumer requests within 45 days, with one 45-day extension where reasonably necessary.

13. Other US state rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws have similar rights to access, correct, delete, obtain a portable copy, and opt out of targeted advertising, sale of personal data, and certain profiling. We honor global privacy control (GPC) signals where required. To exercise rights, use the contact information above. You may appeal a denial by replying to our response within 60 days.

14. Marketing communications

You may opt out of marketing email at any time by using the unsubscribe link in any message or by emailing us. Service-related communications such as security advisories and billing notices are not promotional and will continue while you are a client.

15. Automated decision-making

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing.

16. Children

The Site and Services are intended for businesses. We do not direct the Site to, or knowingly collect personal information from, individuals under 16. If you believe a child has provided us personal information, contact us and we will delete it.

17. Third-party links

The Site may link to third-party websites and tools. We are not responsible for their privacy practices; review their notices before sharing information.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be highlighted on the Site and, where required, communicated by email. The "Last updated" date reflects the most recent revision.

19. Contact

Cyber Solutions Inc., 210 S Main St, Anderson, SC 29624, United States · privacy@discovercybersolutions.com · 864-224-0008.