Privacy Policy - SignumInsights
Privacy Policy

Your Privacy Matters to Us

We're committed to protecting your privacy and being transparent about how we collect, use, and safeguard your information.

Last updated: July 21, 2025

This Privacy Policy describes how SignumCyber ("Company," "we," "us," or "our") collects, uses, and shares personal information when you visit our website [www.signumcyber.com] (the "Site") or use any of our products or services (collectively, the "Services"). By accessing or using our Services, you agree to the collection and use of your information in accordance with this Privacy Policy.

1. Information We Collect

Account & Contact Information

When you create an account or purchase our digital Services, we collect:

  • Personal identifiers: Full name (first and last), email address
  • Account credentials: Username, encrypted passwords, security preferences
  • Contact information: Phone number (optional for customer support)
  • Service access data: User roles, subscription status, access permissions

Billing & Tax Compliance Information

For payment processing and tax compliance requirements, we collect:

  • Complete billing address: Street address, apartment/suite, city, state, ZIP/postal code
  • Geographic data: Country/region selection for tax calculation purposes
  • Tax jurisdiction data: Location-based information required by tax authorities
  • Order details: Service packages selected, pricing tier, subscription preferences
  • Optional order notes: Any special instructions or requirements you provide

This information is required by law for digital product tax calculation and compliance with sales tax, VAT, and GST regulations worldwide.

Payment Information

We use third-party payment processors (Stripe) to handle credit card transactions. We do not store complete financial information on our servers. Stripe processes payments according to their privacy policy at https://stripe.com/privacy.

Security & System Data

To protect our platform and users, we collect:

  • IP addresses and network information for security monitoring
  • Device fingerprinting data (browser type, version, operating system, screen resolution)
  • Security logs including failed login attempts, suspicious activity alerts
  • Session data including login times, activity patterns, geographic location
  • Firewall and intrusion detection logs through Wordfence security plugin

Note: We use Wordfence (by Defiant Inc.) for website security. Wordfence may collect and process IP addresses and other security-related data, which may be transmitted to servers in the United States. See Wordfence's privacy policy at https://www.wordfence.com/privacy-policy/

Usage Analytics (Anonymous)

We collect anonymized usage data to improve our Services and develop industry insights:

  • Feature usage statistics (which assessments are completed, time spent)
  • Performance metrics (page load times, error rates)
  • Aggregated industry trends derived from anonymized client data
  • Product improvement metrics (user interface interactions, feature adoption)

This data is anonymized and cannot be linked back to individual users or specific organizations.

Questionnaire & Assessment Data

When using our cybersecurity assessment tools, we collect:

  • Questionnaire responses and assessment results
  • Risk scores and analysis data
  • Implementation tracking and progress metrics
  • Custom configurations and preferences

Technical Data

Our Services automatically collect:

  • Server logs including access times, requested pages, error messages
  • Browser information and user agent strings
  • Cookie data for essential functionality (session management, authentication)
  • API usage logs for service integration and debugging

2. How We Use Your Information

Tax Compliance & Payment Processing (Legal Basis: Legal Obligation)

  • Calculate and collect sales tax, VAT, and GST as required by law
  • Determine customer location for tax jurisdiction purposes
  • Maintain evidence of customer location for tax authority requirements
  • Process address verification and fraud prevention
  • Generate tax reports and filings as required by regulation
  • Retain billing information for audit and compliance purposes

Security & Fraud Prevention (Legal Basis: Legitimate Interest)

  • Protect against unauthorized access and cyber threats
  • Detect and prevent fraudulent activity
  • Monitor for suspicious behavior and security breaches
  • Maintain system integrity and availability

Product Improvement (Legal Basis: Legitimate Interest)

  • Analyze usage patterns to enhance user experience
  • Develop new features and services
  • Generate anonymized industry benchmarks and insights
  • Conduct internal research and development
  • We do not sell individual client data or use it for marketing to competitors

Legal Compliance (Legal Basis: Legal Obligation)

  • Comply with applicable laws and regulations
  • Respond to legal requests and court orders
  • Meet industry regulatory requirements
  • Maintain audit trails for compliance purposes

Marketing Communications (Legal Basis: Consent/Legitimate Interest)

  • Send service updates and security notices
  • Provide newsletters and product announcements (with opt-out available)
  • Conduct customer satisfaction surveys

3. Information Sharing & Disclosure

Service Providers

We share information with trusted vendors who assist in service delivery:

  • Hosting providers (cloud infrastructure, data storage)
  • Payment processors (Stripe for payment handling and tax calculation)
  • Security services (Wordfence/Defiant Inc. for website protection)
  • Email services (Microsoft Office365 for communications)
  • Authentication providers (WordPress.com for user management)
  • Tax compliance services (Stripe Tax for automated tax calculation and reporting)

All service providers are contractually bound to protect your information and use it only for specified purposes.

Legal Requirements

We may disclose information when required by:

  • Legal process, court orders, or government requests
  • Investigation of potential violations of our Terms of Service
  • Protection of our rights, property, or safety, or that of others

Business Transfers

If we undergo a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

Anonymized Data Sharing

We may share anonymized, aggregated industry insights that cannot identify specific organizations:

  • Industry benchmarking reports showing sector-wide security trends
  • Research publications contributing to cybersecurity best practices
  • Anonymous usage statistics for product development partnerships

We never sell individual client data or personally identifiable information to third parties.

4. Data Security & Protection

We implement comprehensive security measures:

  • Encryption of data in transit and at rest
  • Multi-factor authentication for admin accounts
  • Regular security audits and vulnerability assessments
  • Access controls limiting data access to authorized personnel
  • Session management with automatic timeout and monitoring
  • Backup systems with encrypted storage and tested recovery procedures

While we use industry-standard security practices, no system is completely secure. We cannot guarantee absolute security of your data.

Data Retention

We retain personal information as long as necessary for:

  • Account and contact data: Duration of your subscription plus 3 years for business records
  • Billing and tax information: 7-10 years after final transaction per tax authority requirements
  • Location evidence for tax purposes: 10 years as required by VAT and sales tax regulations
  • Assessment data: 7 years or as required by industry compliance standards
  • Security logs: 2 years for incident investigation and threat analysis
  • Anonymous analytics: Indefinitely for research and product improvement
  • Legal obligations: As required by applicable law and regulations

Note: Tax-related information has extended retention periods mandated by law and cannot be deleted early.

6. Your Privacy Rights

Depending on your location, you may have rights including:

Access & Portability

  • Request copies of your personal data
  • Export your data in a machine-readable format

Correction & Updates

  • Update account information through your user profile
  • Request correction of inaccurate data

Deletion

  • Request deletion of your account and associated data
  • Right to erasure under GDPR (subject to legal exceptions)

Data Processing Control

  • Opt-out of non-essential data collection
  • Withdraw consent for marketing communications
  • Object to processing based on legitimate interest

Notification Preferences

Customize email notifications through account settings or contact legal@signumcyber.com.

7. Cookies & Tracking

We use cookies for:

  • Essential functionality: User authentication, session management, security
  • Performance monitoring: Error tracking, load time measurement
  • User preferences: Interface settings, language choices

You can control cookies through browser settings, though disabling essential cookies may limit functionality.

Third-party cookies: Wordfence security plugin may set cookies for firewall protection and threat detection.

8. International Data Transfers

Your information may be transferred to and stored in:

  • United States: Primary hosting and service provider locations
  • European Union: Backup and disaster recovery systems
  • Other jurisdictions: As required by service provider infrastructure

For EU residents, transfers comply with GDPR adequacy decisions or appropriate safeguards.

9. Children's Privacy

Our Services are not intended for individuals under 18. We do not knowingly collect personal information from minors. If you believe we have collected data from someone under 18, please contact us immediately.

10. Changes to This Privacy Policy

We may update this policy to reflect service changes or legal requirements. Material changes will be communicated via:

  • Email notification to active users
  • Prominent notice on our website
  • In-app notifications for significant changes

Continued use after changes indicates acceptance of the updated policy.

11. Contact Information

For privacy questions, data requests, or concerns:

Email: legal@signumcyber.com
Data Protection Officer: privacy@signumcyber.com

12. Regulatory Compliance

This policy addresses requirements under:

  • General Data Protection Regulation (GDPR) - European Union residents
  • Preparation for US State Laws - California, Utah, Virginia, and other states as we grow

Current Compliance Status

As an early-stage company, we currently fall below the revenue and data processing thresholds that trigger most US state privacy law requirements. However, we've designed our privacy practices to meet high standards from day one.

Future Compliance Commitment

As our business grows, we will ensure compliance with applicable state privacy laws including:

  • California Consumer Privacy Act (CCPA/CPRA) when we reach $25M annual revenue or process 100K+ CA residents' data
  • Utah Consumer Privacy Act (UCPA) when we reach $25M annual revenue and process 100K+ consumers' data
  • Other state privacy laws as thresholds are met

International Users

European Users: If you're located in the European Union, you have rights under GDPR including access, rectification, erasure, and data portability. Contact privacy@signumcyber.com to exercise these rights.

All Users: Regardless of legal requirements, we respect your privacy and will honor reasonable requests for data access, correction, or deletion.