Logo

Privacy Policy

Last Updated: January 15, 2025

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, enroll in courses, or contact us for support.

Personal Information:

  • Name and email address
  • Professional information (job title, company)
  • Payment information (processed securely)
  • Profile information and preferences

Usage Information:

  • Course progress and completion data
  • Module progress, lesson completion, quiz scores
  • Certification exam results and credential information
  • Lab activity and performance metrics
  • Lab attempts, completion status, time spent
  • Platform interaction and navigation patterns
  • Instructor interactions (messages, feedback, communications)
  • Device and browser information

Security and Monitoring Information:

  • Authentication Events: Login attempts, failed logins, account access patterns
  • Platform Activity: User actions, API calls, resource usage, feature interactions
  • Security Events: Suspicious activity, potential threats, policy violations, security alerts
  • Azure Activity: Cyber Range resource usage, cost monitoring, security logs (for Cyber Range users)

Purpose: Security monitoring, fraud prevention, compliance, and service improvement. Access to security logs is limited to authorized security personnel and incident response team.

Retention: Security logs retained for 1 year, audit logs for 3 years.

2. How We Use Your Information

We use the information we collect to:

  • Provide and improve our educational services
  • Personalize your learning experience
  • Process payments and manage subscriptions
  • Send important updates and notifications
  • Provide customer support
  • Analyze platform usage and performance
  • Ensure platform security and prevent fraud

Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide educational services, manage subscriptions, and fulfill our contractual obligations to you
  • Legitimate Interest: For platform security, fraud prevention, service improvement, and business operations
  • Consent: For marketing communications and non-essential cookies (you may withdraw consent at any time)
  • Legal Obligation: To comply with tax, accounting, and regulatory requirements

3. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information in the following circumstances:

  • Service Providers: With trusted partners who help us operate our platform
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with mergers or acquisitions
  • Consent: With your explicit permission for specific purposes

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication systems
  • Employee training on data protection

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform. These technologies help us:

  • Remember your preferences and settings
  • Analyze platform usage and performance
  • Provide personalized content and recommendations
  • Ensure platform security

You can control cookie preferences through your browser settings or our cookie management tool.

6. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request copies of your personal information
  • Rectification: Correct inaccurate or incomplete information
  • Erasure: Request deletion of your personal information
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to certain processing activities, including direct marketing
  • Restriction: Request limitation of processing in certain circumstances
  • Withdrawal of Consent: Withdraw consent at any time where processing is based on consent
  • Lodge Complaint: You have the right to lodge a complaint with your local data protection authority

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of personal information collected, used, or shared in the past 12 months
  • Right to Delete: Request deletion of personal information (subject to certain exceptions)
  • Right to Opt-Out: Opt-out of sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Shine the Light Law: Request information about sharing with third parties for marketing purposes

To exercise your California privacy rights, contact security@cyberjab.org with "CCPA Request" in the subject line.

We Do Not Sell Personal Information: CyberJab does not sell, rent, or trade your personal information to third parties for their marketing purposes. We only share information as described in this policy.

How to Exercise Your Rights

To exercise any of these rights, please contact us at security@cyberjab.org. We will respond to your request within 30 days as required by GDPR.

For complaints, you may contact your local supervisory authority. If you are in the EEA, you can find your authority at edpb.europa.eu.

7. Data Retention

We retain your personal information only as long as necessary to provide our services and fulfill the purposes outlined in this policy. Specific retention periods are as follows:

Retention Periods:

  • Account Data: Retained while account is active, deleted 30 days after account closure
  • Payment Records: Retained for 7 years (tax and accounting requirements)
  • Course Progress Data: Retained for 3 years after course completion or account closure
  • Azure Cyber Range Data: Deleted within 30 days of subscription cancellation (as per Cyber Range Terms)
  • Marketing Data: Retained until consent is withdrawn or 2 years of inactivity
  • Support Communications: Retained for 2 years after ticket resolution
  • Security Logs: Retained for 1 year, audit logs for 3 years

Retention periods may be extended if required by law, regulation, or legal proceedings.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information during such transfers.

Transfer Mechanisms (GDPR Article 44-49)

When transferring data outside the European Economic Area (EEA), we rely on:

  • Standard Contractual Clauses (SCCs): Approved by European Commission for data transfers
  • Adequacy Decisions: For countries with adequate data protection laws recognized by the EU
  • Microsoft Azure: Data Processing Agreement with Microsoft (Azure services used for Cyber Range)
  • Stripe: Certified under PCI DSS and GDPR compliant for payment processing

For more information about our data transfer safeguards, contact security@cyberjab.org.

9. Children's Privacy

Our platform is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will take steps to delete the information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Azure Cyber Range Data Processing

When you use our Cyber Range service, we process additional data to provide and manage your isolated Azure cloud environment:

Data Types:

  • Azure Account Information: Provisioned Azure credentials, user principal names (UPN), and resource metadata
  • Resource Usage Data: VM usage, network traffic, storage consumption, and cost metrics (for budget management)
  • Activity Logs: Azure activity logs for security monitoring, abuse prevention, and compliance
  • Lab Data: Data you create in your isolated Azure environment (VMs, networks, configurations)

Data Location:

Azure resources are provisioned in Microsoft Azure data centers. Data is subject to Microsoft's data processing terms and Azure compliance certifications. Specific regions may vary based on availability and performance requirements.

Data Retention:

All Cyber Range data is deleted within 30 days of subscription cancellation, as detailed in the Cyber Range Terms. You are responsible for exporting any data you wish to keep before cancellation.

Security and Isolation:

Your Azure environment is isolated from other users through resource groups and role-based access control (RBAC). We monitor activity for security and compliance purposes only. For more details, see the Cyber Range Terms.

12. Data Breach Notification

In the event of a personal data breach that may result in a risk to your rights and freedoms, we will take the following actions in accordance with GDPR Article 33-34:

  • Supervisory Authority Notification: Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where feasible)
  • User Notification: Notify affected users without undue delay if the breach poses a high risk to their rights and freedoms
  • Breach Information: Provide clear information about the nature of the breach, likely consequences, and recommended protective measures

We maintain an incident response plan and regularly test our breach detection and notification procedures to ensure timely and effective response to security incidents.

If you suspect a data breach or have security concerns, please contact us immediately at security@cyberjab.org.

13. Contact Us

General Privacy Inquiries

If you have any questions about this Privacy Policy or our data practices, please contact us at: security@cyberjab.org

Data Protection Officer (GDPR)

If you are located in the European Economic Area (EEA) and have questions about data protection, you may contact our Data Protection Officer at:

  • Email: security@cyberjab.org
  • Subject Line: "GDPR Data Protection Inquiry"

Note: We will determine if a DPO is required based on our processing activities. If not required, privacy inquiries will be handled by our privacy team.