Privacy Policy

Trinity Cyber, Inc. ("Trinity Cyber", "we", "us", "our") is committed to protecting your privacy. As the data controller under Article 4(7) GDPR, we explain how we collect, use, disclose, and safeguard personal data when you visit our website (trinitycyber.com), use our services, or interact with us [Art. 13(1)(a) GDPR]. This policy complies with transparency requirements under Article 12 GDPR.

As a U.S. company participating in the following categories:

EU-U.S. Data Privacy Framework (DPF)
UK Extension
Swiss-U.S. DPF

We comply with DPF Principles for EU/UK/Swiss data transfers, enabling adequacy for international transfers per Articles 44-49 GDPR.

1. Personal Data We Collect

We collect minimal personal data as defined in Article 4(1) GDPR:

From Website Visitors: IP address, browser type, device info, pages visited (via cookies/analytics) [Art. 13(1)(c) GDPR].
From Customers: No direct collection; we process content solely for malware scanning/remediation without accessing personal content.
Types: Identifiers (IP, device ID), usage data. No HR, clinical, or special categories of data are processed [Article 9 GDPR].

No intentional personal data collection from EU individuals beyond legitimate website operations.

2. Purposes and Legal Bases

Processing occurs only for specified, explicit cybersecurity purposes [Article 5(1)(b) GDPR]:

Website functionality/analytics: Legitimate interest [Art. 6(1)(f) GDPR].
Interest-based advertising: Consent [Art. 6(1)(a) GDPR].
Cybersecurity services: Contractual necessity with clients; scanning targets for malware only, no personal data retention/analysis [Art. 6(1)(b) GDPR].
Compliance/DPF: Legal obligation [Art. 6(1)(c) GDPR].

Data minimized and retained only as necessary [Article 5(1)(c) and (e) GDPR].

3. Cookies and Tracking

We and third parties use cookies, pixels, beacons for analytics/advertising per ePrivacy Directive integrated with GDPR and on corporate website only, not in the performance of customer security services.

Cookies and Tracking
We use cookies, pixels, and beacons (on corporate website only, not in the performance of customer security services) categorized as:

Strictly Necessary (e.g., session management): No consent required; legitimate interest [Art. 6(1)(f) GDPR].
Functional (e.g., preferences): Consent [Art. 6(1)(a) GDPR].
Analytics (e.g., Google Analytics): Legitimate interest; IP anonymized [Art. 6(1)(f) GDPR].
Advertising (e.g., interest-based): Consent [Art. 6(1)(a) GDPR].

Third-party recipients: Google Analytics (google.com/policies/privacy), advertising networks via Digital Advertising Alliance (DAA). Non-essential blocked until granular consent via banner; easy withdrawal anytime [Art. 7(3) GDPR].

4. Disclosures and Transfers

Third Parties: Analytics/advertising providers (e.g., Google Analytics – see their policies); categories disclosed per [Art. 13(1)(e) GDPR].
No Sales: Data not sold.
International Transfers: To U.S. under DPF (DoC certified), ensuring adequacy per [Art. 45 GDPR].
Service Providers: Cybersecurity processors bound by data processing agreements [Art. 28 GDPR].

No disclosures from client attachments beyond return to sender.

5. Your Rights [GDPR Arts. 15-22]

Data subjects enjoy rights under Chapter III GDPR:

Access [Art. 15], rectification [Art. 16], erasure ["right to be forgotten", Art. 17], restriction [Art. 18], portability [Art. 20], objection [Art. 21].
Withdraw consent for cookies [Art. 7(3) GDPR].
Contact: privacymatters@trinitycyber.com. Response within one month [Art. 12(3) GDPR].

Complaints:

BBB National Programs DPF Services (recourse mechanism).
Federal Trade Commission (jurisdiction for unfair practices).

6. Security

Data secured via encryption, access controls [Art. 32 GDPR]. Malware scanning uses proprietary tools without personal data exposure. Breaches reported to authorities within 72 hours if required [Art. 33 GDPR].

7. Children's Privacy

No collection from children under 16, meriting specific protection [Recital 38 GDPR; Art. 8 GDPR for information society services]. Services not directed at children.

8. Changes

Updates posted here with date [Art. 13(2)(d) GDPR]. Continued use constitutes acceptance.

Contact:
Trinity Cyber Inc.
16701 Melford Blvd #300
Bowie, MD 20715, USA.
privacymatters@trinitycyber.com.