Privacy Policy

Trinity Cyber, Inc. ("Trinity Cyber", "we", "us", "our") is committed to protecting your privacy. As the data controller under Article 4(7) GDPR, we explain how we collect, use, disclose, and safeguard personal data when you visit our website (trinitycyber.com), use our services, or interact with us [Art. 13(1)(a) GDPR]. This policy complies with transparency requirements under Article 12 GDPR.

Trinity Cyber, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Trinity Cyber, Inc. adheres to the EU-U.S. DPF Principles with regard to personal data transferred from the European Union and the United Kingdom and the Swiss-U.S. DPF Principles with regard to personal data transferred from Switzerland. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. This enables adequacy for international transfers per Articles 44-49 GDPR.

 

1. Personal Data We Collect


We collect minimal personal data as defined in Article 4(1) GDPR:

  • From Website Visitors: IP address, browser type, device info, pages visited (via cookies/analytics) [Art. 13(1)(c) GDPR].
  • From Customers: No direct collection; we process content solely for malware scanning/remediation without accessing personal content.
  • Types: Identifiers (IP, device ID), usage data. No HR, clinical, or special categories of data are processed [Article 9 GDPR].

No intentional personal data collection from EU individuals beyond legitimate website operations.

 

2. Purposes and Legal Bases


Processing occurs only for specified, explicit cybersecurity purposes [Article 5(1)(b) GDPR]:

  • Website functionality/analytics: Legitimate interest [Art. 6(1)(f) GDPR].
  • Interest-based advertising: Consent [Art. 6(1)(a) GDPR].
  • Cybersecurity services: Contractual necessity with clients; scanning targets for malware only, no personal data retention/analysis [Art. 6(1)(b) GDPR].
  • Compliance/DPF: Legal obligation [Art. 6(1)(c) GDPR].

Data minimized and retained only as necessary [Article 5(1)(c) and (e) GDPR].

 

3. Cookies and Tracking


We and third parties use cookies, pixels, beacons for analytics/advertising per ePrivacy Directive integrated with GDPR and on corporate website only, not in the performance of customer security services.

Cookies and Tracking
We use cookies, pixels, and beacons (on corporate website only, not in the performance of customer security services) categorized as:

  • Strictly Necessary (e.g., session management): No consent required; legitimate interest [Art. 6(1)(f) GDPR].
  • Functional (e.g., preferences): Consent [Art. 6(1)(a) GDPR].
  • Analytics (e.g., Google Analytics): Legitimate interest; IP anonymized [Art. 6(1)(f) GDPR].
  • Advertising (e.g., interest-based): Consent [Art. 6(1)(a) GDPR].

Third-party recipients: Google Analytics (google.com/policies/privacy), advertising networks via Digital Advertising Alliance (DAA). Non-essential blocked until granular consent via banner; easy withdrawal anytime [Art. 7(3) GDPR].

 

4. Disclosures and Transfers

  • Third Parties: Analytics/advertising providers (e.g., Google Analytics – see their policies); categories disclosed per [Art. 13(1)(e) GDPR].
  • No Sales: Data not sold.
  • International Transfers: To U.S. under DPF (DoC certified), ensuring adequacy per [Art. 45 GDPR].
  • Service Providers: Cybersecurity processors bound by data processing agreements [Art. 28 GDPR].

No disclosures from client attachments beyond return to sender.

 

5. Your Rights [GDPR Arts. 15-22]


Data subjects enjoy rights under Chapter III GDPR:

  • Access [Art. 15], rectification [Art. 16], erasure ["right to be forgotten", Art. 17], restriction [Art. 18], portability [Art. 20], objection [Art. 21].
  • Withdraw consent for cookies [Art. 7(3) GDPR].
    Contact: privacymatters@trinitycyber.com. Response within one month [Art. 12(3) GDPR].

Complaints:

  • BBB National Programs DPF Services (recourse mechanism).
  • Federal Trade Commission (jurisdiction for unfair practices).

 

6. Security


Data secured via encryption, access controls [Art. 32 GDPR]. Malware scanning uses proprietary tools without personal data exposure. Breaches reported to authorities within 72 hours if required [Art. 33 GDPR].

 

7. EU-US Data Privacy Framework (DPF)

 

Trinity Cyber complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Trinity Cyber has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Trinity Cyber has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the DPF Principles and/or the Swiss-U.S. DPF Principles (DPF Principles), the Principles shall govern. To learn more about the Data Privacy Framework Program (DPF Program), and to view our certification, please visit https://www.dataprivacyframework.gov/ .

Regarding personal data that is received or transferred under the DPF Program, Trinity Cyber is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Under the DPF Program, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States in reliance on the DPF Program should direct their query to privacymatters@trinitycyber.com. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data if applicable, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacymatters@trinitycyber.com.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you are an EU, UK, or Swiss Individual, where we transfer your personal data to third party service providers who perform services for us or on our behalf, we are responsible for the processing of that data by them and shall remain liable if they process your personal data in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.  

In compliance with the DPF Principles, Trinity Cyber commits to resolve DPF Principles-related complaints about your privacy and our collection or use of your personal information. European Union, United Kingdom, and Swiss Individuals with inquiries or complaints regarding our handling of personal data in reliance on the DPF should first contact us at: privacymatters@trinitycyber.com.

Trinity Cyber has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by us, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction for more information on this process.

 

8. Children's Privacy


No collection from children under 16, meriting specific protection [Recital 38 GDPR; Art. 8 GDPR for information society services]. Services not directed at children.

 

9. Changes


Updates posted here with date [Art. 13(2)(d) GDPR]. Continued use constitutes acceptance.


Contact:
Trinity Cyber Inc.
16701 Melford Blvd #300
Bowie, MD 20715, USA.
privacymatters@trinitycyber.com.

Trinity Cyber is a rapidly growing cybersecurity firm that invented and operates a centrally managed, global cybersecurity platform that protects businesses from cyberattacks using its revolutionary real-time Full Content Inspection (FCI) technology. FCI is a better method of detection combined with active preventive controls that go way beyond block and alert to actually mitigate threats before they enter or leave a network. The company has been recognized by industry organizations, including Gartner, SINET, SC Media, Dark Reading, and CyberDefense Magazine for their superior approach to threat prevention.

Get the latest insights on active cyber defense from Trinity Cyber.

Privacy Policy | Terms & Conditions