Privacy Policy

Armour Cybersecurity is dedicated to protecting the confidentiality and privacy of information entrusted to it. As part of this fundamental obligation, Armour Cybersecurity is committed to the appropriate protection and use of personal information (sometimes referred to as “personal data”, “personally identifiable information” or “PII”) that has been collected online.
Generally, our intent is to collect only the personal information that is provided voluntarily by online visitors so that we can respond to inquiries, provide information about our services, facilitate consultations, and, where applicable, support recruitment and employment-related opportunities. Please review this privacy statement (“Privacy Statement”) to learn more about how we collect, use, share and protect the personal information that we have obtained through our online channels, including armourcyber.io.
This Privacy Statement applies to Armour Cybersecurity and its subsidiaries and associated companies and partnerships (collectively referred to in this Privacy Statement as “Armour Cybersecurity”, “we”, “our” or “us”). [Placeholder: list legal entities and/or “operating as” names you want covered.]
For purposes of this Privacy Statement, “personal information” means information about an identifiable individual, as more specifically defined by applicable privacy legislation.

1. Collection and use of personal information

1.1 What information we collect

We obtain personal information about you when you choose to provide it to us through the Website or when you communicate with us. This may include:
▶ Contact and inquiry information such as first name, last name, company name, email address, and the content of your message when you submit a “Contact Us” form on the Website.
▶ Additional contact details such as phone number when you submit an inquiry through the Website’s “Connect with us” page.
▶ Files and attachments you provide such as a document you upload to support your inquiry.
▶ Consultation or workshop scheduling details when you choose to book time with our team through our online booking link. Our Website links to a Microsoft Bookings page hosted on Outlook/Office 365.
▶ Hacker Lens request details. Our “Hacker Lens” page explains that you may provide your corporate domain and basic contact information to request a report.
In some cases, you may have previously provided personal information to Armour Cybersecurity outside of the Website, for example if you are a client contact, vendor contact, event participant, or a former applicant.
Please do not submit sensitive personal information such as health information, government identification numbers, payment card data, or other sensitive identifiers through the Website contact forms unless we explicitly request it through a secure channel.

1.2 Automatic collection of personal information

In some instances, Armour Cybersecurity and its service providers may use cookies, web beacons, pixels, and similar technologies to automatically collect certain types of information when you visit our Website and when we interact with you through certain emails. The collection of this information helps us operate and secure the Website to prevent fraud and abuse, detect malicious activity, and troubleshoot issues. It also helps us understand how visitors use our pages so we can improve performance and usability, and measure the effectiveness of our content and communications.

1.2.1 IP addresses

An IP address is a number assigned to your device when you access the internet. IP addresses and related device or network information may be logged for IT security, fraud prevention, and system diagnostics. This information may also be used in aggregate form to analyze website usage trends and performance.

1.2.2 Cookies

Cookies are small files placed on your computer or internet-enabled device when you visit a website. Cookies help the site recognize your browser or device, remember preferences, and support core functionality.
If a cookie consent banner is presented on the Website, you can use it and your browser controls to manage cookie preferences. If you do not accept certain cookies, some features of the Website may not function as intended.

Cookie categories:

Strictly necessary cookies are required for core site functionality and security features. These cookies are generally not optional because the site may not function without them.
Performance and analytics cookies help us understand how the Website is used, such as which pages are visited, so we can improve performance and content.
Functionality cookies remember choices you make to enhance your experience.
Targeting and advertising cookies help deliver content relevant to your interests and measure the effectiveness of marketing, where these cookies are used.
You can control cookies through your browser settings, often found in your browser’s Tools, Preferences, or Privacy settings. Guidance on managing and deleting cookies can be found through resources such as aboutcookies.org.
Below is a summary of common cookie purposes you may encounter:
Purpose: Essential and Security
Description: Supports core site functions and helps protect the Website, including security, load balancing, and fraud prevention.
Type & Expiry: Session or persistent, depending on the cookie
Purpose: Site Preferences
Description: Remembers selections such as region, language, or consent choices where enabled.
Type & Expiry: Session or persistent, depending on the cookie
Purpose: Analytics and Performance
Description: Helps us understand usage patterns and improve content and performance, often through aggregated statistics.
Type & Expiry: Usually persistent, depending on the cookie
Purpose: Social and Embedded Content
Description: If pages include embedded content or social media features, third parties may set cookies when you interact with those features.
Type & Expiry: Usually persistent, depending on the cookie

1.2.3 Analytics tools such as Google Analytics

Armour Cybersecurity may use analytics tools from time to time to better understand how visitors use the Website and to improve our content and user experience. Where Google Analytics is used, Google provides information on how data is collected and processed. Google also offers an opt-out browser add-on for users who want more control over Google Analytics data collection.

1.2.4 Web beacons and pixels

A web beacon or pixel is a small image or code snippet on a web page or in an email that can collect certain information such as whether a page was viewed, the time of access, device or browser type, and whether cookies are enabled. Where used, these technologies help us measure content effectiveness and improve communications. In some communications, we and our service providers may measure engagement such as whether an email was opened or a link was clicked to understand interest and improve future communications, where permitted by law.

1.2.5 Location-based tools

We may infer a general location such as city or region from your IP address for security and analytics purposes and to present content that is more relevant to your region. In some cases, your device or browser may allow you to share more precise location information. You can control this through your device settings and browser permissions.

1.3 Social media widgets and applications

ARMOUR CYBERSECURITY websites may include features that enable you to engage with or share content through third-party social media services. This may include links to our social media pages and share functionality on certain pages, such as our video testimonial content. These third-party services may collect and use information about your use of our Website in accordance with their own privacy practices. We do not control, and are not responsible for, those third parties or their use of your information.
In addition, certain areas of our Website may allow you to interact with content by submitting ratings or comments. For example, some blog pages include the ability to add a rating or post a comment. If you submit a rating, your name will not be displayed unless you choose to enter it. If you submit a comment, any name you provide may be displayed with your comment. Email addresses collected as part of these interactions are not displayed publicly. Information you choose to submit through these features may be visible to other visitors in accordance with how the feature is presented at the time of submission. While we may apply reasonable moderation controls, we may have limited ability to control how others use information that you make publicly available through these features.

1.4 Children

ARMOUR CYBERSECURITY understands the importance of protecting children’s privacy, especially in an online environment. Our Website is not intentionally designed for or directed at children under the age of 13. It is our policy not to knowingly collect or maintain personal information about anyone under the age of 13 through our Website.
In limited circumstances, ARMOUR CYBERSECURITY may process information relating to minors as part of providing professional services to a client, for example where such information is contained within client systems, records, or incident evidence provided to us. In those cases, we handle such information in accordance with applicable law, professional obligations, and the applicable client engagement terms.

2. How We Use Your Personal Information

When you submit personal information to ARMOUR CYBERSECURITY through the Website, we use it for the purposes for which it was collected and in the manner outlined in this Privacy Statement. We do not use your personal information for other purposes unless we obtain your permission, or unless otherwise required or permitted by law or professional standards.
Examples of how we use personal information include:
▶Using your contact information and the details of your inquiry to respond to questions, provide requested information, and communicate with you about our services.
▶Using information you provide through consultation booking links to schedule and manage meetings or consultations you request.
▶Using files you upload to review the information you chose to share with us and to respond effectively to your request, including routing your inquiry to the appropriate team for follow- up.
▶Where you submit a rating or comment on our Website, using that information to publish the content as part of the relevant feature and to administer and moderate the feature as appropriate.
▶Where you apply for employment opportunities or provide recruitment-related information to us through our online channels, using that information to assess your candidacy and communicate with you regarding opportunities.
In some cases, where you request to subscribe to certain communications or updates and we use an email confirmation process, we may store your email address and subscription request details until we confirm your request through a verification email, after which we will process your subscription preferences in accordance with this Privacy Statement.

3. The legal grounds we have to use your personal information

ARMOUR CYBERSECURITY generally collects only the personal information that is necessary to fulfill your request and to operate and protect our online channels. Where additional information is optional, we will indicate this at the point of collection.
Privacy laws vary by jurisdiction, but they generally require that we have a valid reason to collect and use personal information. When we process personal information collected through our Website and related online channels, we rely on one or more of the following grounds, as permitted by applicable law:
Performance of a contract or taking steps at your request This applies when processing is necessary to provide services you request, respond to your inquiry, schedule a consultation, or otherwise administer a relationship with you.
Legal obligation This applies when we are required to process personal information to comply with applicable legal requirements, such as responding to lawful requests from public authorities or meeting recordkeeping requirements.
Legitimate interests This applies when processing is necessary for our legitimate business interests, such as operating a lawful business, improving our Website, and protecting our systems and users, provided those interests are not overridden by your rights and expectations under applicable law.
Your consent In many situations, especially in Canada, organizations generally obtain meaningful consent for the collection, use, and disclosure of personal information, subject to limited exceptions permitted by law. Where consent is the appropriate basis, you may withdraw your consent at any time by contacting us at [privacy@armourcyber.io]. Withdrawing consent will not affect processing that occurred before your withdrawal, and it may limit our ability to provide certain information or services where that processing depends on consent.

Examples of legitimate interests

Examples of legitimate interests that may apply to our Website and online operations include:
▶ Offering information and services to individuals who visit our Website and respond to inquiries
▶ Preventing fraud, abuse, and criminal activity, and safeguarding our systems, networks, and Website
▶ Maintaining the security, availability, and integrity of our online channels, including troubleshooting and diagnostics
▶ Understanding how visitors use our Website so we can improve performance, usability, and content
▶ Conducting and evaluating marketing and communications activities in a way that is permitted by law

Sensitive information

ARMOUR CYBERSECURITY does not intentionally seek to collect sensitive personal information through the Website. We ask that you do not submit sensitive details through Website forms or uploads unless we explicitly request it through a secure channel. If you voluntarily provide information that is sensitive, or if it is included in materials you submit, we will handle it with appropriate safeguards and only use it for the purpose for which it was provided or as otherwise permitted or required by law.

4. Sharing and transfer of personal information

4.1 Transfer within Armour Cybersecurity

ARMOUR CYBERSECURITY may share personal information within Armour Cybersecurity and, where applicable, its subsidiaries and associated companies and partnerships. This may occur to respond to your request, manage relationships, administer operations, or support delivery of services.

4.2 Sharing with third parties and cross-border transfers

We do not share personal information with third parties, except as necessary for our legitimate professional and business needs, to carry out your requests, and as required or permitted by law or professional standards.
We may share personal information with third parties in the following circumstances:
Service providers working for us or on our behalf to support Website operations and business functions such as website hosting, form processing, file transmission, customer relationship management, analytics, communications, and security monitoring.
Scheduling and communications providers when you choose to book a consultation through the booking link on our Website. Our Website links to a Microsoft Bookings page hosted on Outlook or Office 365.
Professional advisors and authorities when required to meet legal, regulatory, audit, insurance, or law enforcement requirements, or to protect our rights, users, and systems.
Personal information may be processed in countries other than the country where you reside, including through cloud-based service providers. Where personal information is transferred across borders, we take steps designed to ensure it is protected through appropriate contractual measures and organizational safeguards, consistent with applicable law.
ARMOUR CYBERSECURITY will not transfer the personal information you provide to third parties for their own direct marketing use.

5. Choices

In general, you are not required to submit personal information to ARMOUR CYBERSECURITY. However, we require certain personal information in order to respond to your inquiry, provide requested information, or schedule a consultation. For example, the “Connect with us” page requests contact details and may allow you to upload a file, with uploads supported up to 15MB.
ARMOUR CYBERSECURITY may ask for your permission for certain uses of your personal information. You can agree to or decline those uses at the point they are offered. If you opt in to particular communications such as an email newsletter, you can unsubscribe at any time by following the instructions included in the communication, or by contacting us at [privacy@armourcyber.io].
As described in the Cookies section above, if you wish to prevent cookies from tracking you as you navigate our websites, you can set your browser to refuse some or all cookies, or to indicate when a cookie is being sent. Some portions of our Website may not work properly if you elect to refuse certain cookies.

6. Your rights

If ARMOUR CYBERSECURITY processes personal information about you, you may have the following rights, subject to applicable law and professional standards:
Access and correction: You may request access to the personal information we hold about you and ask us to correct inaccuracies. Before providing personal information, we may ask for proof of identity and sufficient information about your interactions with us so that we can locate the relevant records.
Withdraw consent: Where we rely on consent, you may withdraw your consent at any time by contacting us at [privacy@armourcyber.io]. Withdrawing consent will not affect processing that occurred before your withdrawal and may limit our ability to provide certain information or services where that processing depends on consent.
Object to processing and other rights: Depending on your location and the law that applies, you may have additional rights such as objecting to certain processing, requesting deletion where we no longer need the information for lawful purposes, requesting restrictions on processing in certain circumstances, and requesting copies of information we hold about you in an electronic form.
You can make a request or exercise these rights by contacting us at [privacy@armourcyber.io]. We will make reasonable and practical efforts to comply with your request, consistent with applicable law and professional standards.

6.1 Jurisdiction-specific notices and rights

Armour Cybersecurity operates in multiple regions. Privacy requirements and individual rights can vary depending on where you live and how Armour collects, uses, and discloses personal information. The notices below are intended to provide additional, jurisdiction-specific information where applicable.

6.1.1 Canada

Armour Cybersecurity’s handling of personal information in Canada is generally governed by applicable Canadian privacy laws, including the federal Personal Information Protection and Electronic Documents Act and, in some provinces, substantially similar provincial private-sector privacy laws.
 If you are in Canada, you may have the right to request access to the personal information we hold about you and to request corrections if it is inaccurate or incomplete. We will respond to access requests within the timelines required by applicable law, generally within 30 days, subject to permitted extensions in certain circumstances. We may need to verify your identity and request sufficient details to help us locate the information you are requesting. If a fee is permitted, we will inform you of any approximate cost before processing your request.
 If you have concerns about our privacy practices, we encourage you to contact us first so we can try to resolve the issue. If your concern is not resolved, you may be able to file a complaint with the Office of the Privacy Commissioner of Canada.

6.1.2 Québec

If you are located in Québec, additional requirements and rights may apply under Québec’s Act respecting the protection of personal information in the private sector, as amended by Law 25.
Armour Cybersecurity will publish a confidentiality policy in clear and simple language on our website where we collect personal information through technological means, and we will publish the title and contact information of the person in charge of the protection of personal information.
Québec residents may also have additional rights in certain circumstances, including the right to receive computerized personal information collected from them in a structured, commonly used technological format. This data portability right came into force on September 22, 2024.
 you are not satisfied with our response after exercising a privacy right, you may be able to pursue recourse or submit a complaint to the Commission d’accès à l’information du Québec using its complaint process.

6.1.3 United States

Comprehensive privacy laws in the United States are primarily state-based and typically apply only to organizations that meet specific legal definitions and thresholds. Where a U.S. state privacy law applies to Armour Cybersecurity, residents of that state may have certain rights regarding their personal information. These may include the right to access, correct, or delete personal information, the right to obtain a portable copy of certain personal information, and the right to opt out of certain processing such as targeted advertising or the sale of personal information, as defined by applicable law.

California
If the California Consumer Privacy Act applies to Armour Cybersecurity, California residents may have rights including the right to know, delete, and opt out of the sale or sharing of personal information, among others. California law also requires certain disclosures through a notice at collection describing the categories of personal information collected and the purposes for which it is used.

Colorado
If the Colorado Privacy Act applies to Armour Cybersecurity, Colorado residents may have rights including access, correction, deletion, data portability, and the right to opt out of targeted advertising or the sale of personal data. Colorado also recognizes universal opt-out mechanisms in certain circumstances.

6.1.4 Brazil

If you are located in Brazil, Brazil’s General Data Protection Law may apply to Armour Cybersecurity’s processing of your personal data in certain circumstances. Under the LGPD, individuals have rights that can include confirmation of processing, access, correction, anonymization or blocking or deletion in certain cases, portability in certain cases, deletion of personal data processed based on consent, information about sharing, and the ability to revoke consent through a facilitated, free-of-charge procedure. Brazil also requires the public disclosure of the identity and contact details of the person responsible for handling communications with data subjects, where applicable. If you are unable to resolve an issue directly with us, you may be able to submit a petition or complaint to Brazil’s data protection authority, the ANPD, through its channels.

7. Data security and integrity

ARMOUR CYBERSECURITY has reasonable security policies and procedures in place designed to protect personal information from unauthorized access, loss, misuse, alteration, or destruction. Despite our efforts, security cannot be absolutely guaranteed against all threats.
To the best of our ability, access to personal information is limited to personnel and service providers who have a legitimate need to know in order to perform their duties. Individuals with access are required to maintain the confidentiality of that information.
We also make reasonable efforts to retain personal information only for as long as the information is needed to meet one or more of the following purposes:

▶ to comply with and respond to an individual’s request
▶ to comply with legal, regulatory, internal business, contractual, or policy requirements
▶ until the individual asks that the information be deleted, where deletion is permitted and practicable

The period for which information is retained depends on the nature of the information and the circumstances under which it was collected. For personal information collected through our Website for inquiries, consultations, and similar purposes, we generally do not retain it for more than two years after the last interaction or closure of the request, unless a longer retention period is required or

8. Links to other websites

Our Website may contain links to other websites and services that are not governed by this Privacy Statement. These may include third-party scheduling tools and social media platforms. For example, our Website includes links to social media pages and provides consultation booking through a third-party service. We encourage users to review the privacy policy of each website visited before disclosing personal information to that website or service. We are not responsible for the privacy practices of third-party websites or services.

9. Privacy Statement revisions

When we modify this Privacy Statement, we will post the updated version here and revise the effective date or last updated date at the top of the Privacy Statement.

10. Policy questions and enforcement

ARMOUR CYBERSECURITY is committed to protecting the online privacy of your personal information. If you have questions, concerns, or comments about our administration of personal information, or if you would like to exercise your rights described in this Privacy Statement, please contact us using the details below:

Privacy Contact: [Name / Title]
Email: [privacy@armourcyber.io]
Mailing Address: [Insert address]
Phone: [Insert phone]

You may also contact us using the general contact details published on our Website, and we will route your request appropriately.