Privacy Policy
Armour Cybersecurity is dedicated to protecting the confidentiality and privacy of information entrusted to it. As part of this fundamental obligation, Armour Cybersecurity is committed to the appropriate protection and use of personal information (sometimes referred to as “personal data”, “personally identifiable information” or “PII”) that has been collected online.
Generally, our intent is to collect only the personal information that is provided voluntarily by online visitors so that we can respond to inquiries, provide information about our services, facilitate consultations, and, where applicable, support recruitment and employment-related opportunities. Please review this privacy statement (“Privacy Statement”) to learn more about how we collect, use, share and protect the personal information that we have obtained through our online channels, including armourcyber.io.
This Privacy Statement applies to Armour Cybersecurity and its subsidiaries and associated companies and partnerships (collectively referred to in this Privacy Statement as “Armour Cybersecurity”, “we”, “our” or “us”). [Placeholder: list legal entities and/or “operating as” names you want covered.]
For purposes of this Privacy Statement, “personal information” means information about an identifiable individual, as more specifically defined by applicable privacy legislation.
1. Collection and use of personal information
1.1 What information we collect
We obtain personal information about you when you choose to provide it to us through the Website or when you communicate with us. This may include:
▶ Contact and inquiry information such as first name, last name, company name, email address, and the content of your message when you submit a “Contact Us” form on the Website.
▶ Additional contact details such as phone number when you submit an inquiry through the Website’s “Connect with us” page.
▶ Files and attachments you provide such as a document you upload to support your inquiry.
▶ Consultation or workshop scheduling details when you choose to book time with our team through our online booking link. Our Website links to a Microsoft Bookings page hosted on Outlook/Office 365.
▶ Hacker Lens request details. Our “Hacker Lens” page explains that you may provide your corporate domain and basic contact information to request a report.
In some cases, you may have previously provided personal information to Armour Cybersecurity outside of the Website, for example if you are a client contact, vendor contact, event participant, or a former applicant.
Please do not submit sensitive personal information such as health information, government identification numbers, payment card data, or other sensitive identifiers through the Website contact forms unless we explicitly request it through a secure channel.
Please do not submit sensitive personal information such as health information, government identification numbers, payment card data, or other sensitive identifiers through the Website contact forms unless we explicitly request it through a secure channel.
1.2 Automatic collection of personal information
In some instances, Armour Cybersecurity and its service providers may use cookies, web
beacons, pixels, and similar technologies to automatically collect certain types of information
when you visit our Website and when we interact with you through certain emails. The collection
of this information helps us operate and secure the Website to prevent fraud and abuse, detect
malicious activity, and troubleshoot issues. It also helps us understand how visitors use our
pages so we can improve performance and usability, and measure the effectiveness of our
content and communications.
1.2.1 IP addresses
An IP address is a number assigned to your device when you access the internet. IP addresses
and related device or network information may be logged for IT security, fraud prevention, and
system diagnostics. This information may also be used in aggregate form to analyze website
usage trends and performance.
1.2.2 Cookies
Cookies are small files placed on your computer or internet-enabled device when you visit a
website. Cookies help the site recognize your browser or device, remember preferences, and
support core functionality.
If a cookie consent banner is presented on the Website, you can use it and your browser controls to manage cookie preferences. If you do not accept certain cookies, some features of the Website may not function as intended.
If a cookie consent banner is presented on the Website, you can use it and your browser controls to manage cookie preferences. If you do not accept certain cookies, some features of the Website may not function as intended.
Cookie categories:
▶Strictly necessary cookies are required for core site functionality and security features.
These cookies are generally not optional because the site may not function without them.
▶Performance and analytics cookies help us understand how the Website is used, such
as which pages are visited, so we can improve performance and content.
▶Functionality cookies remember choices you make to enhance your experience.
▶Targeting and advertising cookies help deliver content relevant to your interests and
measure the effectiveness of marketing, where these cookies are used.
You can control cookies through your browser settings, often found in your browser’s Tools,
Preferences, or Privacy settings. Guidance on managing and deleting cookies can be found
through resources such as aboutcookies.org.
Below is a summary of common cookie purposes you may encounter:
Purpose: Essential and
Security
Description: Supports core site functions and helps
protect the Website, including security, load
balancing, and fraud prevention.
Type & Expiry: Session or
persistent,
depending on the
cookie
Purpose: Site Preferences
Description: Remembers selections such as region,
language, or consent choices where
enabled.
Type & Expiry: Session or
persistent,
depending on the
cookie
Purpose: Analytics and
Performance
Description: Helps us understand usage patterns and
improve content and performance, often
through aggregated statistics.
Type & Expiry: Usually persistent,
depending on the
cookie
Purpose: Social and
Embedded
Content
Description: If pages include embedded content or
social media features, third parties may set
cookies when you interact with those
features.
Type & Expiry: Usually persistent,
depending on the
cookie
1.2.3 Analytics tools such as Google Analytics
Armour Cybersecurity may use analytics tools from time to time to better understand how
visitors use the Website and to improve our content and user experience. Where Google
Analytics is used, Google provides information on how data is collected and processed.
Google also offers an opt-out browser add-on for users who want more control over Google
Analytics data collection.
1.2.4 Web beacons and pixels
A web beacon or pixel is a small image or code snippet on a web page or in an email that can
collect certain information such as whether a page was viewed, the time of access, device or
browser type, and whether cookies are enabled. Where used, these technologies help us
measure content effectiveness and improve communications.
In some communications, we and our service providers may measure engagement such as
whether an email was opened or a link was clicked to understand interest and improve future
communications, where permitted by law.
1.2.5 Location-based tools
We may infer a general location such as city or region from your IP address for security and
analytics purposes and to present content that is more relevant to your region. In some cases,
your device or browser may allow you to share more precise location information. You can
control this through your device settings and browser permissions.
1.3 Social media widgets and applications
ARMOUR CYBERSECURITY websites may include features that enable you to engage with or
share content through third-party social media services. This may include links to our social
media pages and share functionality on certain pages, such as our video testimonial content.
These third-party services may collect and use information about your use of our Website in
accordance with their own privacy practices. We do not control, and are not responsible for,
those third parties or their use of your information.
In addition, certain areas of our Website may allow you to interact with content by submitting
ratings or comments. For example, some blog pages include the ability to add a rating or post a
comment. If you submit a rating, your name will not be displayed unless you choose to enter it. If
you submit a comment, any name you provide may be displayed with your comment. Email
addresses collected as part of these interactions are not displayed publicly. Information you
choose to submit through these features may be visible to other visitors in accordance with how
the feature is presented at the time of submission. While we may apply reasonable moderation
controls, we may have limited ability to control how others use information that you make
publicly available through these features.
1.4 Children
ARMOUR CYBERSECURITY understands the importance of protecting children’s privacy,
especially in an online environment. Our Website is not intentionally designed for or directed at
children under the age of 13. It is our policy not to knowingly collect or maintain personal
information about anyone under the age of 13 through our Website.
In limited circumstances, ARMOUR CYBERSECURITY may process information relating to
minors as part of providing professional services to a client, for example where such information
is contained within client systems, records, or incident evidence provided to us. In those cases,
we handle such information in accordance with applicable law, professional obligations, and the
applicable client engagement terms.
2. How We Use Your Personal Information
When you submit personal information to ARMOUR CYBERSECURITY through the Website,
we use it for the purposes for which it was collected and in the manner outlined in this Privacy
Statement. We do not use your personal information for other purposes unless we obtain your
permission, or unless otherwise required or permitted by law or professional standards.
Examples of how we use personal information include:
▶Using your contact information and the details of your inquiry to respond to questions,
provide requested information, and communicate with you about our services.
▶Using information you provide through consultation booking links to schedule and manage
meetings or consultations you request.
▶Using files you upload to review the information you chose to share with us and to respond
effectively to your request, including routing your inquiry to the appropriate team for follow-
up.
▶Where you submit a rating or comment on our Website, using that information to publish the
content as part of the relevant feature and to administer and moderate the feature as
appropriate.
▶Where you apply for employment opportunities or provide recruitment-related information to
us through our online channels, using that information to assess your candidacy and
communicate with you regarding opportunities.
In some cases, where you request to subscribe to certain communications or updates and we
use an email confirmation process, we may store your email address and subscription request
details until we confirm your request through a verification email, after which we will process
your subscription preferences in accordance with this Privacy Statement.
3. The legal grounds we have to use your personal information
ARMOUR CYBERSECURITY generally collects only the personal information that is necessary
to fulfill your request and to operate and protect our online channels. Where additional
information is optional, we will indicate this at the point of collection.
Privacy laws vary by jurisdiction, but they generally require that we have a valid reason to collect
and use personal information. When we process personal information collected through our
Website and related online channels, we rely on one or more of the following grounds, as
permitted by applicable law:
▶ Performance of a contract or taking steps at your request
This applies when processing is necessary to provide services you request, respond to your
inquiry, schedule a consultation, or otherwise administer a relationship with you.
▶ Legal obligation
This applies when we are required to process personal information to comply with applicable
legal requirements, such as responding to lawful requests from public authorities or meeting
recordkeeping requirements.
▶ Legitimate interests
This applies when processing is necessary for our legitimate business interests, such as
operating a lawful business, improving our Website, and protecting our systems and users,
provided those interests are not overridden by your rights and expectations under applicable
law.
▶ Your consent
In many situations, especially in Canada, organizations generally obtain meaningful consent
for the collection, use, and disclosure of personal information, subject to limited exceptions
permitted by law.
Where consent is the appropriate basis, you may withdraw your consent at any time by
contacting us at [privacy@armourcyber.io]. Withdrawing consent will not affect processing
that occurred before your withdrawal, and it may limit our ability to provide certain
information or services where that processing depends on consent.
Examples of legitimate interests
Examples of legitimate interests that may apply to our Website and online operations include:
▶ Offering information and services to individuals who visit our Website and respond to
inquiries
▶ Preventing fraud, abuse, and criminal activity, and safeguarding our systems, networks,
and Website
▶ Maintaining the security, availability, and integrity of our online channels, including
troubleshooting and diagnostics
▶ Understanding how visitors use our Website so we can improve performance, usability,
and content
▶ Conducting and evaluating marketing and communications activities in a way that is
permitted by law
Sensitive information
ARMOUR CYBERSECURITY does not intentionally seek to collect sensitive personal
information through the Website. We ask that you do not submit sensitive details through
Website forms or uploads unless we explicitly request it through a secure channel. If you
voluntarily provide information that is sensitive, or if it is included in materials you submit, we will
handle it with appropriate safeguards and only use it for the purpose for which it was provided or
as otherwise permitted or required by law.
4. Sharing and transfer of personal information
4.1 Transfer within Armour Cybersecurity
ARMOUR CYBERSECURITY may share personal information within Armour Cybersecurity and,
where applicable, its subsidiaries and associated companies and partnerships. This may occur
to respond to your request, manage relationships, administer operations, or support delivery of
services.
4.2 Sharing with third parties and cross-border transfers
We do not share personal information with third parties, except as necessary for our legitimate
professional and business needs, to carry out your requests, and as required or permitted by
law or professional standards.
We may share personal information with third parties in the following circumstances:
▶ Service providers working for us or on our behalf to support Website operations and
business functions such as website hosting, form processing, file transmission, customer
relationship management, analytics, communications, and security monitoring.
▶ Scheduling and communications providers when you choose to book a consultation
through the booking link on our Website. Our Website links to a Microsoft Bookings page
hosted on Outlook or Office 365.
▶ Professional advisors and authorities when required to meet legal, regulatory, audit,
insurance, or law enforcement requirements, or to protect our rights, users, and systems.
Personal information may be processed in countries other than the country where you reside,
including through cloud-based service providers. Where personal information is transferred
across borders, we take steps designed to ensure it is protected through appropriate contractual
measures and organizational safeguards, consistent with applicable law.
ARMOUR CYBERSECURITY will not transfer the personal information you provide to third parties for their own direct marketing use.
ARMOUR CYBERSECURITY will not transfer the personal information you provide to third parties for their own direct marketing use.
5. Choices
In general, you are not required to submit personal information to ARMOUR CYBERSECURITY.
However, we require certain personal information in order to respond to your inquiry, provide
requested information, or schedule a consultation. For example, the “Connect with us” page
requests contact details and may allow you to upload a file, with uploads supported up to 15MB.
ARMOUR CYBERSECURITY may ask for your permission for certain uses of your personal information. You can agree to or decline those uses at the point they are offered. If you opt in to particular communications such as an email newsletter, you can unsubscribe at any time by following the instructions included in the communication, or by contacting us at [privacy@armourcyber.io].
As described in the Cookies section above, if you wish to prevent cookies from tracking you as you navigate our websites, you can set your browser to refuse some or all cookies, or to indicate when a cookie is being sent. Some portions of our Website may not work properly if you elect to refuse certain cookies.
ARMOUR CYBERSECURITY may ask for your permission for certain uses of your personal information. You can agree to or decline those uses at the point they are offered. If you opt in to particular communications such as an email newsletter, you can unsubscribe at any time by following the instructions included in the communication, or by contacting us at [privacy@armourcyber.io].
As described in the Cookies section above, if you wish to prevent cookies from tracking you as you navigate our websites, you can set your browser to refuse some or all cookies, or to indicate when a cookie is being sent. Some portions of our Website may not work properly if you elect to refuse certain cookies.
6. Your rights
If ARMOUR CYBERSECURITY processes personal information about you, you may have the
following rights, subject to applicable law and professional standards:
▶ Access and correction: You may request access to the personal information we hold
about you and ask us to correct inaccuracies. Before providing personal information, we
may ask for proof of identity and sufficient information about your interactions with us so
that we can locate the relevant records.
▶ Withdraw consent: Where we rely on consent, you may withdraw your consent at any
time by contacting us at [privacy@armourcyber.io]. Withdrawing consent will not affect
processing that occurred before your withdrawal and may limit our ability to provide
certain information or services where that processing depends on consent.
▶ Object to processing and other rights: Depending on your location and the law that
applies, you may have additional rights such as objecting to certain processing,
requesting deletion where we no longer need the information for lawful purposes,
requesting restrictions on processing in certain circumstances, and requesting copies of
information we hold about you in an electronic form.
You can make a request or exercise these rights by contacting us at
[privacy@armourcyber.io]. We will make reasonable and practical efforts to comply with your
request, consistent with applicable law and professional standards.
6.1 Jurisdiction-specific notices and rights
Armour Cybersecurity operates in multiple regions. Privacy requirements and individual rights
can vary depending on where you live and how Armour collects, uses, and discloses personal
information. The notices below are intended to provide additional, jurisdiction-specific
information where applicable.
6.1.1 Canada
Armour Cybersecurity’s handling of personal information in Canada is generally governed by
applicable Canadian privacy laws, including the federal Personal Information Protection and
Electronic Documents Act and, in some provinces, substantially similar provincial private-sector
privacy laws.
If you are in Canada, you may have the right to request access to the personal information we hold about you and to request corrections if it is inaccurate or incomplete. We will respond to access requests within the timelines required by applicable law, generally within 30 days, subject to permitted extensions in certain circumstances. We may need to verify your identity and request sufficient details to help us locate the information you are requesting. If a fee is permitted, we will inform you of any approximate cost before processing your request.
If you have concerns about our privacy practices, we encourage you to contact us first so we can try to resolve the issue. If your concern is not resolved, you may be able to file a complaint with the Office of the Privacy Commissioner of Canada.
If you are in Canada, you may have the right to request access to the personal information we hold about you and to request corrections if it is inaccurate or incomplete. We will respond to access requests within the timelines required by applicable law, generally within 30 days, subject to permitted extensions in certain circumstances. We may need to verify your identity and request sufficient details to help us locate the information you are requesting. If a fee is permitted, we will inform you of any approximate cost before processing your request.
If you have concerns about our privacy practices, we encourage you to contact us first so we can try to resolve the issue. If your concern is not resolved, you may be able to file a complaint with the Office of the Privacy Commissioner of Canada.
6.1.2 Québec
If you are located in Québec, additional requirements and rights may apply under Québec’s Act
respecting the protection of personal information in the private sector, as amended by Law 25.
Armour Cybersecurity will publish a confidentiality policy in clear and simple language on our website where we collect personal information through technological means, and we will publish the title and contact information of the person in charge of the protection of personal information.
Québec residents may also have additional rights in certain circumstances, including the right to receive computerized personal information collected from them in a structured, commonly used technological format. This data portability right came into force on September 22, 2024.
you are not satisfied with our response after exercising a privacy right, you may be able to pursue recourse or submit a complaint to the Commission d’accès à l’information du Québec using its complaint process.
Armour Cybersecurity will publish a confidentiality policy in clear and simple language on our website where we collect personal information through technological means, and we will publish the title and contact information of the person in charge of the protection of personal information.
Québec residents may also have additional rights in certain circumstances, including the right to receive computerized personal information collected from them in a structured, commonly used technological format. This data portability right came into force on September 22, 2024.
you are not satisfied with our response after exercising a privacy right, you may be able to pursue recourse or submit a complaint to the Commission d’accès à l’information du Québec using its complaint process.
6.1.3 United States
Comprehensive privacy laws in the United States are primarily state-based and typically apply
only to organizations that meet specific legal definitions and thresholds. Where a U.S. state
privacy law applies to Armour Cybersecurity, residents of that state may have certain rights
regarding their personal information. These may include the right to access, correct, or delete
personal information, the right to obtain a portable copy of certain personal information, and the
right to opt out of certain processing such as targeted advertising or the sale of personal
information, as defined by applicable law.
California If the California Consumer Privacy Act applies to Armour Cybersecurity, California residents may have rights including the right to know, delete, and opt out of the sale or sharing of personal information, among others. California law also requires certain disclosures through a notice at collection describing the categories of personal information collected and the purposes for which it is used.
Colorado If the Colorado Privacy Act applies to Armour Cybersecurity, Colorado residents may have rights including access, correction, deletion, data portability, and the right to opt out of targeted advertising or the sale of personal data. Colorado also recognizes universal opt-out mechanisms in certain circumstances.
California If the California Consumer Privacy Act applies to Armour Cybersecurity, California residents may have rights including the right to know, delete, and opt out of the sale or sharing of personal information, among others. California law also requires certain disclosures through a notice at collection describing the categories of personal information collected and the purposes for which it is used.
Colorado If the Colorado Privacy Act applies to Armour Cybersecurity, Colorado residents may have rights including access, correction, deletion, data portability, and the right to opt out of targeted advertising or the sale of personal data. Colorado also recognizes universal opt-out mechanisms in certain circumstances.
6.1.4 Brazil
If you are located in Brazil, Brazil’s General Data Protection Law may apply to Armour
Cybersecurity’s processing of your personal data in certain circumstances. Under the LGPD,
individuals have rights that can include confirmation of processing, access, correction,
anonymization or blocking or deletion in certain cases, portability in certain cases, deletion of
personal data processed based on consent, information about sharing, and the ability to revoke
consent through a facilitated, free-of-charge procedure.
Brazil also requires the public disclosure of the identity and contact details of the person
responsible for handling communications with data subjects, where applicable.
If you are unable to resolve an issue directly with us, you may be able to submit a petition or
complaint to Brazil’s data protection authority, the ANPD, through its channels.
7. Data security and integrity
ARMOUR CYBERSECURITY has reasonable security policies and procedures in place
designed to protect personal information from unauthorized access, loss, misuse, alteration, or
destruction. Despite our efforts, security cannot be absolutely guaranteed against all threats.
To the best of our ability, access to personal information is limited to personnel and service providers who have a legitimate need to know in order to perform their duties. Individuals with access are required to maintain the confidentiality of that information.
We also make reasonable efforts to retain personal information only for as long as the information is needed to meet one or more of the following purposes:
▶ to comply with and respond to an individual’s request
▶ to comply with legal, regulatory, internal business, contractual, or policy requirements
▶ until the individual asks that the information be deleted, where deletion is permitted and practicable
The period for which information is retained depends on the nature of the information and the circumstances under which it was collected. For personal information collected through our Website for inquiries, consultations, and similar purposes, we generally do not retain it for more than two years after the last interaction or closure of the request, unless a longer retention period is required or
To the best of our ability, access to personal information is limited to personnel and service providers who have a legitimate need to know in order to perform their duties. Individuals with access are required to maintain the confidentiality of that information.
We also make reasonable efforts to retain personal information only for as long as the information is needed to meet one or more of the following purposes:
▶ to comply with and respond to an individual’s request
▶ to comply with legal, regulatory, internal business, contractual, or policy requirements
▶ until the individual asks that the information be deleted, where deletion is permitted and practicable
The period for which information is retained depends on the nature of the information and the circumstances under which it was collected. For personal information collected through our Website for inquiries, consultations, and similar purposes, we generally do not retain it for more than two years after the last interaction or closure of the request, unless a longer retention period is required or
8. Links to other websites
Our Website may contain links to other websites and services that are not governed by this
Privacy Statement. These may include third-party scheduling tools and social media platforms.
For example, our Website includes links to social media pages and provides consultation
booking through a third-party service.
We encourage users to review the privacy policy of each website visited before disclosing
personal information to that website or service. We are not responsible for the privacy practices
of third-party websites or services.
9. Privacy Statement revisions
When we modify this Privacy Statement, we will post the updated version here and revise the
effective date or last updated date at the top of the Privacy Statement.
10. Policy questions and enforcement
ARMOUR CYBERSECURITY is committed to protecting the online privacy of your personal
information. If you have questions, concerns, or comments about our administration of personal
information, or if you would like to exercise your rights described in this Privacy Statement,
please contact us using the details below:
Privacy Contact: [Name / Title]
Email: [privacy@armourcyber.io]
Mailing Address: [Insert address]
Phone: [Insert phone]
You may also contact us using the general contact details published on our Website, and we will route your request appropriately.
Privacy Contact: [Name / Title]
Email: [privacy@armourcyber.io]
Mailing Address: [Insert address]
Phone: [Insert phone]
You may also contact us using the general contact details published on our Website, and we will route your request appropriately.