Your data, handled simply.

1. Who we are

RiskMeter Cybersecurity (“RiskMeter”, “we”, “our”) operates the website at www.riskmetercybersecurity.com and the related free-scan service described on this Site. For privacy inquiries, contact us at privacy@riskmetercybersecurity.com. For security vulnerability reports about this site, contact us at security@riskmetercybersecurity.com.

2. What we collect through this website

2.1 Information you submit

When you submit a free-scan application, we collect:

• Your full name
• Your work email address
• Your company name
• The website or application you are requesting we scan
• Your role or title
• A short description of the asset you're applying for
• Whether the asset has login-protected areas (yes / no / unsure)
• Your authorization and contact-consent confirmations

We do not collect passwords, credentials, payment information, social security numbers, or sensitive personal data on this website.

2.2 Information collected automatically

When you visit the Site, our hosting provider may log standard request metadata such as IP address, user-agent, request path, and timestamp. We use this only for security, abuse prevention, and operational purposes. [TODO_LEGAL_REVIEW]

2.3 Cookies

This Site does not use advertising or analytics cookies that track you across websites. [TODO_LEGAL_REVIEW]

3. Why we use your data

We use the information you submit to:

• Evaluate your eligibility for the free-scan launch offer
• Communicate with you about the status of your application and any follow-up questions
• If accepted, scope and perform the scan and deliver the resulting report
• Maintain a minimal record of legal authorization to test

4. Lawful basis

We process your information based on (a) your consent (provided at the time of submission); (b) our legitimate interest in administering the launch program and protecting our service; and (c) compliance with applicable legal obligations.[TODO_LEGAL_REVIEW]

5. Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. We may share limited information with infrastructure providers (hosting, transactional email) strictly as needed to operate the service. These providers are contractually required to protect your data.[TODO_LEGAL_REVIEW: subprocessor list]

6. Retention

Application data is retained for the duration of the launch program plus a reasonable archival period for legal and operational records. Scan-related technical data is retained for as long as needed to deliver and document the report, then deleted or de-identified on a rolling schedule.[TODO_LEGAL_REVIEW: specific retention periods]

7. Security

Application submissions are transmitted over TLS and stored on access-controlled infrastructure with the principle of least privilege. We use environment-variable-based secrets management and review our access controls periodically. No system is perfectly secure; if we become aware of a security incident affecting your data, we will notify you in accordance with applicable law.

8. Your rights

Depending on your jurisdiction, you may have the right to:

• Request access to the personal data we hold about you
• Request correction of inaccurate personal data
• Request deletion of your personal data, subject to limited exceptions
• Withdraw consent for future contact at any time
• Lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at the privacy address above. [TODO_LEGAL_REVIEW]

9. International transfers

Our service may be operated from, and your data may be processed in, a country other than your own. Where required, we rely on appropriate safeguards.[TODO_LEGAL_REVIEW]

10. Children

The Site is not directed to children under 16. We do not knowingly collect personal data from children.

11. Changes

We may update this Privacy Policy. Material changes will be reflected by the “last updated” date above.

12. Contact

For privacy questions or requests: privacy@riskmetercybersecurity.com. For general inquiries: hello@riskmetercybersecurity.com.