Cynetix
Policy Document

Privacy Policy

Document No. CYN-PP-001  |  Version 1.0  |  April 2026
This Privacy Policy describes how Cynetix LLC ("Cynetix," "we," "us," or "our") collects, uses, stores, and protects information obtained through our website, client engagements, and related cybersecurity services. By accessing our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy.
Section 1

Information We Collect

Cynetix collects information necessary to deliver our penetration testing and cybersecurity assessment services. The categories of information we may collect include:

  • Contact Information. Name, email address, phone number, company name, and job title submitted through our website contact forms or during the engagement onboarding process.
  • Engagement Data. Technical information provided by clients in connection with a security assessment, including but not limited to network diagrams, IP address ranges, system credentials, application URLs, and infrastructure documentation. This data is treated as confidential and is governed by the terms of our separate Non-Disclosure Agreement and Master Service Agreement.
  • Website Analytics. Non-personally identifiable information collected automatically when you visit our website, such as browser type, operating system, referring URL, pages viewed, and time spent on site. This data is collected through standard analytics tools and is used solely to improve our web presence.
  • Communications. Records of correspondence between you and Cynetix, including emails, form submissions, and any documentation exchanged during the course of a service engagement.
Section 2

How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery. To plan, execute, and deliver penetration testing engagements and cybersecurity assessments as defined in our Statements of Work and Rules of Engagement.
  • Communication. To respond to inquiries, provide engagement updates, deliver reports, and send relevant information about our services.
  • Operations and Improvement. To maintain and improve our website, refine our service offerings, and enhance the client experience.
  • Legal Compliance. To comply with applicable laws, regulations, and legal processes, and to protect our rights, property, or safety and that of our clients and partners.
Section 3

Data Security

As a cybersecurity firm, we hold ourselves to the highest standards of data protection. Cynetix implements robust technical and organizational measures to safeguard your information, including:

  • Encryption. All data in transit is protected using TLS 1.2 or higher. Sensitive engagement data at rest is encrypted using AES-256 or equivalent industry-standard encryption.
  • Access Controls. Access to client data is restricted to authorized personnel on a strict need-to-know basis. Multi-factor authentication is enforced on all internal systems.
  • Secure Handling of Engagement Data. All penetration testing findings, vulnerability reports, and client-provided credentials are stored in isolated, access-controlled environments. Testing credentials are revoked or rotated upon engagement completion.
  • Incident Response. In the unlikely event of a data breach, Cynetix will promptly notify affected parties in accordance with applicable data breach notification laws and take immediate steps to contain and remediate the incident.
Section 4

Data Retention

Cynetix retains information only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law:

  • Engagement Records. Final deliverables, reports, and associated project documentation are retained for a period of three (3) years following the completion of an engagement, unless a different retention period is specified in the applicable service agreement.
  • Client Credentials and Access Data. Any credentials or access tokens provided by the client for testing purposes are securely destroyed within fourteen (14) days of engagement completion.
  • Contact Information. Contact details submitted through our website or during business development are retained for as long as a legitimate business relationship exists, or until you request deletion.
  • Website Analytics. Anonymized analytics data may be retained indefinitely for trend analysis and service improvement purposes.
Section 5

Third-Party Services

Cynetix may use a limited number of trusted third-party service providers to support our operations. These providers are selected for their security posture and are contractually obligated to protect your data:

  • Hosting. Our website and client-facing infrastructure are hosted on reputable cloud platforms with SOC 2 and ISO 27001 certifications.
  • Email Delivery. Transactional and notification emails are delivered through Resend, a third-party email delivery service. Only the minimum information required for delivery (email address, message content) is shared with this provider.
  • Analytics. We use privacy-respecting analytics tools to collect anonymized website usage data. No personally identifiable information is shared with analytics providers.

Cynetix does not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.

Section 6

Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information. Cynetix is committed to honoring the following requests:

  • Access. You may request a copy of the personal information we hold about you.
  • Correction. You may request that we correct any inaccurate or incomplete personal information.
  • Deletion. You may request that we delete your personal information, subject to any legal or contractual obligations that require us to retain it.
  • Objection. You may object to the processing of your personal information in certain circumstances.

To exercise any of these rights, please contact us at contactus@cynetixsecurity.com. We will respond to all valid requests within thirty (30) days.

Section 7

Cookies

Cynetix uses cookies on a minimal basis. Our use of cookies is limited to the following:

  • Essential Cookies. Required for basic website functionality, such as maintaining session state and security tokens. These cookies cannot be disabled.
  • Analytics Cookies. Used to collect anonymized data about website usage patterns. These cookies help us understand how visitors interact with our site so that we can improve the user experience. Analytics cookies are only placed with your consent where required by applicable law.

Cynetix does not use advertising cookies, tracking pixels, or any other form of cross-site tracking technology.

Section 8

Changes to This Policy

Cynetix reserves the right to update or modify this Privacy Policy at any time. When we make material changes, we will update the version number and date at the top of this document. If changes are significant, we will make reasonable efforts to notify affected parties via email or through a prominent notice on our website. Your continued use of our website or services following any changes constitutes your acceptance of the revised Privacy Policy.

Section 9

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us:

  • Company: Cynetix LLC
  • Email: contactus@cynetixsecurity.com
  • Subject Line: Privacy Policy Inquiry

We take all privacy inquiries seriously and will respond promptly to your correspondence.

© 2026 Cynetix LLC
Cyber Intelligence & Network Defense