Privacy Policy

Who are we?

“We” are Cyber Decode, the Delhi-based cybersecurity individual startup .The Cyber Decode Privacy Policy explains how and why we collect and process any personal information about you when you use our services, as well as the rights you have over your personal data.

If you’d like to talk to us about your personal information, please contact us at contact@cyberdecode.in

Who’s the Cyber Decode Privacy Policy for?

Please note: the Cyber Decode Privacy Policy does not apply when you’re using third-party (non-Cyberdecode) websites linked to by us. The information practices and the content of such other websites are governed by their own privacy policies. Please consult the privacy policy of such other websites to find out about their information practices.

What information do we collect and how do we use it?

Malicious Email Reports

When you report a malicious email by forwarding it to scam@cyberdecode.in, we get:

  • Your email address
  • Subject
  • Message headers and body
  • Email address(es) of the original recipient(s)
  • Attachments

Malicious Site reports

When you report a malicious URL  via our extensions, we get:

  • The URL (e.g., https://www.example.com/phish/) of the site
    • These URLs are often visited by an automated process to check for malicious content and in some scenarios sites might be visited which contain personal information. For instance, the URL might contain your email address.
  • Your email address if you provide it

Cyber Decode Browser Extension Users

We don’t use the Cyber Decode Browser Extension to collect personal information which we could use to identify your personal browsing habits. Depending on the service you’re using, we do however collect certain data relating to your internet use in order to detect and disrupt cybercrime:

Hostnames

Cyber Decode Browser Extension Users: When you use the Cyber Decode Browser Extension we collect the website hostnames (not full URLs) visited by your IP address whilst browsing the web with Cyber Decode protection enabled (in the URL https://www.example.com/home/aboutwww.example.com is the hostname).

These hostnames are used to help us identify malicious URLs (e.g. http://www.example.com/fake-bank-login.html) that should be blocked within the hostname being visited (www.example.com). We do not collect details of the URLs that you are visiting, as these are only checked locally on your device (except for malicious JavaScript URLs, see above).

 

Reporting a Malicious Site

Cyber Decode Browser Extension Users: When reporting a malicious site through the Cyber Decode Browser Extension, we ask you for the following information:

  • The URL of the site you’re reporting as malicious
    • These URLs may be visited by an automated process to check for malicious content and in some scenarios may visit sites that contain personal information. For instance, the URL might contain your email address.
  • An email address (if you provide one)
    • If you opt to provide an email address, we will store it on your device. Whenever you submit a malicious URL via the Cyber Decode App, this email address will be included in the report so that you can track your submissions.

 

Some data collected is required by us to provide the service which you have requested, or which your Client Organization has subscribed to, for reasons such as:

  • Using a website hostname to detect whether malicious content is being hosted there
  • Responding to a query/request which you have submitted
  • Access to the services your Client Organization has purchased

 

We might have to process your personal data where it’s necessary for compliance with a legal obligation.

When will we hold onto your personal information?

We only hold on to the personal information that we get from you as long as we need to for the particular purpose we collected it for, or where we have a legitimate business reason for holding onto that data (for example, to provide you with a product or service you’ve requested, to sort out transactions and to identify fraud, for our own audit purposes), or where we have to comply with certain legal, regulatory or tax requirements. Even when you stop using our services, we may have to retain some information to meet our obligations.

Where there’s no longer a legitimate business need for processing your personal information, we’ll either securely destroy, erase, delete it or make it anonymous: if we can’t do that (for example if your personal information has been stored in a backup archive), we’ll store that information securely and keep it isolated from further processing until it can be deleted.

When will we share your personal information with third parties?

We may share your personal information with third parties, but do not grant permission to those third parties to use the information for their own business interests. In particular, we may share your personal information with third parties in the following cases:

To combat cybercrime – data pertaining to threat indicators may be shared (this may entail us disclosing information to the relevant hosting company, registrar, platform, internet or telecoms service provider, any relevant law enforcement authority and any other relevant party capable of helping us stop a particular cyberattack).

If legally required to by government bodies and law enforcement agencies.

If you perform unlawful acts or attempts to conduct such acts or in any dispute, claim, action, demand or legal proceedings concerning you and Cyber Decode.

How secure is your data with us?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. These people will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

What are your rights?

Under data protection law you have the right to:

  • Access – You have the right to ask us for copies of your personal information.
  • Rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Erasure – You have the right to ask us to erase your personal information.
  • Restrict processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Object to processing – You have the right to object to the processing of your personal data in certain circumstances.
  • Data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

We don’t charge you for exercising your rights. If you make a request, we have one month to respond to you.

To talk to us about your personal information, please contact us at:

  • privacy@cyberdecode.in

What if we update the Cyber Decode Privacy Policy?

Cyber Decode reserves the right to make changes to the Cyber Decode Privacy Policy for emerging legal, regulatory or business reasons. We’ll take appropriate measures to inform you of these changes, depending on their significance and impact. We’ll seek your consent in cases where a material change would require your consent under applicable data protection law.

This page was last updated on March 15, 2023.