Legal

Privacy Policy

Your privacy and data security are our top priorities.

1. Introduction

H3X Security Labs ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

2. Information We Collect

2.1 Information You Provide

We may collect information that you voluntarily provide to us, including:

  • Name and contact information (email, phone number, address)
  • Company name and business information
  • Professional credentials and qualifications
  • Communication preferences
  • Information submitted through contact forms or service requests

2.2 Automatically Collected Information

When you visit our website, we may automatically collect:

  • IP address and device information
  • Browser type and version
  • Operating system
  • Pages visited and time spent on pages
  • Referring website addresses
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information for:

  • Providing and improving our security services
  • Communicating with you about services, updates, and security alerts
  • Processing service requests and contracts
  • Conducting security assessments and penetration testing (with authorization)
  • Analyzing website usage and improving user experience
  • Complying with legal obligations
  • Preventing fraud and enhancing security

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

  • Service Providers: Third-party vendors who assist in operating our business
  • Legal Requirements: When required by law or to protect our legal rights
  • Business Transfers: In connection with mergers, acquisitions, or asset sales
  • With Your Consent: When you explicitly authorize sharing

5. Data Security

As a cybersecurity company, we implement industry-leading security measures to protect your data:

  • Encryption of data in transit and at rest
  • Multi-factor authentication for system access
  • Regular security audits and penetration testing
  • Employee security training and background checks
  • Incident response and breach notification procedures
  • Compliance with ISO 27001 and SOC 2 standards

6. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy or as required by law. Client engagement data is typically retained for 7 years in accordance with industry standards and legal requirements.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal information
  • Data Portability: Receive your data in a structured format
  • Objection: Object to certain processing activities
  • Withdraw Consent: Withdraw previously given consent

8. Cookies and Tracking

We use cookies and similar technologies to enhance your browsing experience. You can control cookie preferences through your browser settings. Note that disabling cookies may affect website functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses and Privacy Shield certification where applicable.

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.

11. GDPR Compliance

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). Our lawful bases for processing include contract performance, legitimate interests, and consent.

12. CCPA Compliance

California residents have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected and the right to opt-out of sale (though we do not sell personal information).

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on our website with a revised "Last Updated" date.

14. Contact Us

For questions about this Privacy Policy or to exercise your rights, please contact us:

  • Email: privacy@h3x.cat

Last Updated: September 30, 2025