CyberGuardian — Legal

Privacy Policy

Last updated: January 1, 2026

CyberGuardian is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights under GDPR and the EU NIS2 Directive.

1. Who We Are

CyberGuardian is an enterprise endpoint detection and response platform developed and operated by CyberGuardian Security EOOD, registered in Bulgaria, EU. We are a data controller under the General Data Protection Regulation (GDPR).

Contact: privacy@cyberguardian.io

2. Data We Collect

2.1 Account & License Data

  • Full name and email address (for account registration and license management)
  • Company name and VAT number (for enterprise billing)
  • Payment information (processed securely via Stripe — we do not store card data)
  • License key and activation status

2.2 Security Telemetry (Agent Data)

  • Threat detection events — process names, file paths, detection timestamps
  • System health metrics — CPU, memory, disk usage
  • Network connection metadata — IP addresses, ports, protocols
  • Honeypot interaction logs — attacker IPs, credentials attempted, commands
  • NIS2 compliance scan results

All security telemetry is processed locally on your endpoint. Only aggregated, anonymized threat intelligence is shared with our global threat feeds.

2.3 Website Analytics

  • Page views and navigation patterns (anonymized)
  • Browser type and operating system
  • Referring URLs

3. Legal Basis for Processing

  • Contract performanceprocessing necessary to deliver the CyberGuardian service
  • Legitimate interestsimproving threat detection, platform security
  • Legal obligationNIS2 Article 23 incident reporting requirements
  • Consentmarketing communications (you can withdraw at any time)

4. Data Retention

  • Account data: retained for the duration of your subscription + 2 years
  • Security telemetry: configurable 30/90/180/365 days (per your NIS2 settings)
  • NIS2 audit evidence: minimum 5 years per Article 23 requirements
  • Payment records: 7 years (legal obligation under Bulgarian Accounting Act)

5. Data Sharing

We do not sell your data. We share data only with:

  • Stripepayment processing (PCI DSS compliant)
  • Railwaycloud infrastructure hosting (EU data centers)
  • CSIRT Bulgaria / NCAmandatory incident reporting under NIS2 Article 23 (only when legally required)

6. Your Rights Under GDPR

  • Right of accessrequest a copy of your data
  • Right to rectificationcorrect inaccurate data
  • Right to erasurerequest deletion of your data
  • Right to portabilityreceive your data in machine-readable format
  • Right to objectobject to processing based on legitimate interests
  • Right to restrictionrestrict processing in certain circumstances

To exercise any right, contact: privacy@cyberguardian.io. We will respond within 30 days.

7. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access to production systems is restricted to authorized personnel only. We conduct regular security audits aligned with NIS2 Article 21 requirements.

8. Cookies

We use only essential cookies required for the website to function. We do not use advertising or tracking cookies. No cookie consent banner is required as we do not use non-essential cookies.

9. Changes to This Policy

We will notify you of material changes via email at least 30 days before they take effect. Continued use of CyberGuardian after changes constitutes acceptance.

10. Contact & Complaints

Data Protection Officer: privacy@cyberguardian.io

You have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP): www.cpdp.bg

© 2026 CyberGuardian. All rights reserved.
Privacy PolicyTerms of ServiceGDPR