We collect the following categories of personal data:

We use personal data for the following purposes:

We disclose personal data to the following categories of third parties:

We require third parties acting as our agents to process personal data only for specified purposes and in accordance with contractual safeguards consistent with the Data Privacy Framework Principles.

Where required by the Data Privacy Framework Principles, individuals have the right to:

Where we process sensitive personal data, we obtain opt-inconsent where required. To exercise these choices, individuals may contact us at support@cymru.com.

We use cookies and similar tracking technologies to track activity on Team Cymru's services and store certain information. Tracking technologies used include beacons, tags, and scripts to collect and track information, all of which help us analyze and improve our service.

We retain personal data for as long as necessary to fulfil the purposes described in this policy, including:

Retention periods are determined based on the nature of the data, the purposes of processing, contractual requirements, and applicable legal obligations.

Personal data may be processed in the United States and other jurisdictions where Team Cymru or its service providers operate.

For personal data received under the Data Privacy Framework, Team Cymru complies with the DPF Principles for onward transfers. Where we transfer personal data to third-party agents, we:

TeamCymru remains responsible and liable under the DPF Principles for onward transfers to third-parties.

Team Cymru implements administrative, technical, and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, and destruction. These measures are aligned with ISO/IEC 27001 and include encryption, access controls, monitoring, and incident response processes.

Team Cymru maintains ISO/IEC 27001-aligned controls, including encryption, multi-factor authentication (MFA), network segmentation, monitoring, incident response, and secure software development life cycle(SSDLC) processes. Team Cymru’s breach notification and response actions coincide with Team Cymru's own Incident Response Policy, as well as applicable laws and customer agreements. In the event of a security incident involving personal data, Team Cymru will respond and provide notifications, where required, in accordance with applicable law and customer agreements.

Team Cymru shall maintain administrative, physical, and technical safeguards to ensure the integrity, confidentiality, and security of client data. These safeguards shall be appropriate to the nature of the services and the volume of data processed and are specifically designed to prevent security incidents, protect against reasonably foreseeable threats, as well as maintain compliance with relevant data protection regulations.

In compliance with the EU-U.S.DPF and the UK Extensionto the EU-U.S. DPF, Team Cymru commits to resolve DPF Principles-related complaints about our collection and use of your personal information.

Residents of California, Colorado, Connecticut, Virginia, and Utah may have the following rights, subject to applicable law:

To exercise these rights, individuals may contact us at support@cymru.com

We will verify requests and respond in accordance with applicable law. Individuals may designate an authorized agent to submit requests on their behalf where permitted.

Where required, individuals may appeal our decision by contacting us using the same details.

In compliance with the EU-U.S.Data Privacy Framework and the UK Extension, Team Cymru commits to resolve complaints about our collection and use of personal data.

Individuals may contact us at support@cymru.com. We will respond within 45 days.

If a complaint cannot be resolved directly, Team Cymru has designated JAMS as an independent dispute resolution provider. This service is provided at no cost to the individual. More information is available at https://www.jamsadr.com/dpf-dispute-resolution.

Team Cymru is subject to the investigatory and enforcement powers of the U.S.Federal Trade Commission.

Undercertain conditions, individuals may invoke binding arbitration as described in AnnexI of the Data Privacy Framework

Our Service is not intended for, nor directly addresses anyone under the age of 16. We do not knowingly collect personally identifiable information from anyone under the age of 16. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 16 without verification of parental consent, We take steps to permanently remove that information.

If We need to rely on consent as a legal basis for processing Your information and Your countryrequires consent from a parent, We may require Your parent's consent before We collect and use that information.

California residents under 16 years of age may have additional rights regarding the collection and sale of their personal information. Please see YourState Privacy Rights for more information.

Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

We may update Our Privacy Policy from time to time.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.