Privacy Policy

1.1 Information You Provide Directly

We collect information you voluntarily provide when you interact with our services, including but not limited to: your full name, email address, phone number, company name and job title, billing and payment information, information submitted through contact forms, consultation requests, or service enquiries, and any other data you choose to share with us during the course of our engagement.

1.2 Information Collected Automatically

When you visit our website or use our platforms, we may automatically collect certain technical data, including: your IP address and approximate geographic location, browser type and version, operating system, device information (device type, screen resolution, unique device identifiers), pages visited, time spent on pages, and referral URLs, clickstream data and interaction patterns, and log files and diagnostic data.

1.3 Information from Third Parties

We may receive information about you from third-party sources such as business partners, marketing platforms, publicly available databases, and industry threat intelligence feeds used in the delivery of our cybersecurity services.

CycloudForte uses your personal data for the following purposes: to provide, operate, and maintain our cybersecurity services and products, to process and fulfil service requests, consultations, and security assessments, to communicate with you regarding your account, service updates, and security advisories, to send you marketing communications (with your consent), including newsletters, whitepapers, and event invitations, to improve our website, services, and user experience through analytics and feedback, to comply with applicable legal and regulatory obligations, to detect, prevent, and respond to fraud, security incidents, and unauthorized access, and to fulfil our contractual obligations to clients and partners.

We process your personal data on the following legal bases under the Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act (NDPA): consent (where you have given clear consent for us to process your data for a specific purpose), contractual necessity (where processing is necessary to perform a contract with you or take pre-contractual steps at your request), legitimate interest (where processing is necessary for our legitimate business interests, provided those interests do not override your fundamental rights), and legal obligation (where processing is necessary to comply with Nigerian law or regulatory requirements).

We do not sell your personal data. We may share your information in the following circumstances:

Service Providers

We engage trusted third-party vendors who assist in delivering our services, such as cloud hosting providers, payment processors, email service providers, and analytics platforms. These providers are contractually bound to protect your data and use it only for the purposes we specify.

Legal Requirements

We may disclose your information where required by law, court order, regulatory authority, or governmental request, or where disclosure is necessary to protect our legal rights, safety, or property.

Business Transfers

In the event of a merger, acquisition, or sale of company assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and ensure your data remains protected.

With Your Consent

We may share your data with third parties when you have given us explicit consent to do so.

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and understand user behaviour. The types of cookies we use include:

Essential Cookies

Required for the basic functionality of our website. These cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website by collecting and reporting anonymised information.

Marketing Cookies

Used to track visitors across websites to display relevant advertisements. These are only placed with your consent.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

CycloudForte Check ("Check") is a self-service security health check tool offered by CycloudForte Ltd. This section outlines additional data practices specific to Check.

6.1 Assessment Data

When you use Check, we collect: your email address (required to receive your results), the industry you select, your responses to security assessment questions, and your resulting security health score and category breakdown. Assessment responses are used solely to generate your security report and recommendations. We do not share your individual assessment answers with third parties.

6.2 Payment Data

If you purchase the full Check report, payment is processed securely by Paystack, a PCI-DSS compliant payment processor. CycloudForte does not store your card details. We receive only a payment confirmation, transaction reference, and the email address associated with the payment. For Paystack's data practices, please refer to Paystack's Privacy Policy at paystack.com/privacy.

6.3 Lead Data

When you complete a Check assessment or purchase a report, your email, industry, score, and payment status are stored in our database (hosted on Supabase) for the purposes of: delivering your report, providing customer support, improving the Check tool, and (with your consent) sending you relevant security insights and service recommendations. You may request deletion of your Check data at any time by contacting info@cycloudforte.com.

6.4 Service Recommendations

Check may recommend CycloudForte professional services based on your assessment results. These recommendations are generated automatically based on your score categories and do not involve sharing your data with any third party.

ArcheaOne is a fraud detection and risk assessment platform operated by CycloudForte Ltd. This section outlines additional data practices specific to ArcheaOne.

7.1 Transaction Data

When you integrate ArcheaOne via API or dashboard, we process transaction data submitted by your organisation for the purpose of fraud detection and risk scoring. This may include transaction amounts, timestamps, account identifiers, merchant information, device metadata, and geolocation data. Transaction data is processed as a data processor acting on your instructions. We do not access, use, or disclose transaction data except as necessary to provide the ArcheaOne service.

7.2 Account and Dashboard Data

When you create an ArcheaOne account, we collect your name, email address, organisation name, and role. Dashboard usage data (pages visited, features used, alert interactions) is collected to improve the platform experience. API keys issued to your organisation are stored securely and are not shared with third parties.

7.3 Fraud Alert and Investigation Data

When ArcheaOne flags a transaction as potentially fraudulent, we store the alert details, risk score, rules triggered, and any investigation notes or actions taken by your team within the dashboard. This data is retained to support ongoing fraud detection accuracy and audit requirements.

7.4 Webhook and Integration Data

If you configure webhook notifications, we transmit alert data to endpoints you specify. You are responsible for the security of your webhook endpoints. We log delivery attempts and response codes for troubleshooting purposes.

7.5 Data Retention for ArcheaOne

Transaction data and fraud alerts are retained in accordance with your subscription tier. Upon account termination, we delete your transaction data within 30 days, except where retention is required by law or where data has been anonymised for aggregate fraud intelligence. You may request an export of your data prior to account termination by contacting support.archeaone@cycloudforte.com.

7.6 Aggregated Fraud Intelligence

We may use anonymised, aggregated transaction patterns (with all personally identifiable and organisation-identifiable information removed) to improve fraud detection models across the ArcheaOne platform. No individual transaction or customer data is shared between organisations.

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include: client engagement records retained for a minimum of 6 years after the end of the business relationship, marketing contact data retained until you withdraw consent or unsubscribe, website analytics data retained for up to 26 months, security assessment reports and audit logs retained for a minimum of 5 years in accordance with industry best practices, and Check assessment data retained for up to 2 years (or until you request deletion).

When personal data is no longer required, we securely delete or anonymise it using industry-standard methods.

CycloudForte Ltd is committed to complying with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023. In accordance with these regulations, we have implemented appropriate technical and organisational measures to protect personal data, appointed a Data Protection Officer (DPO) to oversee compliance, conducted Data Protection Impact Assessments (DPIAs) where required, maintained a lawful basis for all data processing activities, and ensured that all third-party processors comply with NDPR and NDPA requirements.

For data protection enquiries or to contact our DPO, please email info@cycloudforte.com.

Under the NDPR, NDPA, and other applicable data protection laws, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you.

Right to Rectification

You can request that we correct inaccurate or incomplete personal data.

Right to Erasure

You can request the deletion of your personal data, subject to certain legal exceptions.

Right to Restrict Processing

You can request that we limit how we use your personal data.

Right to Data Portability

You can request your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You can object to the processing of your personal data for direct marketing or other purposes based on legitimate interest.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at info@cycloudforte.com. We will respond to your request within 30 days.

As a cybersecurity company, we take the protection of your data seriously. We implement industry-leading security measures including: encryption of data in transit (TLS 1.2+) and at rest (AES-256), multi-factor authentication for access to systems containing personal data, regular vulnerability assessments and penetration testing, access controls based on the principle of least privilege, continuous monitoring and logging of access to personal data, employee security awareness training and background checks, incident response procedures for data breach detection and notification, and regular security audits and compliance reviews.

Where we transfer personal data outside of Nigeria, we ensure that appropriate safeguards are in place in accordance with the NDPR and NDPA. These safeguards include adequacy assessments of the recipient country's data protection framework, Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms, and additional technical measures such as encryption to protect data during transfer.

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take immediate steps to delete such data. If you believe we may have collected information from a child, please contact us at info@cycloudforte.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website and updating the "Last Updated" date. We encourage you to review this policy periodically to stay informed about how we protect your data.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

CycloudForte Ltd Email: info@cycloudforte.com Website: www.cycloudforte.com