Legal
Privacy Policy
Last updated July 2, 2026 · Data questions: [email protected]
1. Overview
This policy explains how Cyberou Ltd ("Cyberou", "we") collects and uses personal data when you visit cyberou.com, subscribe to our research, or work with us as a client. We are the data controller for the data described here and comply with the UK GDPR and EU GDPR.
2. What we collect
Contact details you give us (name, work email, company) when you request a coverage report, subscribe to the weekly brief, book a call or become a client; correspondence with us; and limited usage data about how our site and client dashboard are used (pages viewed, approximate location from IP, browser type). We do not collect special-category data and our services are not directed at children.
3. How we use it
To deliver the services and reports you request, operate the client dashboard, send the newsletters you subscribed to, respond to enquiries, improve our site, and meet legal obligations. We do not sell personal data, and we do not use client data to train third-party AI models.
4. Legal bases
Performance of a contract (client engagements and dashboard access), consent (newsletters, withdraw any time via the unsubscribe link), and legitimate interests (responding to enquiries, securing our services, and B2B marketing to work addresses, balanced against your rights).
5. Sharing and processors
We share data only with service providers who process it for us under contract, hosting, email delivery, scheduling and analytics, and with professional advisers or authorities where the law requires. Where data leaves the UK/EEA we rely on adequacy decisions or standard contractual clauses. A current list of subprocessors is available on request.
6. Retention
Newsletter data is kept while you remain subscribed. Enquiry data is kept for 24 months. Client account and engagement records are kept for the engagement plus 6 years to meet contractual and tax obligations, then deleted or anonymised.
7. Your rights
You can request access, correction, deletion, restriction, portability, and object to processing based on legitimate interests, by emailing [email protected]. We respond within one month. You may also complain to the ICO (UK) or your local supervisory authority.
8. Cookies and analytics
We use strictly-necessary cookies for login sessions and privacy-respecting, aggregate analytics to understand site usage. We do not run third-party advertising trackers.
9. Security
Data is encrypted in transit and at rest, access is role-based and logged, and we review our security controls regularly, we hold ourselves to the standards we write about. If a breach affects your data we will notify you and the regulator as required by law.
10. Changes and contact
We will post any changes here and update the date above; material changes are notified by email to subscribers and clients. Contact [email protected] for anything data-related.