Privacy Policy
- Home
- Privacy Policy
Privacy Policy
1. Introduction
ABGRILO (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cybersecurity services and visit abgrilo.org. By accessing our services, you agree to this policy.
2. Information We Collect
We collect the following data to provide and improve our services:
A. Personal Information
Contact Details: Name, email, phone number, job title
Business Information: Company name, industry, size
Payment Data: Billing address, transaction history (processed securely via PCI-compliant gateways)
B. Technical Data
Device Information: IP address, browser type, operating system
Usage Data: Pages visited, time spent, security logs
Cookies: Essential (session management) and analytics (Google Analytics)
C. Security-Specific Data
Threat Intelligence: Anonymized attack patterns, malware signatures
Vulnerability Reports: Data from security assessments
3. How We Use Your Information
| Purpose | Examples | Legal Basis |
|---|---|---|
| Service Delivery | Vulnerability scans, incident response | Contractual necessity |
| Security Monitoring | Detecting brute-force attacks | Legitimate interest |
| Communications | Security alerts, newsletters | Consent |
| Compliance | GDPR, HIPAA, NIS2 requirements | Legal obligation |
4. Data Sharing & Disclosure
We never sell your data. Limited sharing occurs with:
Subprocessors: Cloud providers (AWS, Azure) with DPAs
Authorities: Only if legally compelled (e.g., court order)
Partners: Threat intelligence alliances (anonymized data only)
5. International Data Transfers
Data may be transferred globally under:
EU-US DPF and UK Adequacy Decisions
Standard Contractual Clauses (SCCs)
6. Your Rights
Under GDPR/CCPA, you may:
Access, correct, or delete your data
Opt out of marketing
Request portability
Restrict processing
To exercise rights: Email [privacy@abgrilo.org]
7. Data Retention
Active clients: Retained while services are active + 5 years
Prospects: 2 years from last contact
Security logs: 12 months (unless investigation requires longer)
8. Security Measures
We implement:
Encryption: AES-256 for data at rest, TLS 1.3 in transit
Access Controls: Role-based permissions, MFA
Audits: Annual penetration tests + SOC 2 Type II certification
9. Third-Party Links
Our site may link to external tools (e.g., CVE databases). We don’t control their privacy practices.
10. Policy Updates
We’ll notify users of material changes via email or dashboard alerts.