Not ready for a Complete Pen Test? How about finding out your Cyber Score in 2 mins? Click here for your Cyber Score
Facebook Youtube Linkedin Whatsapp
Capital Cyber Logo

Effective Date: 6 October 2025

Introduction

Capital Cyber (“we,” “us,” “our”) is a cybersecurity service provider. We deeply value the trust you place in us and are committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, retain, and protect your personal information in connection with our website (capital-cyber.com), our services, and SMS/messaging communications.

This Policy applies to all individuals whose personal information we collect, including website visitors, prospective clients, current clients, and recipients of our SMS or text messaging.

Information We Collect

We collect and process various categories of information depending on your interactions with us.

Category

Details / Examples

Identity & Contact

Name, business name, job title, email address, postal address, phone / mobile number

Credentials / Authentication

Username, password, security questions, tokens, API keys

Communications / Messages

Content of messages or emails, timestamps, delivery status, SMS replies (STOP, HELP)

Technical & Usage

IP address, device type, browser, operating system, referring URLs, pages visited, metadata

Cookies & Tracking / Analytics

Cookies, pixels, web beacons, analytics identifiers, session data

Security & Incident Data

Logs, audit trails, threat detection data, forensic data

Other Voluntary Data

Information you submit in forms, surveys, support requests, feedback

We obtain this data:

  • Directly from you (forms, sign-ups, communications)
  • Automatically via website technologies (cookies, analytics)
  • From third-party sources / public sources (e.g. IP geolocation, business directories)

Purposes & Legal Basis for Processing

We process your data for purposes including:

  • Delivering, maintaining, and improving our cybersecurity services and website
  • Responding to your inquiries, providing support, managing accounts
  • Sending communications you have consented to (e.g. email, SMS)
  • Enabling security, monitoring, log analysis, threat detection
  • Performing analytics to enhance services, features, and performance
  • Complying with legal obligations, audits, and regulatory requirements
  • Preventing fraud, abuse, security incidents, and enforcing our policies
  • Facilitating business operations (e.g. mergers, acquisitions) under appropriate safeguards

Where applicable, our legal bases include consent, contract performance, legitimate interests, and compliance with law.

Sharing & Disclosure

We may share your personal data:

  • With service providers, vendors, and subcontractors (e.g. hosting, analytics, communication gateways) under confidentiality obligations
  • To comply with legal or regulatory obligations, or in response to valid requests by public authorities
  • To protect our rights, property, or safety, or that of others
  • In connection with a corporate transaction (merger, acquisition, sale) with suitable privacy protections
  • In an aggregated or de-identified form (so individuals cannot be identified)

Important Exception (SMS / Opt-In Data):

Text message opt-in data (including mobile numbers, consent metadata, and opt-in timestamps) will not be shared or sold to third parties for marketing or promotional purposes. This data is only used by us or our authorized service providers (e.g. SMS gateways) to deliver the messaging service, in compliance with A2P / carrier rules.

A2P / SMS Messaging Compliance

This section sets forth our SMS / text messaging practices in line with A2P / 10DLC / U.S. carrier compliance frameworks (if applicable).

Consent & Opt-In

  • We send SMS messages only to individuals who explicitly opt in (e.g. via web forms, checkboxes, or reply keywords).
  • At the point of collecting your mobile number, we display a clear disclosure, such as:

“By providing your mobile number and checking this box, you consent to receive periodic text messages from Capital Cyber. Message & data rates may apply. Reply STOP to opt out, HELP for help.”

  • Records of how and when consent was obtained (timestamp, source, method) are retained for audit and compliance.

Types of Messages

We may send:

  • Service / transactional messages (e.g. security alerts, account updates)
  • Promotional / marketing messages, only if you have opted in

Opt-Out / STOP / HELP

  • You may opt out of marketing SMS messages at any time by replying STOP (or another permitted keyword). After opting out, we send a confirmation message and will not send further marketing texts.
  • You may reply HELP (or another keyword) or contact us for assistance.
  • Opting out of marketing texts does not necessarily stop service / transactional messages unless all consent is withdrawn.

Message Frequency & Costs

  • Message frequency may vary; where feasible, we indicate expected frequency.
  • Standard message & data rates may apply depending on your mobile carrier plan.

Data Use & Retention for SMS

  • We collect metadata (delivery status, timestamps) and content (where needed) to operate the service, maintain logs, and comply with audits.
  • SMS logs and opt-in metadata are retained only as long as necessary for operations, compliance, or legal obligations; thereafter securely deleted or anonymized.

Compliance & Audits

  • We maintain records of opt-ins, opt-outs, messaging logs, and consent metadata to support audits and verification by carriers or regulators.
  • We adhere to industry standards (CTIA, carrier rules, campaign registration) and ensure messaging practices avoid prohibited content, do not impersonate, and follow content / frequency rules.

Cookies, Tracking & Analytics

  • We use cookies, web beacons, pixels, and similar technologies to collect usage data, provide features, analyze performance, and serve content.
  • Analytics tools help us understand usage patterns, feature adoption, and site performance.
  • You can disable or block cookies through your browser settings, although some functions of our site or services may not work correctly in this case.
  • Our tracking practices may be detailed in a separate Cookie Policy or supplement to this document.

Security & Data Protection

As a cybersecurity firm, we adopt rigorous measures to protect your data. Our safeguards include:

  • Encryption in transit (TLS/SSL) and at rest
  • Role-based access control, least privilege
  • Logging, monitoring, intrusion detection/prevention
  • Regular security audits, vulnerability scans, and penetration testing
  • Incident response procedures, backups, and business continuity planning
  • Secure deletion/disposal of data when no longer needed

Nonetheless, no system can be 100% secure. You acknowledge that any transmission to/from us carries inherent risks.

Data Retention & Deletion

We retain personal information only as long as necessary for business, legal, or regulatory purposes. When data is no longer required, we securely delete or irreversibly anonymize it.

If you request deletion of your personal data (subject to legal or compliance exceptions), we will verify your identity and, to the extent feasible, comply with your request.

Your Rights & Choices

Depending on your jurisdiction, you may have rights including:

  • Accessing or obtaining a copy of your personal data
  • Correcting inaccuracies
  • Deleting or anonymizing your data (with legal limitations)
  • Withdrawing consent (e.g. marketing emails, SMS)
  • Objecting to or restricting specific processing
  • Data portability (if applicable)
  • Lodging complaints with regulatory authorities

To exercise these rights, contact us (details below). We may require identity verification before fulfilling requests.

International Transfers

Your personal data may be processed or stored in countries other than your own (e.g. third-party service providers). In such cases, we utilize contractual, organizational, and technical safeguards (such as encryption and standard contractual clauses) to ensure protection that is consistent with this Policy and applicable laws.

Changes to This Policy

We reserve the right to modify this Privacy Policy periodically to reflect changes in our practices, legal requirements, or services. When we make material changes, we will update the “Effective Date” and provide notice (e.g., via email or website banner). Continued use of our services or SMS after modifications constitutes acceptance of the updated policy.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, you may reach us at:

  • Email: info@capital-cyber.com
  • Phone: +1 (571) 410-3066
  • Address: 1019B Edwards Ferry Rd. #1183 Leesburg, VA 20176