Privacy & Data Governance


Enterprise-grade protection for your organizational intelligence. HexaBreach is committed to responsible data handling across our cybersecurity, managed security, DFIR, training, and support ecosystems.

Version 1.0 | Effective Date: June 5, 2026

HexaBreach (“HexaBreach,” “we,” “our,” or “us”) provides cybersecurity, managed security, digital forensics, incident response, threat intelligence, training, and related professional services. This Privacy & Data Governance Policy explains how we collect, use, protect, retain, and disclose information when you interact with our websites, portals, platforms, support channels, events, training programs, and professional services.

Data Role Transparency:
Depending on the service context, HexaBreach may act as a Data Controller when handling website, inquiry, account, marketing, and business relationship data, or as a Data Processor when processing customer-provided data, logs, forensic evidence, telemetry, or case information on behalf of a client.

1. Scope and Applicability

This policy applies to information processed in connection with:

  • Website visits, contact forms, newsletter subscriptions, and business inquiries.
  • Customer accounts, support requests, tickets, and portal activity.
  • Managed security services, monitoring, detection, response, and reporting.
  • Digital forensics, incident response, data recovery, malware analysis, and evidence handling.
  • Training, webinars, certification programs, events, and community programs.
  • Professional consulting, advisory, threat intelligence, and technical assessments.

2. Information We Collect

We collect only the information reasonably necessary to deliver, secure, improve, and support our services.

  • Business Contact Information: Names, work email addresses, phone numbers, job roles, company names, countries, and inquiry details.
  • Account and Portal Data: Login identifiers, profile details, support tickets, service requests, communication preferences, and usage activity.
  • Technical and Security Data: IP addresses, device identifiers, logs, alerts, telemetry, system events, configuration details, and security findings.
  • Forensic and Incident Data: Disk images, memory captures, logs, malware samples, emails, metadata, case notes, timelines, and evidence artifacts provided during authorized engagements.
  • Training and Event Data: Registration details, attendance records, course progress, certification records, and feedback.

3. How We Use Information

HexaBreach processes information for legitimate business, security, contractual, legal, and operational purposes.

  • To respond to inquiries, provide quotes, manage customer relationships, and deliver requested services.
  • To provide cybersecurity monitoring, threat detection, incident response, digital forensics, and support services.
  • To analyze indicators of compromise, security events, vulnerabilities, and threat activity.
  • To operate, maintain, secure, and improve our platforms, portals, infrastructure, and internal systems.
  • To provide training, certifications, webinars, community access, and technical learning experiences.
  • To comply with legal obligations, enforce agreements, prevent fraud, and protect rights, safety, and security.

4. Digital Forensics and Evidence Handling

HexaBreach applies controlled handling practices for forensic and incident response engagements. Customer-provided evidence and investigative artifacts are processed only for authorized purposes.

  • Authorization: We process forensic artifacts only where the client confirms proper legal authority or authorization.
  • Evidence Preservation: Where applicable, forensic work is performed on copies or controlled working images to reduce risk to original evidence.
  • Access Restriction: Access to forensic case data is limited to authorized personnel with a need to know.
  • Chain of Custody: Where required, case activities, transfers, evidence references, and handling steps may be documented for integrity and accountability.
  • Secure Disposal: Case data may be securely deleted or returned according to contract terms, legal obligations, or client instructions.

5. Security of Information

We use administrative, technical, and organizational safeguards designed to protect information from unauthorized access, disclosure, alteration, loss, or misuse.

  • Access control and role-based permission management.
  • Multi-factor authentication for sensitive systems and privileged users.
  • Encryption in transit and, where applicable, encryption at rest.
  • Secure logging, monitoring, and security event review.
  • Segregated workspaces for sensitive investigative and client environments where appropriate.
  • Personnel confidentiality obligations and security awareness practices.
Security Note:
No method of transmission, storage, or processing is completely secure. HexaBreach applies reasonable safeguards, but cannot guarantee absolute protection against every risk, threat actor, vulnerability, or security event.

6. Data Sharing and Disclosure

HexaBreach does not sell personal data. We only disclose information where necessary for service delivery, security, legal compliance, or authorized business operations.

  • Service Providers: Trusted vendors supporting hosting, ticketing, communications, analytics, payment, security, or infrastructure services.
  • Professional Advisors: Legal, accounting, audit, insurance, or compliance advisors where required.
  • Legal Authorities: Courts, regulators, or law enforcement where required by valid legal process.
  • Customer-Authorized Parties: Third parties designated by the customer for incident response, remediation, reporting, or collaboration.
  • Business Transfers: Where information is relevant to a merger, acquisition, restructuring, or sale of assets, subject to appropriate safeguards.

7. International Data Transfers

HexaBreach may process or store information in jurisdictions outside your country of residence or business operation, depending on infrastructure, support, customer requirements, and service delivery needs.

Where international transfers occur, we use reasonable safeguards designed to protect information in accordance with applicable contractual, legal, and security requirements.

8. Data Retention and Erasure

We retain information only for as long as reasonably necessary for service delivery, security, legal, contractual, accounting, audit, or legitimate business purposes.

  • Business Inquiry Data: Retained as needed to manage communications, opportunities, support history, and customer relationships.
  • Support and Account Records: Retained for operational continuity, auditability, dispute resolution, and service improvement.
  • Forensic Artifacts: Retained according to the applicable statement of work, legal hold, client instruction, evidence requirement, or agreed retention schedule.
  • Training Records: Retained for certification verification, attendance history, compliance, and learning support.
  • Security Logs: Retained for monitoring, investigation, threat detection, compliance, and infrastructure protection.

When information is no longer required, we may delete, anonymize, archive, or securely dispose of it in accordance with applicable requirements.

9. Cookies and Website Technologies

Our website may use cookies, analytics tools, tracking pixels, or similar technologies to improve site functionality, understand usage, remember preferences, secure sessions, and support marketing or communication efforts.

  • Essential cookies may be required for website and portal functionality.
  • Analytics cookies help us understand usage patterns and improve user experience.
  • Marketing cookies may support campaign measurement and relevant communications where applicable.

You may control cookies through your browser settings. Disabling certain cookies may affect website or portal functionality.

10. Your Privacy Rights

Depending on your location and applicable law, you may have rights relating to your personal information.

  • The right to request access to personal information we hold about you.
  • The right to request correction of inaccurate or incomplete information.
  • The right to request deletion or erasure, subject to legal and contractual limitations.
  • The right to object to or restrict certain processing activities.
  • The right to withdraw consent where processing is based on consent.
  • The right to request portability where applicable.
  • The right to lodge a complaint with a relevant data protection authority.

Where HexaBreach processes information on behalf of a customer, requests relating to that data may need to be directed to the customer as the data controller.

11. Children’s Privacy

HexaBreach services are intended for business, professional, enterprise, institutional, and authorized technical users. We do not knowingly collect personal information from children. If we become aware that such information has been collected without appropriate authorization, we will take reasonable steps to delete it.

12. Changes to this Policy

We may update this Privacy & Data Governance Policy from time to time to reflect operational, legal, regulatory, technical, or service changes. Updated versions may be published on our website or communicated through appropriate channels.

13. Contact Information

For privacy requests, data protection inquiries, or questions about this policy, please contact us:

HexaBreach Privacy & Compliance Office
Email: privacy@hexabreach.com
Legal: legal@hexabreach.com
Security Reports: security@hexabreach.com
Support Portal: Hexabreach Support

Back to Top