PRIVACY
Privacy Policy
Last updated: 10 July 2026. This policy describes how CyberMind Inc. collects, uses, discloses and protects personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.
1. Introduction and accountability
CyberMind Inc. ("CyberMind," "we," "us" or "our") is a defensive cybersecurity consultancy headquartered at 460 Richmond Street West, Suite 200, Toronto, ON M5V 1Y1, Canada. We are accountable for personal information under our control and have designated privacy-related enquiries to be directed to [email protected].
This Privacy Policy applies to personal information collected through the website cybermindai.pro (the "Website"), through email and telephone communications with us, and in the course of providing professional cybersecurity consultancy services to clients. It does not apply to third-party websites linked from our Website, which maintain their own privacy practices.
We are committed to the ten fair information principles set out in Schedule 1 of PIPEDA: accountability, identifying purposes, consent, limiting collection, limiting use, disclosure and retention, accuracy, safeguards, openness, individual access and challenging compliance.
2. Personal information we collect
2.1 Website contact enquiries
When you submit our contact form, we collect the information you provide: your name, email address, selected subject category, message content and confirmation of consent to processing under PIPEDA. We also collect a timestamp of submission through our server-side processing. We use a hidden honeypot field ("website") for spam prevention; legitimate users should leave this field empty.
2.2 General communications
If you email us at [email protected], call us or correspond by mail, we collect the personal information contained in those communications — typically your name, contact details, organization and the substance of your message.
2.3 Client engagements
When you engage CyberMind for professional services, we may collect additional personal information necessary to perform the engagement: authorized signatory names, billing contacts, technical points of contact, credentials for authorized system access (handled under strict security protocols), and telemetry or log data that may incidentally contain personal information about your employees or customers. The scope of such collection is defined in each client's services agreement and data processing addendum.
2.4 Website technical data
Our web server may automatically log technical information such as IP address, browser type, referring URL, pages visited and timestamps. If you consent to analytics cookies, additional usage data may be collected as described in our Cookie Policy. Strictly necessary cookies operate regardless of analytics consent to maintain basic site functionality and record your cookie preference.
2.5 Information we do not collect
We do not knowingly collect personal information from children under 13. Our services are directed at business professionals and organizations. We do not purchase personal information lists for marketing purposes.
3. Purposes of collection and use
We collect and use personal information only for purposes that a reasonable person would consider appropriate in the circumstances. Primary purposes include:
- Responding to enquiries submitted through the Website or other channels;
- Assessing whether CyberMind's services may fit a prospective client's needs;
- Performing contracted cybersecurity consultancy services, including threat detection, alert triage, threat intelligence and incident response support;
- Invoicing, payment processing and account management;
- Complying with legal obligations, including responding to lawful requests from authorities;
- Improving our Website through aggregated, de-identified analytics (with consent where required);
- Protecting the security and integrity of our systems and the Website.
We will identify purposes at or before the time of collection. If we need to use your personal information for a new purpose not contemplated in this policy, we will obtain your consent unless permitted or required by law.
4. Consent
Consent is required for the collection, use and disclosure of personal information, subject to legal exceptions. For Website contact form submissions, we require you to actively confirm consent via the consent_pipeda checkbox before submission. This checkbox is not pre-checked.
For client engagements, consent for processing personal information within client telemetry is obtained through executed services agreements and data processing addenda. Clients represent that they have authority to grant CyberMind access to systems and data described in the scope document.
You may withdraw consent for non-essential processing by contacting [email protected]. Withdrawal may limit our ability to provide services or respond to enquiries. We will inform you of the consequences of withdrawal where applicable.
5. Limiting collection, use, disclosure and retention
5.1 Collection limits
We collect only personal information that is necessary for the identified purposes. We do not collect extraneous data through the contact form beyond the fields displayed.
5.2 Use and disclosure limits
We do not sell, rent or trade your personal information to third parties for their marketing purposes. We may disclose personal information to:
- Service providers who assist with hosting, email delivery or analytics, bound by confidentiality and data protection obligations;
- Professional advisors (legal, accounting) where necessary;
- Law enforcement or regulatory bodies when required by law or to protect rights and safety;
- Successors in the event of a merger, acquisition or asset sale, subject to equivalent privacy protections.
Client engagement data is disclosed only as authorized in the applicable contract or as required by law. We do not disclose client telemetry or investigation findings to unauthorized third parties.
5.3 Retention
Contact form submissions are retained for up to twenty-four months unless a business relationship develops, in which case records are retained according to the client file retention schedule. Client engagement records, including reports and correspondence, are typically retained for seven years after engagement end for legal, accounting and professional liability purposes, unless a shorter period is agreed in writing or longer retention is required by law.
Cookie consent preferences are stored for six months, after which the cookie banner will reappear. Server logs are retained on a rolling basis, typically no longer than ninety days unless required for security investigation.
6. Accuracy
We rely on you to provide accurate and current personal information. You may request correction of inaccurate information by contacting [email protected]. We will amend records where appropriate and notify third parties who received incorrect data if doing so is reasonable and authorized.
7. Safeguards
As a cybersecurity consultancy, we apply administrative, technical and physical safeguards appropriate to the sensitivity of the information we hold. Measures include access controls limited to personnel with a need to know, encryption in transit for web communications (HTTPS), secure handling of client credentials, and confidentiality obligations for all staff and contractors.
No method of transmission or storage is completely secure. While we work to protect personal information, we cannot guarantee absolute security. In the event of a breach of security safeguards involving personal information that creates a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada as required by PIPEDA breach notification provisions.
8. Cross-border processing
Our Website is hosted in Canada. Some service providers may process data in other jurisdictions. Where personal information is transferred outside Canada, we assess the recipient's privacy practices and use contractual protections to require comparable safeguards. Details of sub-processors relevant to your engagement are available upon request.
9. Individual access and rights
Upon written request to [email protected], you may request access to personal information we hold about you, subject to limited exceptions permitted by law (for example, where disclosure would reveal confidential commercial information or affect another individual's privacy). We will respond within thirty days or inform you if an extension is required.
You may also request information about our privacy practices, challenge our compliance and lodge a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated:
Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, QC K1A 1H3
Toll-free: 1-800-282-1376
www.priv.gc.ca
10. Client data and telemetry
During cybersecurity engagements, CyberMind analysts may access log data, alert queues, endpoint telemetry and related materials that could contain personal information (for example, employee usernames, IP addresses or email metadata). Such access occurs only under written authorization with defined scope. We process this data solely to deliver contracted services — detection tuning, alert triage, threat intelligence, incident support — and not for unrelated purposes.
AI-assisted tools may analyse patterns within client telemetry. AI outputs are reviewed by human analysts before conclusions are communicated to clients. We do not use client telemetry to train public machine-learning models unless explicitly agreed in writing.
11. Marketing communications
We do not send unsolicited marketing email to individuals who have not opted in. Enquiry follow-ups related to your specific request are not considered marketing. If we ever introduce optional newsletters, we will provide a clear unsubscribe mechanism and obtain appropriate consent.
12. Changes to this policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. The "Last updated" date at the top will be revised accordingly. Material changes will be posted on this page. We encourage you to review this policy periodically.
13. Contact
For privacy questions, access requests or complaints:
Privacy contact: [email protected]
Mail: CyberMind Inc., 460 Richmond Street West, Suite 200, Toronto, ON M5V 1Y1, Canada
Telephone: +1 (416) 351-7042
Related documents: Cookie Policy · Terms of Service · Legal Information