Privacy Policy

CysuiteONE Privacy Policy

Last updated: 12/05/2026

1. Introduction

CysuiteONE respects your privacy and is committed to protecting personal data.

This Privacy Policy explains how CysuiteONE collects, uses, stores, shares, and protects personal data when you visit our website, use our platform, contact us, or interact with our services.

CysuiteONE provides cybersecurity, compliance, cyber resilience, incident management, reporting, and AI-assisted governance tools for regulated small and medium-sized businesses.

For the purposes of this Privacy Policy, “CysuiteONE”, “we”, “us”, or “our” refers to Cysuite FZE, registered in the United Arab Emirates.

2. Our role

Depending on how you interact with CysuiteONE, we may act as:

Data Controller

When we collect and use personal data for our own purposes, such as managing accounts, billing, marketing, support, website analytics, and business administration.

Data Processor / Service Provider

When we process personal data on behalf of our clients through the CysuiteONE platform, such as compliance records, user accounts, incident information, risk registers, evidence files, reports, and monitoring data.

Where we act as a processor, we process personal data only according to our client’s instructions and the applicable data processing agreement.

3. Personal data we collect

We may collect the following categories of personal data:

Account and identity data

  • Name
  • Business email address
  • Job title
  • Company name
  • Company type
  • Jurisdiction
  • User role and permissions
  • Login and authentication details

Business and compliance data

  • Cybersecurity and compliance assessment responses
  • Risk and control information
  • Evidence uploaded to the platform
  • Incident records
  • Regulatory reporting information
  • Board or management report inputs
  • Monitoring configuration, such as company domains

Technical and usage data

  • IP address
  • Device and browser information
  • Log data
  • Pages visited
  • Platform usage activity
  • Date and time of access
  • Security and audit logs

Communications data

  • Messages sent to us
  • Support requests
  • Demo requests
  • Contact form submissions
  • Newsletter or marketing preferences

AI interaction data

Where Cysuite AI is used, we may process prompts, questions, platform context, and generated responses to provide AI-assisted guidance. We do not intentionally use client confidential information to train public AI models unless expressly agreed.

4. How we collect personal data

We collect personal data when:

  • You create or use a CysuiteONE account
  • Your employer or organisation invites you to the platform
  • You complete onboarding, diagnosis, compliance, or reporting workflows
  • You upload evidence or documents
  • You configure monitoring or domain information
  • You submit a contact form or request a demo
  • You communicate with us
  • You use Cysuite AI
  • You browse our website or platform

5. How we use personal data

We use personal data to:

  • Provide and operate the CysuiteONE platform
  • Manage user accounts and authentication
  • Deliver cybersecurity and compliance workflows
  • Generate dashboards, reports, alerts, and insights
  • Support incident, risk, evidence, and governance processes
  • Provide Cysuite AI-assisted guidance
  • Respond to support and business enquiries
  • Improve platform performance, security, and usability
  • Monitor and protect against misuse, fraud, or unauthorised access
  • Send service communications
  • Send marketing communications where permitted
  • Comply with legal, regulatory, accounting, and security obligations

6. Legal bases for processing

Where applicable, we rely on one or more of the following legal bases:

  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate interests
  • Consent
  • Protection of vital interests where applicable
  • Processing necessary for the establishment, exercise, or defence of legal claims

Our legitimate interests include providing and improving our services, securing the platform, supporting clients’ cybersecurity and compliance operations, preventing fraud, and communicating with business users.

7. Client data and platform content

Clients are responsible for ensuring they have the right to upload, submit, or process personal data through CysuiteONE.

Where we process client data as a processor, the client remains responsible for determining the purposes and means of processing. CysuiteONE processes such data only to provide the services, maintain security, support the client, and comply with applicable agreements and laws.

8. AI-assisted features

CysuiteONE may include AI-assisted features to help users interpret cybersecurity, compliance, risk, and reporting information.

AI outputs are provided for support and guidance only. They do not replace professional legal, regulatory, cybersecurity, or compliance advice.

Users should review AI-generated outputs before relying on them for decisions, submissions, regulatory notifications, or board reporting.

9. Sharing personal data

We may share personal data with:

  • Hosting and cloud infrastructure providers
  • Authentication and security providers
  • Email and communication providers
  • Analytics and monitoring providers
  • Payment providers, where applicable
  • Professional advisers
  • Regulators, authorities, courts, or law enforcement where legally required
  • Service providers supporting platform operations

We do not sell personal data.

Where service providers process personal data on our behalf, we require appropriate contractual, confidentiality, and security obligations.

10. International transfers

CysuiteONE may process or store personal data in jurisdictions outside your country of residence or business location.

Where required, we use appropriate safeguards for international transfers, such as contractual protections, data processing agreements, transfer impact assessments, standard contractual clauses, or equivalent lawful mechanisms under applicable data protection laws.

11. Data retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to:

  • Provide the platform
  • Maintain client records
  • Comply with legal and regulatory obligations
  • Resolve disputes
  • Enforce agreements
  • Maintain security and audit logs

Client platform data is retained according to the applicable subscription, contract, or data processing agreement.

When personal data is no longer required, we delete, anonymise, or securely archive it.

12. Security

We apply appropriate technical and organisational measures to protect personal data, including:

  • Access controls
  • Authentication controls
  • Encryption where appropriate
  • Audit logging
  • Monitoring
  • Secure development practices
  • Role-based permissions
  • Vendor security review
  • Backup and recovery controls

No system is completely secure, but we work to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

13. Data breaches

If we become aware of a personal data breach affecting personal data we process, we will assess the incident and take appropriate action in accordance with applicable law and our contractual obligations.

Where legally required, we will notify affected clients, regulators, or individuals within the applicable timeframe.

14. Your rights

Depending on your location and applicable law, you may have rights to:

  • Access your personal data
  • Correct inaccurate personal data
  • Delete personal data
  • Restrict processing
  • Object to processing
  • Withdraw consent
  • Request data portability
  • Lodge a complaint with a regulator or supervisory authority

If we process your personal data on behalf of a client, we may refer your request to that client.

To exercise your rights, contact us at:

Email: hello@cysuiteone.com

15. Marketing communications

You may receive marketing communications from us if you have requested information, signed up for updates, or otherwise permitted us to contact you.

You can opt out of marketing communications at any time by using the unsubscribe link or contacting us.

We may still send service-related communications, such as security notices, account updates, or platform changes.

16. Cookies and analytics

Our website may use cookies and similar technologies to operate the website, remember preferences, analyse usage, and improve performance.

Where required, we will request your consent before placing non-essential cookies.

You can manage cookies through your browser settings or cookie banner where available.

17. Children

CysuiteONE is intended for business users and is not directed to children.

We do not knowingly collect personal data from children.

18. Third-party links

Our website or platform may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties.

19. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will notify users through the website, platform, email, or other appropriate means.

20. Contact us

For privacy questions or requests, contact:

CysuiteONE

Back to home