Last updated: April 2021
CyCraft is committed to protecting the confidentiality of the collected information. CyCraft’s policies, guidelines, and actions support this commitment to protecting the information. Each manager and employee of CyCraft bears a personal responsibility safeguarding the collecting, using, disclosing, storing, accessing, transferring of the information.
You may visit the Website without registering or actively submitting personal information to us. If you do not register, then we receive only information that your computer or other device sends to us in connection with access requests and via cookies and other technologies that we use to analyze and enhance your use of our Website.
There are certain services we offer, however, which require the submission of personally identifiable information, such as your first name, last name, email address, phone number, country, company name, and industry. If you contact us by email through the Website, we may keep a record of your contact information and correspondence, and may use your email address, and any information that you provide to us in your message, to respond to you. We also use your personally identifiable information to send you other publications or information about our products or services that may be of interest to you. In addition, we may send you important administrative information regarding the Website and/or services we offer via the Website. If you decide at any time that you no longer wish to receive communications from us, please send an email to firstname.lastname@example.org to unsubscribe or opt-out.
If you purchase services or register for an event, we may also require you to provide financial qualifications and billing information, such as billing name and address and the number of employees within the organization that will be using the services.
When you visit the Website, our servers automatically record information that your browser sends whenever you visit the Website. Log data may include information such as your IP address, browser type, or the domain from which you are visiting as Internet domain and host names; operating system types; clickstream patterns; and dates and times that our Website is accessed. For most users accessing the Internet from an Internet service provider, the IP address will be different every time you log on. We use it to monitor use of the Website and the services we offer via the Website and for the Website’s technical administration.
We do not recognize or take action in response to Do-Not-Track (DNT) signals from Web browsers. At this time there is not any universally accepted standard for a company’s adoption for how to respond when a DNT signal is detected. In the event a final standard is established, we will determine how to appropriately respond to these signals.
Use of Personal Information
We use your information to operate, evaluate and improve our Website and business (including developing new products and services; enhancing and improving our services; managing our communications; and analyzing our products) and to communicate with you and respond to your requests. We also use personal information about CyCraft event attendees to plan and host corporate events, host online forums and social networks in which event attendees may participate.
Sharing of Personal Information
We disclose your personal information only as follows:
- With your consent.
- We use affiliated and unaffiliated service providers all over the world that help us deliver our service and run our business subject to confidentiality agreements.
- We share aggregated usage statistics that cannot be used to identify you individually.
- We will disclose data as required by law or to protect you, other users, us, or third parties from harm, including fraud, data security breaches, or where someone’s physical safety seems at risk.
CyCraft employs administrative, physical, and electronic measures designed to protect your information from unauthorized access.
Information Storage and International Transfers
We and our service providers process and store your personal information on servers around the world, including in Taiwan, Japan, and the United States.
Links to Other Websites
What type of personal information is collected?
Most of the information CyCraft collects through its offerings is metadata. Some of the data CyCraft collects may be considered indirect personal information depending on the laws of the location where it is collected, such as the public IP address. The following list shows the technical data that CyCraft may collect and could be interpreted as indirect personal information.
- Product information such as the MAC address, device ID, and public IP address
- Metadata from suspicious executables (create time, modify time, file headers … etc.)
- Information on executable files that may be malicious (exe, dll or sys)
- Information on networks that may be malicious (IP, domain, or URL)
- Debug logs
The use of information collected through our CyCraft offerings shall be limited to the purpose of providing the service for which our customers have engaged CyCraft. We do not use any personal information collected through our offerings to contact or market products or services to these individuals. CyCraft also does not provide any information obtained through the offerings to third parties for the purpose of contacting or marketing products or services to these individuals.
Where is data processed?
Processing of the data is conducted at the following:
- Data centers operated by CyCraft or its affiliates located in your country or in Taiwan. CyCraft implements appropriate measures to ensure that the information remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws.
- Cloud-based Google Cloud Platform (GCP). The employed GCP data centers have passed the ISO/IEC 27001:2013 and ISO/IEC 27017:2015 certifications. All data processing is performed in your country.
- Amazon Web Services (AWS). The employed AWS data centers have passed the ISO/IEC 27001:2013, ISO/IEC 27017:2015, and MTCS Level 3 certifications.
CyCraft will retain the data for as long as its operational use is deemed necessary to fulfill the purpose for which CyCraft collected it and to comply with audit, contractual, or legal requirements. When the data is no longer required, such as the completion of a proof of concept (POC) testing, it will be securely deleted.
Where is your data stored?
Your data is stored within CyCraft’s designated drives and servers. We ensure all systems, services, and equipment used for storing data meet the highest security standards and are always protected from unauthorized access, accidental deletion, and malicious hacking attempts. We perform regular checks and scans to ensure the hardware and software are always functioning properly.
Who do we share your data with?
Your data is shared with no one. CyCraft does not sell, trade, or rent the information we collect to others. It is only used by CyCraft to conduct cybersecurity-related analysis making sure there are no malicious codes in your endpoints.
The data is NEVER shared with a third-party. An End User License Agreement (EULA) is provided. Use of CyCraft proprietary software is subject to the terms of that license agreement.
If required, CyCraft may disclose the collected information as required by law, such as to comply with a subpoena or similar legal process; or when CyCraft believes that disclosure is necessary or appropriate to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. We may transfer any information we have collected in the event we sell or transfer all or a portion of our business or assets.
How do we protect your data?
CyCraft pays the utmost attention to ensure your data is always protected. CyCraft implements an effective security process that incorporates our unique cyber threat know-how to protect the data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Internal access to the data is only granted on a need-to-know basis. CyCraft is committed to processing data in accordance with its responsibilities under relevant applicable regulations.
Specifically, CyCraft implements the following security practices to ensure the privacy and security of your data.
- All company endpoints are installed with the Xensor Scanner to ensure full protection.
- All CyCraft system logins must pass a two-factor authentication before being granted access. The enhanced security measures are similar to the Google account security features with Yubikey. The two-step verification requires a valid password, followed by a FIDO Yubikey verification code.
- CyCraft has adopted an information security framework similar to the Google Zero Trust. Administrators must pass a two-factor authentication to login to the Security Gateway and check if all the devices are legitimate before they can be connected.
- Access to the cloud-based servers is strictly granted on a need-to-know basis. Additionally, site-to-site VPN is employed to ensure that the users and devices all comply with the company policy and auditing rules.
- CyCraft cloud-based services employ GCP data centers. These data centers have passed the ISO/IEC 27001:2013 and ISO/IEC 27017:2015 certifications.
To further show CyCraft’s commitment in being a professional cybersecurity service provider, its Computer Security Incident Response Team (CSIRT) is an official member of FIRST – the premier Incident Response organization. Moreover, CyCraft has successfully passed the ISO/IEC 27001:2013 certification in September 2020.
User Access and Choice
You have the following rights towards CyCraft with regard to the collected data:
- Right of Access: You have the right to access the collected data that we hold. To request access to the data, please email us or contact us by postal mail at the contact information listed below. It is very helpful if you tell us what type of collected data you wish to see.
- Right of correction: If you think the data we collected may for some reason be incorrect, tell us immediately. You can do this by emailing us or by contacting us by postal mail at the contact information listed below.
- Right of deletion: You have the right to request that CyCraft delete the collected data. CyCraft will do so, provided that we do not have a compelling reason for keeping it. To request this, email us or by contacting us by postal mail at the contact information listed below.
- Right of opposition of data processing: You have the right to suppress the processing of the collected data. To request this, email us or by contacting us by postal mail at the contact information listed below.
- Right to data transferability: You can obtain and reuse the collected data for your own purposes. To request this, email us or contact us by postal mail at the contact information listed below.
When contacting CyCraft, please provide CyCraft with detailed information about the collected data you believe may be in our possession and how you wish to correct, update, amend, or remove the information, and the timeframe and manner in which you believe CyCraft came to collect it. CyCraft will respond to your request within a reasonable timeframe. If CyCraft obtained your personal information from a customer or third party acting on your behalf, you should contact the company or person you provided your information to. In certain circumstances, CyCraft may be required by law, our auditors, or other legitimate business purposes to keep information about you.
You also have the right to raise questions or complain to a data protection supervisory authority about our processing of the collected data.
Except to the extent otherwise specified in a specific agreement with you, such as for specific products and services, the terms of this Notice shall govern. By using our Offerings and Services, you are agreeing to our practices described in this Notice, which includes the collection and use of the collected information.
No. 3 Yuandong Road, 6F, Office D, Banqiao District, New Taipei City 220, Taiwan (R.O.C.)
© 2021 CyCraft Technology Corporation. All rights reserved.