This Privacy Policy explains how Cyse Ltd ("Cyse", "we", "us", or "our") collects, uses, discloses, and protects personal information when you access or use the Cyse website, marketplace, AI systems, and related services (collectively, the "Services").

This Policy is designed to comply with applicable privacy and data protection laws in the United Kingdom, the European Economic Area where applicable, the United States (including California and other state privacy laws), and Australia.

Last Updated: 26 February 2026

1.   Who We Are

Cyse Ltd is a company registered in the United Kingdom. We operate globally, including offices in the United Kingdom, Australia, and the United States.

For the purposes of UK GDPR and EU GDPR, Cyse Ltd acts as a data controller in respect of personal information processed through the Website and marketplace.

2.   Information We Collect

We may collect the following categories of personal information:

• Identity information (name, title, professional credentials)
• Contact information (email address, phone number, business address)
• Account and profile data (username, biography, certifications)
• Engagement and transaction data (project details, contracts, payments)
• Technical data (IP address, browser type, device identifiers)
• Usage data (how you interact with the platform)
• Communications data (support queries, correspondence)

3.   How We Collect Information

• Directly from you when you register or contact us
• Through platform usage and marketplace interactions
• Via cookies and similar tracking technologies
• From third-party verification or identity providers

4.   Legal Bases for Processing (UK & EU)

Under UK GDPR / EU GDPR, we process personal data on the following bases:

• Performance of a contract
• Compliance with legal obligations
• Legitimate interests (such as platform security and fraud prevention)
• Consent (where required, including for marketing communications)

5.   How We Use Your Information

• To provide and operate the Services
• To verify professional credentials
• To match organisations with cybersecurity professionals or AI systems
• To manage payments and contractual relationships
• To maintain platform security and integrity
• To comply with legal and regulatory obligations
• To improve functionality and user experience

6.   United States Privacy Rights

If you are a resident of California or another US state with comprehensive privacy legislation, you may have rights to:

• Request disclosure of personal information collected
• Request deletion of personal information
• Request correction of inaccurate information
• Opt out of the sale or sharing of personal information
• Limit use of sensitive personal information (where applicable)

Cyse does not sell personal information in the traditional sense. Where data processing could constitute "sharing" under state law, users may exercise opt-out rights.

7.   Australian Privacy Rights

In accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), individuals have the right to:

• Request access to personal information held about them
• Request correction of inaccurate or outdated information
• Make a complaint regarding handling of personal information

8.   Data Sharing & Disclosure

We may share personal information with:

• Service providers (hosting, payment processors, verification services)
• Professional advisers (legal, accounting)
• Regulatory or law enforcement authorities where legally required
• Marketplace counterparties as part of contractual engagements

We do not sell personal data.

9.   International Data Transfers

As a global platform, personal data may be transferred to and processed in the United Kingdom, Australia, the United States, and other jurisdictions.

Where required, we implement appropriate safeguards such as standard contractual clauses and contractual data protection commitments.

10.   Data Retention

We retain personal information only for as long as necessary to fulfil contractual, legal, or legitimate business purposes.

11.   Security Measures

We implement appropriate technical and organisational security measures to protect personal information against unauthorised access, alteration, disclosure, or destruction.

12.   Your Rights (UK & EU)

Individuals in the UK and EU may have rights to:

• Access personal data
• Rectify inaccurate data
• Erase personal data
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent where processing is based on consent

13.   Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors.

14.   Changes to This Policy

We may update this Privacy Policy periodically. Updated versions will be published on this page with a revised effective date.

15.   Contact Us

For questions regarding this Privacy Policy or to exercise your rights, please contact: