Legal

Privacy Policy.

How CyberDre collects, uses and protects your personal data, in line with the EU General Data Protection Regulation (GDPR).

Effective date: July 3, 2026

1. Who we are (data controller)

CyberDre ("CyberDre", "we", "us", "our") is a regulatory cyber pipeline engine for cybersecurity providers, founded by Nick Dre. For the purposes of the GDPR, CyberDre is the data controller of personal data collected through cyberdre.co.

Contact: audit@cyberdre.co (general) · compliance@cyberdre.co (data protection queries)

2. What personal data we collect

When you use a form on this website (contact form, free pipeline audit request, or a consent checkbox), we may collect:

  • Full name / first name
  • Work email address
  • Company name and website
  • Country / target market
  • Message content and any information you choose to share (offer, sector, monthly pipeline goal, etc.)
  • Metadata: submission source (which page/form), date and time

We do not knowingly collect special category data (Art. 9 GDPR) and ask that you do not submit such data through our forms.

We use one strictly necessary cookie, NEXT_LOCALE, to remember your language preference. It does not track you across other websites and, as a strictly necessary cookie, does not require consent under the ePrivacy Directive.

3. How we use your data (purpose and legal basis)

  • To respond to your inquiry or audit request — legal basis: steps taken at your request prior to entering a contract (Art. 6(1)(b) GDPR).
  • To send the follow-up communications you explicitly opted into (pipeline audit results, cybersecurity growth insights) — legal basis: your consent (Art. 6(1)(a) GDPR), given via the checkbox on our forms.
  • To improve our services and prevent abuse of our forms — legal basis: our legitimate interest (Art. 6(1)(f) GDPR), balanced against your rights.

You may withdraw consent at any time by emailing compliance@cyberdre.co or using the unsubscribe link in any email. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

4. Who receives your data (processors and recipients)

We use the following processors to operate our lead pipeline. Each processes data only on our documented instructions:

  • Make.com — workflow automation that receives your form submission via webhook and routes it to our other tools.
  • Airtable — stores your submission in our internal website_leads records (name, email, company, message, source, date).
  • Slack — internal notification only; a summary of your submission is posted to a private CyberDre team channel so we can respond promptly.

We do not sell your personal data. We do not share it with any party outside this list except where required by law.

5. International data transfers

Make.com, Airtable and Slack may process data on servers located outside the European Economic Area, including the United States. Where this occurs, transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission, or an equivalent adequacy mechanism, as implemented by each processor.

6. Data retention

  • Contact/audit requests: up to 24 months from your last interaction, or until you request deletion, whichever is sooner.
  • Marketing consent records: until you withdraw consent, plus a reasonable period to evidence consent was given.

After the retention period, your data is deleted or anonymized.

7. Your rights under the GDPR

Subject to applicable conditions and exceptions, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with your national data protection supervisory authority

To exercise any of these rights, email compliance@cyberdre.co. We will respond within one month, as required by Art. 12(3) GDPR.

8. Security

We apply appropriate technical and organizational measures — access controls, encrypted transmission, restricted processor access — to protect your data against unauthorized access, loss or misuse. No system is 100% secure; if we become aware of a breach affecting your data, we will notify you and the relevant supervisory authority as required by Art. 33–34 GDPR.

9. Children

Our services are intended for business professionals (B2B) and are not directed at, nor do we knowingly collect data from, individuals under 16.

10. Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. The effective date above will be updated accordingly, and material changes will be highlighted on this page.

11. Contact

Questions about this policy or your data: compliance@cyberdre.co
General inquiries: audit@cyberdre.co

CyberDre does not provide legal advice. This policy describes our own data practices — it is not legal guidance for your business.