Skip to content
Cyber Replay logo CYBERREPLAY.COM
Book a Call

Cyber Replay Policy

Privacy Policy

Effective Date: March 18, 2026

Entity: Cyber Replay LLC

Contact Email: oliver@cyberreplay-team.com

Introduction

This Privacy Policy explains how Cyber Replay LLC collects, uses, discloses, and safeguards personal information when you visit our websites, use our products and services, or otherwise interact with us online or offline. By accessing or using our services, you agree to the practices described in this Privacy Policy.

If you do not agree with this Privacy Policy, please do not access or use our websites or services.

Scope of This Policy

This Privacy Policy applies to:

  • Our websites, including `www.cyberreplay.com` and any related subdomains (the "Sites").
  • Our managed cybersecurity and defense services, including next-generation endpoint protection, email security, XDR/SOC services, incident response, penetration testing, IT security, and IT compliance and audit services.
  • Assessments, scorecards, downloadable resources, and other tools we make available (together, the "Services").

This Policy does not apply to third-party websites, services, or applications that are not controlled by Cyber Replay, even if you access them through our Services.

Information We Collect

We collect information in three main ways: (1) information you provide directly, (2) information we collect automatically, and (3) information we receive from third parties.

1. Information You Provide

Examples include:

  • Contact and business information: name, job title, company, email address, phone number, mailing address, and similar details you provide via forms, inquiries, quote requests, or account registration.
  • Account and authentication data: usernames, passwords, and security credentials used to access our portals or tools.
  • Transaction and billing information: billing addresses, payment-related information processed via third-party processors, subscription details, and order history.
  • Customer communications: emails, tickets, chat messages, support requests, testimonials, survey responses, and other communications.
  • Security-related content: log data, configuration information, alerts, incident data, and other telemetry your organization chooses to send to us in connection with our cybersecurity, XDR, endpoint, email, penetration testing, and compliance services.

The specific categories of information may vary depending on which Services you use and how your organization configures integrations with us.

2. Information Collected Automatically

When you interact with our Sites or certain Services, we may automatically collect:

  • Device and usage data: IP address, browser type, operating system, device identifiers, referring URLs, pages viewed, and timestamps.
  • Activity data: clicks, navigation paths, session durations, and other activity indicators on our Sites or portals.
  • Log and telemetry data: security events, alerts, endpoint and email activity metadata, and other technical details generated or ingested as part of our cybersecurity monitoring and response services.

We may use cookies, pixels, and similar technologies to collect some of this information. You can adjust your browser settings to limit or disable cookies; however, some Site features may not function properly if you do so.

3. Information from Third Parties

We may receive information about you from:

  • Your employer or organization, for example when they designate you as a point of contact or user of our Services.
  • Integration partners, cloud providers, and other vendors that send us telemetry or account information as part of your security stack.
  • Marketing, referral, and event partners who provide us with lead or attendee information, subject to applicable law and their privacy policies.

How We Use Information

We use the information we collect for purposes including:

  • Providing and operating the Services, including 24/7 XDR/SOC monitoring, AI-driven endpoint and email protection, incident response, penetration testing, and compliance support.
  • Configuring, maintaining, and improving the security posture of your environment, including threat detection, investigation, and response.
  • Communicating with you about your account, subscriptions, incidents, maintenance, updates, and administrative matters.
  • Providing training, documentation, and customer support.
  • Developing, testing, and improving our Sites, tools, and Services, including through aggregated reporting and analytics.
  • Sending you security insights, product announcements, offers, and marketing communications consistent with your preferences and applicable law.
  • Protecting our rights, property, operations, and the safety of our customers, users, and the public.
  • Complying with legal obligations, resolving disputes, and enforcing our agreements.

Where required by law, including in the European Economic Area, United Kingdom, and similar jurisdictions, we rely on appropriate legal bases for processing, such as performance of a contract, legitimate interests, consent, and legal obligations.

Cookies and Similar Technologies

We and our service providers may use cookies, web beacons, and similar technologies to:

  • Remember your preferences and settings.
  • Help secure your sessions.
  • Understand how visitors use and navigate the Sites.
  • Support marketing and analytics activities.

You can manage cookies through your browser settings and, where applicable, through consent management tools presented on our Sites.

How We Share Information

We do not sell your personal information in the traditional sense, but we may share personal information with:

  • Service providers and vendors that perform services on our behalf, such as hosting, data storage, payment processing, analytics, customer support, and security tooling.
  • Integration and technology partners where you or your organization enable connections between our Services and third-party platforms, such as cloud email providers and endpoint tools.
  • Professional advisors, including lawyers, auditors, and consultants, as necessary for legitimate business purposes.
  • Affiliates under common ownership or control, consistent with this Policy.
  • Authorities and other parties when required to comply with law, respond to lawful requests, protect our rights or the safety of others, or investigate suspected misconduct.
  • Other third parties with your consent or at your direction, including when you request introductions or participate in testimonials or joint marketing activities.

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you, for example to illustrate threat trends or benchmark security outcomes.

International Data Transfers

Cyber Replay LLC is based in the United States, and personal information we collect may be transferred to and processed in the U.S. and other countries that may have different data protection laws than your home jurisdiction.

Where required, we implement appropriate safeguards for international transfers, which may include:

  • Standard Contractual Clauses or similar data transfer agreements.
  • Participation in recognized transfer frameworks or certifications, such as the EU-U.S. Data Privacy Framework and UK extension, as applicable.
  • Contractual commitments with service providers and partners to protect personal information.

By using our Services or providing information to us, you acknowledge that your information may be transferred to and processed in the United States and other jurisdictions in accordance with this Privacy Policy and applicable law.

Data Retention

We retain personal information for as long as reasonably necessary to:

  • Provide the Services and fulfill the purposes described in this Policy.
  • Support our cybersecurity, logging, and investigative obligations, including maintaining XDR and endpoint telemetry data for specified retention periods.
  • Comply with legal, regulatory, and audit requirements.
  • Resolve disputes and enforce our agreements.

Retention periods depend on the nature of the data, contractual commitments, customer instructions, and applicable law. We may retain aggregated or de-identified information for longer.

Security

We use appropriate technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, or alteration, including controls aligned with modern cybersecurity best practices. No security safeguards are perfect, and we cannot guarantee absolute security.

If we become aware of a data incident involving personal information, we will take reasonable steps to investigate and, where required by law, notify affected individuals or organizations and relevant authorities.

Your Privacy Rights

Depending on where you live and how you interact with us, you may have certain rights regarding your personal information, such as:

  • Access to your personal information.
  • Correction or update of inaccurate information.
  • Deletion of personal information, subject to lawful exceptions.
  • Restriction or objection to certain processing.
  • Data portability.
  • Opt-out of certain disclosures or targeted advertising, where applicable.

California Residents (CPRA/CCPA)

If you are a California resident acting as a consumer, you may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including:

  • The right to know what categories and specific pieces of personal information we collect, use, disclose, and, if applicable, "sell" or "share".
  • The right to request deletion of personal information, subject to certain exceptions.
  • The right to correct inaccurate personal information.
  • The right to limit the use and disclosure of certain sensitive personal information.
  • The right to opt-out of "sale" or "sharing" of personal information, if applicable.
  • The right not to be discriminated against for exercising privacy rights.

You or your authorized agent may exercise these rights by contacting us using the information in the Contact Us section below. We will verify your request consistent with applicable law.

EEA, UK, and Similar Jurisdictions

If you are located in the EEA, UK, Switzerland, or a jurisdiction with similar data protection laws, you may have rights under those laws, including:

  • To request access to, correction, or deletion of your personal data.
  • To object to or request restriction of certain processing.
  • To request data portability in a structured, commonly used format.
  • To withdraw consent where processing is based on consent, without affecting prior lawful processing.
  • To lodge a complaint with a supervisory authority in your country or region.

Children's Privacy

Our Services are not intended for children under 18, and we do not knowingly collect personal information from children under 18 without appropriate consent as required by law. If you believe a child has provided us personal information without proper consent, please contact us and we will take appropriate steps to delete such information as required.

Third-Party Sites and Services

Our Sites and communications may contain links to third-party websites, services, or applications. We are not responsible for the privacy or security practices of third parties, and this Policy does not apply to them. We encourage you to review their privacy policies before providing personal information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the Effective Date at the top and, where required by law, provide additional notice, such as by posting a prominent notice on our Sites or sending you a direct communication.

Your continued use of the Services after an updated Privacy Policy becomes effective means you accept the revised Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Cyber Replay LLC
Email: oliver@cyberreplay-team.com