Privacy Policy

We only collect personal information you choose to provide through our forms and tools. This includes:

• Your name
• Your email address
• Your phone number
• Company name (for business enquiries)
• Any message you write to us
• Security assessment responses (when you use our cyber quiz)

We collect information through the following methods:

• Contact forms powered by Web3Forms (secure form submission service)
• Security assessment quiz and embedded forms
• Privacy-first page analytics using Plausible Analytics (no cookies, no personal tracking)
• Google Analytics on select pages (quiz page) for conversion tracking
• Google reCAPTCHA to protect against spam and abuse
• Browser localStorage for saving tool preferences (password generator settings, privacy guide progress)

• To contact you if you request support or cybersecurity services
• To provide personalized security assessments and recommendations
• To follow up on breach response or incident support requests
• To monitor site performance and improve user experience through anonymous analytics
• To prevent spam, abuse, and automated attacks on our forms
• To comply with legal obligations and maintain service records

Breach alerts (HackCheck)

If you submit your email address through HackCheck's breach-alert sign-up form, we store the address so we can email you when your email appears in a new data breach. We keep an opt-in record (date, IP, and browser user-agent) as proof of your consent, in line with POPIA. You can unsubscribe at any time using the link in any alert email or by emailing [email protected]. We do not sell or share this address with anyone.

HackCheck scan records

When you run a scan at ubuntuguard.co.za/hackcheck, we keep a copy of the scan so our team can help you if you reply asking for support. Each record contains:

• The email address you scanned
• The full scan result, including which data breaches the email appears in, any paste-site exposure, info-stealer detections, reputation flags, and the recommendations we showed you on screen
• The IP address that submitted the scan
• The browser user-agent string

These records are only visible to authorised Ubuntu Guard staff who have signed in through Cloudflare Access, our Zero Trust gateway. The admin dashboard is not reachable from the public internet.

We delete each scan record in full 90 days after the scan date. Anonymous counters, such as total scans run and the overall spread of risk scores, fall outside that 90-day rule. Those are aggregate numbers with no personal information attached and we use them to understand how the tool is being used.

Our lawful basis under POPIA is legitimate interest. The purpose is narrow: helping you understand and act on your own exposure to data breaches. If you also subscribe to breach alerts, that is a separate, consent-based service described in the section above.

You can ask us to delete your scan record before the 90 days are up. Reply to any message from us, email [email protected], or send a WhatsApp to +27 79 159 5040. We identify your record by the email address that was scanned, so please send your request from that address or quote it in your message.

We use the following trusted third-party tools. Each has been selected for privacy compliance and security:

Important: Google Analytics and Google reCAPTCHA are Google services subject to Google's Privacy Policy. By using our website, you consent to Google processing your data as described in their privacy policy.

Plausible Analytics does not use cookies and does not collect personal data. It's GDPR, CCPA, and PECR compliant.

Our website uses minimal cookies and browser storage:

• Essential: No authentication cookies (we don't have user accounts)
• Analytics: Google Analytics cookies on quiz page (used for conversion tracking)
• Anti-spam: Google reCAPTCHA may set cookies to verify you're human
• Local Storage: We store tool preferences locally in your browser (e.g., password generator settings, guide progress). This data never leaves your device.

For detailed information about cookies, see our Cookie Policy.

We may share your information only in these limited circumstances:

• With service providers who help us operate our website (Web3Forms, hosting providers) under strict confidentiality agreements
• When required by South African law or legal process
• To protect our rights, property, or safety, or that of our users
• With your explicit consent for a specific purpose

As a cybersecurity company, we take data protection seriously:

• All form submissions are encrypted in transit using HTTPS/TLS
• Backend services use secure, encrypted storage with access controls
• Access to data is limited to authorized team members only on a need-to-know basis
• We follow industry best practices for cybersecurity and data protection
• Regular security audits and updates to protect against vulnerabilities
• Data minimization - we only collect what we actually need

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:

• Contact form submissions: Retained for up to 2 years for service delivery and record-keeping
• Service records: Retained for 5 years in accordance with South African business record requirements
• Analytics data: Anonymous analytics retained for up to 2 years
• Quiz responses: Retained for up to 1 year unless you request deletion

You may request deletion of your data at any time (see Your Rights section).

Some of our service providers (Google, Cloudflare) operate globally and may process your data outside of South Africa. We ensure that:

• Providers comply with international data protection standards
• Appropriate safeguards are in place for cross-border transfers
• Data is processed in accordance with POPIA requirements

Our services are not directed at children under 18. We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we will delete such information.

As a South African business, we comply with the Protection of Personal Information Act (POPIA). You have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Objection: Object to processing of your personal information for certain purposes
• Restriction: Request restriction of processing in certain circumstances
• Portability: Request transfer of your data to another service provider

To exercise any of these rights, contact our Information Officer at [email protected]

We will respond within 30 days as required by POPIA.

In the unlikely event of a data breach that compromises your personal information, we will:

• Notify affected individuals within 72 hours of discovering the breach
• Report the breach to the Information Regulator as required by POPIA
• Provide clear information about the breach and steps we're taking
• Advise you on protective measures you can take

For any privacy-related questions, requests, or concerns:

This policy may be updated from time to time to reflect changes in our practices or legal requirements. Any changes will appear here with a new "Last updated" date.

Significant changes will be communicated via email to users who have contacted us or through a notice on our homepage.