Privacy Policy

Last Updated: January 7, 2025

At HailBytes, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, including GoPhish Cloud and reNgine Cloud.

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide to us when you:

  • Register for an account
  • Contact us through forms or email
  • Subscribe to our newsletter
  • Request a demo or book a consultation
  • Deploy our products through AWS or Azure marketplaces

This may include: name, email address, company name, job title, phone number, billing information, and any other information you choose to provide.

1.2 Automatically Collected Information

When you access our website, we automatically collect certain information:

  • Usage Data: Pages visited, time spent, clicks, scrolling behavior
  • Device Information: Browser type, operating system, device type, screen resolution
  • Location Data: Approximate geographic location based on IP address
  • Cookies and Tracking: We use MixPanel analytics and may use cookies for analytics purposes

1.3 Product Usage Data

For self-hosted deployments of GoPhish Cloud and reNgine Cloud on your infrastructure, your application data remains entirely under your control. We do not have access to your phishing campaigns, reconnaissance data, scan results, or any data processed by the applications unless you explicitly share it with us for support purposes.

Analytics and Troubleshooting: Mixpanel analytics for troubleshooting and product improvement are only collected if you explicitly opt-in during your first use of the application. This opt-in is entirely voluntary and helps us improve the product. You can change your analytics preferences at any time within the application settings.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send order confirmations
  • Respond to your inquiries and provide customer support
  • Send product updates, security alerts, and administrative messages
  • Analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues or fraudulent activity
  • Comply with legal obligations and enforce our terms

3. Data Sharing and Disclosure

3.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf:

  • Analytics: MixPanel for usage analytics
  • Cloud Infrastructure: AWS and Microsoft Azure for hosting
  • Payment Processing: AWS Marketplace and Azure Marketplace billing systems
  • Email Services: For transactional and marketing communications

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests (subpoenas, court orders, government investigations) or to protect our rights, property, or safety.

3.3 Business Transfers

If HailBytes is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or a prominent notice on our website of any such change.

4. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA)
  • Monitoring: 24/7 security monitoring and logging
  • Compliance: SOC 2 and ISO 27001 framework-aligned practices
  • Regular Audits: Third-party security assessments and penetration testing

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. When you close your account or request deletion, we will delete or anonymize your data within 90 days, except where we must retain it for legal or legitimate business purposes.

6. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request transfer of your data to another service
  • Opt-Out: Unsubscribe from marketing emails (link provided in each email)
  • Cookie Management: Disable cookies through your browser settings
  • Do Not Track: We respect Do Not Track signals from browsers

To exercise these rights, contact us at privacy@hailbytes.com. We will respond within 30 days.

7. International Data Transfers

HailBytes operates globally. Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our services, you consent to the transfer of your information to the United States and other countries. For EU/UK users, we use Standard Contractual Clauses approved by the European Commission.

8. GDPR Compliance (EU/UK Users)

If you are in the European Union or United Kingdom, you have additional rights under GDPR:

  • Legal Basis: We process your data based on consent, contract performance, legal obligation, or legitimate interests
  • Data Protection Officer: Contact our DPO at dpo@hailbytes.com
  • Complaints: You have the right to lodge a complaint with your local supervisory authority
  • Data Minimization: We collect only the minimum data necessary for our purposes

9. CCPA Compliance (California Users)

California residents have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of data collection and sharing practices
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of the "sale" of personal information (we do not sell your data)
  • Non-Discrimination: We will not discriminate against you for exercising your rights

Contact us at privacy@hailbytes.com to exercise these rights.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us, and we will delete such information.

11. Third-Party Links

Our website may contain links to third-party websites (AWS Marketplace, Azure Marketplace, social media). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last Updated" date
  • Sending an email notification to registered users
  • Displaying a prominent notice on our website

Your continued use of our services after changes constitute acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Data Sovereignty Commitment

For self-hosted deployments, your data never leaves your infrastructure. You maintain complete control over where your data is stored, who has access, and how it is processed. This ensures compliance with data residency requirements and gives you maximum privacy and security.