UmbraSec logo

Privacy Policy

Effective date: 05 November 2025 · UmbraSec Security

1. Introduction

UmbraSec Security (“we”, “us”, or “our”) is a cybersecurity consulting and testing provider. We respect your privacy and are committed to protecting the confidentiality, integrity, and availability of information we process. This Privacy Policy explains how we collect, use, store, and disclose personal information in accordance with the Protection of Personal Information Act (POPIA) and other applicable laws.

2. Scope

This policy applies to all personal and project-related information processed by UmbraSec in the course of providing services, including website visitors, clients, contractors, and third parties. It covers both electronic and physical records and applies to all staff, contractors, and service providers acting on our behalf.

3. Information we collect

a. Client & contact information

  • Company name, contact person, business email, phone number, and billing details.
  • Signed agreements, NDAs, and authorization forms necessary for security testing.

b. Project & technical data

  • Scope-of-work data and system/network details supplied for authorized testing (IP addresses, domains, credentials explicitly provided).
  • Assessment logs, screenshots, and vulnerability findings — only collected with consent and stored securely.

c. Website & communication data

  • Data submitted via contact or enquiry forms (name, email, message).
  • Basic analytics such as IP address, browser type, and pages visited for service improvement and security monitoring.

4. How we use your information

  • Delivering cybersecurity services, tests, reports, and advisory work.
  • Communicating project updates, invoices, and administrative information.
  • Improving our services and maintaining operational security.
  • Complying with legal, regulatory, or contractual obligations.

We do not sell personal information. We only share data when:

  • Required by law or court order;
  • Necessary for service delivery (trusted vendors bound by confidentiality); or
  • Explicitly authorised by you.

5. POPIA compliance

UmbraSec adheres to the principles of the Protection of Personal Information Act (POPIA), including:

  1. Accountability: We take responsibility for lawful processing of personal information.
  2. Processing limitation: We collect only what is required for specified purposes.
  3. Purpose specification: We notify individuals of the reasons for data collection.
  4. Information quality: We take steps to ensure accuracy and completeness.
  5. Openness: We are transparent about data processing activities.
  6. Security safeguards: We apply appropriate security measures to protect data.
  7. Data subject participation: Individuals may access, correct, or request deletion of their data.

6. Data retention

We retain personal and project data only for as long as necessary to deliver services, meet legal requirements, or complete audits.

Data TypeRetention Guideline
Contact & billing detailsWhile client relationship exists + 3 years
Testing data & logs12 months
Final reportsUp to 5 years or as agreed contractually

7. Security measures

  • Encryption of data in transit and at rest where applicable.
  • Role-based access controls and least-privilege principles.
  • Regular security reviews and confidentiality training.
  • Secure data deletion when no longer required.

In the event of a data breach, we will take appropriate steps to investigate, mitigate, and notify affected individuals in accordance with POPIA.

8. Your rights

You have the right to:

  • Request access to your personal data;
  • Request correction of inaccurate information;
  • Request deletion or restriction of processing (subject to legal obligations);
  • Withdraw consent for processing at any time.

To exercise these rights, contact us at privacy@umbrasec.co.za. We may require proof of identity before processing such requests.

9. Third-party services

We may use third-party providers for hosting, email, or analytics. These providers are chosen based on their security posture and required to adhere to equivalent privacy standards. Examples include Zoho Mail, Cloudflare, and secure storage providers.

10. Updates to this policy

We may update this Privacy Policy periodically to reflect changes in law or operations. The most recent effective date appears at the top of this page.

11. Contact us

If you have privacy-related questions or wish to exercise your rights, contact:

Email: privacy@umbrasec.co.za