Who We Are
Cybereinforce provides browser-native threat enforcement through Cybereinforce Threat Enforcement (CTE). The platform helps organisations block malicious URLs, enforce policies, and generate security events directly at the browser layer.
This Privacy Policy applies to data processed in connection with the CTE platform and related services. Depending on the context, Cybereinforce acts either as a data processor on behalf of enterprise customers or as a data controller for limited account and service administration data.
Data We Process
Cybereinforce is designed to process the minimum data necessary for threat enforcement, security logging, and administrative operation of the platform.
| Data type | Description | Classification |
|---|---|---|
| Admin email | Used for account access, service administration, and security-related communication. | Required |
| Device identifiers | Hostnames and internal device IDs used to associate policy enforcement and security events with enrolled endpoints. | Required |
| Blocked URL metadata | Domain, URL pattern, reason for block, and timestamp. This is used for threat visibility and audit trails. | Required |
| Security event logs | Structured audit and security events generated by the platform for monitoring, export, and investigation. | Required |
| Tenant configuration | Administrative settings, integration metadata, and platform configuration chosen by the customer. | Required |
| Integration tokens | Scoped credentials used for customer-approved integrations such as Microsoft Sentinel or Defender workflows. | Optional |
| Aggregate platform usage data | High-level, non-identifying service usage metrics used to improve platform operation and reliability. | Anonymised |
Legal Basis for Processing
Contractual necessity
Certain processing is required to provide the contracted service, including account access, policy enforcement, device association, and operational security logging.
Legitimate interests
Security monitoring, audit trails, and threat intelligence handling support the legitimate interest of protecting customer systems, users, and infrastructure.
Legal obligation
In some environments, security log retention and access controls may support regulatory, contractual, or compliance obligations.
Purpose of Processing
- Real-time threat prevention and URL blocking
- Security event monitoring and audit logging
- Policy enforcement and reporting
- Customer-approved SIEM and Defender integrations
- Incident investigation and operational troubleshooting
Data Sharing & Transfers
Cybereinforce does not sell or rent customer data. Data may be shared only where necessary to operate the service, support customer-requested integrations, or comply with law.
Customer-directed integrations
Customers may choose to export their own security events to systems such as Microsoft Sentinel or other SIEM tooling. These exports are initiated and controlled by the customer.
Infrastructure subprocessors
Limited subprocessors may be used for hosting and infrastructure operation under appropriate contractual and technical safeguards.
Where transfers outside the EEA apply, Cybereinforce uses appropriate safeguards such as Standard Contractual Clauses where required.
Data Retention
On termination of service, customer data may be deleted or returned according to contractual terms and customer instruction, subject to applicable legal retention requirements.
Security Measures
Encryption in transit and at rest
Data is protected using modern transport encryption and encrypted storage controls appropriate to the service design.
Role-based access
Access to customer data is restricted to authorised personnel with a legitimate operational need.
Auditability
Administrative and security actions are logged to support accountability, incident response, and compliance review.
Incident response
Cybereinforce maintains incident handling processes designed to investigate, contain, and notify affected parties where required.
Your Rights
Where Cybereinforce acts as a processor, requests should usually be directed first to the customer organisation acting as controller. Where Cybereinforce acts as controller, the following rights may apply:
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to object where processing relies on legitimate interests
Requests can be submitted using the contact details below. Cybereinforce aims to respond within 30 days where applicable.
Cookies & Tracking
Cybereinforce uses only the limited cookies or session mechanisms necessary to operate authenticated areas of the platform and maintain security controls.
| Item | Purpose | Type |
|---|---|---|
| Session cookie | Maintains authenticated admin sessions and secure request flow. | Necessary |
| CSRF protection | Helps prevent forged requests against authenticated platform actions. | Necessary |
| Preference storage | May retain basic display or locale preferences where enabled. | Functional |
Contact & Privacy Requests
For privacy questions, data subject requests, DPA requests, or subprocessor information, contact the Cybereinforce privacy team.