Privacy Policy

1. Introduction

Arceo Labs, Inc., doing business as Resilience, including its subsidiaries and affiliates (collectively, the “Company” or “Resilience” or “we”) respects your privacy and is committed to protecting it through compliance with this policy. 

This policy describes the types of information we may collect from you or that you may provide when you visit this website and other websites operated or controlled by Resilience, including www.cyberresilience.com and portal.cyberresilience.com (collectively, the “Website”), including any content, functionality, and services offered on or through  the Website, as well as any other media channel, mobile browser accessible website or mobile application related, linked, or otherwise connected thereto. 

Reference to “you” or “your” in this policy shall mean you, your authorized representatives, and any entity you may represent in connection with your use of the Website.

To deliver and operate our Website, including portal.cyberresilience.com (the “Platform”), applications, and related products and services (collectively, the “Solutions”), we collect, use, store, share, and otherwise handle personal information about individuals who access, use, or register for the Solutions. 

If you have a separate, written agreement with the Company regarding your use of the Website, that agreement will govern to the extent it conflicts with or addresses the same subject matter as this Privacy Policy.  In all other respects, this Privacy Policy will apply.

This policy applies to information we collect:

• Through the Website
• In email, text, and other electronic messages between you and the Website
• When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy
• Through automated technologies, such as cookies, pixels and analytics tools that collect information about user interactions with the Website
• Through any other means in connection with your interactions with the Website
• Via third parties or publicly available information 

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this privacy policy. The Website and Solutions are not intended for individuals who have not reached the age of majority under the laws of their jurisdiction of residence and Resilience does not knowingly collect personal information from these individuals.  This policy may change from time to time.  Your continued use of this Website after we make changes is deemed to be acceptance of those changes.

2. Information We Collect About You and How We Collect It

We collect several types of information from and about users of our Website, whether provided by you or collected by automatic means, including:

• Information by which you may be personally identified, such as name, position/job title, professional email address, organization name, organization website(s)/domain names(s), usernames, phone number, and any other identifier by which you may be contacted;

• Information about your internet connection, the equipment you use to access the Website, and usage details, such as IP addresses, device type, operating system, geographic location (country only), ISP, referring URL and domain, and Website pages visited;
• Information regarding your use and navigation the Website, including information reflecting your activity and other actions taken while using the Website;
• The information contained in our Cookie Policy;
• Any communications between you and Resilience made through the Website;
• For users of the Portal, Resilience may collect additional information, such as publicly available information obtained via scans of the internet, public databases, publicly available social media information, and controls/permissions in explicitly authorized account scans.  For purposes of Resilience’s scans, the information obtained may be related to any individuals and is not limited to Website or Portal users;
• Any content, files, or information that you create, upload, share, communicate to, or receive from Resilience when using the Website 

1. Additional Information for Users in Europe and the UK 

If you are located in the EEA, Switzerland, or UK, we process your personal information when we have a valid legal basis, as required under applicable law.  The appropriate legal basis will depend on the type of personal information involved and the specific context in which we collect it.  We typically process personal information:

• With your consent;
• Where the processing is necessary to perform a contract with you;
• Where it is necessary for our legitimate interests and those interests are not overridden by your data protection interests or fundamental rights and freedoms; or
• To comply with a legal obligation

3. Cookie Policy

Our Cookie Policy explains what cookies are and how we use them, the types of cookies and similar technologies that we use, how that information is used, and how to manage your cookie settings.  

4. How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information:

• To present our Website and its contents to you
• To provide the Solutions
• To activate, maintain, and service your account
• To identify and authenticate your access to the parts of the Website that you are authorized to access
• To provide you with information, products, or services that you request from us and respond to any of your inquiries
• To establish and verify your identity
• Where applicable, to provide you with notices about your account, including expiration and renewal notices
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection
• To notify you about changes to our Website or any products or services we offer or provide though it
• To improve the Website or Solutions
• In any other way we may describe when you provide the information
• To allow you to participate in interactive features on our Website
• To sell, market, provide, and improve our products and services in accordance with applicable law.  You may opt out of promotional emails at any time by following the unsubscribe instructions included at the bottom of each promotional email
• To personalize your experience on the Website
• To comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities as permitted by applicable law
• To evaluate and respond to applications submitted for job openings listed on our Website or other platforms, and to maintain communication with applicants and candidates throughout the recruitment process.
• For any other purpose with your consent

5. Third-Party Features Used in Connection with the Website

Our Website, including the Portal, may support integrations with third-party services that clients choose to connect for purposes such as authentication, data analysis, communication, or security monitoring. These integrations are initiated and managed by the client and may involve the exchange of data between the Website and the third-party service. Any data shared in connection with these integrations is subject to the applicable third party’s terms and privacy policy.

6. Disclosure of Your Information 

We may disclose aggregated information about Website  users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect or you provide as described in this privacy policy:

• To our subsidiaries and affiliates
• To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Resilience’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Resilience about our Website users is among the assets transferred
• To fulfill the purpose for which you provide it 
• For any other purpose disclosed by us when you provide the information
• With your consent

We may also disclose your personal information:

• To comply with any court order, law, or legal process, including to respond to any government or regulatory request;
• To enforce or apply our Terms and Conditions and other contractual agreements, including for billing and collection purposes
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Resilience, our customers, or others.  

7. Data Security

We have implemented measures designed to protect your personal information from accidental loss, as well as from unauthorized access, use, alteration, and disclosure. While we take every precaution to secure your data, the safety of your information also depends on actions you take. If we have provided you with (or you have chosen) a password to access certain parts of our Website, it is important that you keep this password confidential to help ensure the security of your account.

Please note that while we strive to protect your personal information, no method of transmission over the internet is completely secure. Although we are committed to safeguarding your data, we cannot guarantee the security of information transmitted to our Website. Any transmission of personal information is done at your own risk. We are not responsible for any unauthorized access resulting from a failure to keep your account credentials secure or from circumvention of any security measures in place on the Website.

8. How Long Does Resilience Keep Your Information? 

We will not keep personal data for longer than necessary for the purpose for which it is processed, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). 

If you are, or have previously been, a customer of Resilience, then we may continue to hold and process your information for the purpose of continuing to carry out our obligations in connection with that relationship.  We will continue to retain and process your information for the duration of the relationship and for a reasonable period of time afterwards in accordance with Resilience’s Document and Record Retention Policy and as required by applicable law.  When we no longer have ongoing legitimate business needs to process your personal information, we will either delete or anonymize such information, or if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.  

9. Your Privacy Rights and Choices

Depending on your state of residence in the United States or in some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information.

1. In the United Kingdom and European Economic Area

In the EEA, Switzerland, and UK you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section “How to Contact us About this Notice” below.  

We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA, Switzerland, or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.  If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner. 

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section “How to Contact us About this Notice” below. 

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

2. In Canada

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), residents of Canada have the right to access, correct, and request the deletion of their personal information. To exercise any of these rights please contact us by using the contact details provided in the section “How to Contact us About this Notice” below.  Additionally, if you have concerns about how your personal information is handled, you may file a complaint with the Office of the Privacy Commissioner of Canada.  We will consider and act upon any request in accordance with applicable data protection laws.

3. In the United States

California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents with rights to:

• Confirm whether we process their personal information.
• Access and delete certain personal information.
• Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose (excluding Iowa and Utah).
• Data portability.
• Opt-out of personal data processing for:
  • targeted advertising (excluding Iowa);
  • sales; or
  • profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
• Either limit (opt-out of) or require consent to process sensitive personal data.

The exact scope of these rights may vary by state. To exercise any of these rights please contact us by using the contact details provided in the section “How to Contact us About this Notice” below.   We may request specific information to verify your identity and respond to your request in accordance with applicable law.

In some cases, we may need additional time to respond to your request, and we will notify you of any delays.

4. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information. These include the right to:

• Know the categories of personal information we collect, the purposes for which we use it, and the categories of third parties with whom we share it.  This information can be found in the following sections of this Privacy Policy: “Information We Collect About You and How We Collect It”, “How We Use Your Information”, and “Disclosure of your Information.
• Access the personal information we have collected about you;
• Delete personal information, subject to certain exceptions;
• Correct inaccuracies in your personal information;
• Opt out of the “sale” or “sharing” of your personal information;
• Limit the use and disclosure of your sensitive personal information, if applicable;
• Not be discriminated against for exercising any of these rights.

Use of Sensitive Personal Information

The right to limit the use of sensitive personal information means that you have the right to direct businesses to only use your sensitive personal information for limited purposes. We only collect sensitive personal information (such as your payment information), as defined by applicable laws for the purposes allowed by law or with your consent. We do not collect or process sensitive personal information for the purpose of inferring characteristics about you.  You may request to limit any additional uses by contacting us by using the contact details provided in the section “How to Contact us About this Notice” below.  

Opting Out of the Sale or Sharing of Personal Information/Global Privacy Control (GPC)

Resilience does not sell your personal information in exchange for money, but some of our website tracking may qualify as “selling” or “sharing” under California law.  You have the right to opt out of the sale or sharing of personal information and may do so through certain browser enabled opt-out preference signals, such as Global Privacy Control (GPC).  Our Website is designed to recognize and honor GPC signals. If your browser or device sends a GPC signal, we treat it as a valid request to opt out of the sale or sharing of your personal information.

Submitting a Request

To exercise your California privacy rights, you may contact us using the details in the “How to Contact Us About This Notice” section below. You may also designate an authorized agent to make a request on your behalf. We may need to verify your identity before processing your request and will respond within the timeframes required by law.

10. International Data Transfer

As a global company, Resilience may transfer or share your information across borders for the purposes outlined in this privacy policy. We may transfer your information internationally to our group companies, service providers, business partners, or governmental and public authorities.

By using our website, you acknowledge and consent to the collection, use, processing, disclosure, and transfer of your information to the United States and other countries or territories, which may not provide the same level of data protection as your country of residence.

We take appropriate steps to ensure that your data is transferred securely, with adequate safeguards in place to protect it. For transfers outside of the UK and the European Economic Area (EEA), we will exercise due diligence in selecting recipients and ensure they comply with applicable data privacy laws. We will also implement contractual measures to ensure that recipients adopt the necessary organizational and technical security measures to safeguard personal data, process it only in accordance with our instructions, and not for any other purposes.

11. Changes to our Privacy Policy

Resilience may update this Privacy Policy at any time to reflect changes to our information practices. If we make significant changes in how we use your personal information, we will notify you by email if feasible or by means of a notice on this website. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.

12.  How to Contact us About this Notice

If you have any questions about this Privacy Policy or our privacy practices, please contact us at: privacy@cyberresilience.com