PRIVACY POLICY & TOU

This Privacy Policy statement is made by Kendracyber, Inc. ("Kendracyber", "we", "us" or "our") and was last revised on December 2023. Privacy CommitmentWe ask for only the least amount of information necessary, gathering only what we believe is essential for providing services to you. We let customers know the information we have on them and allow them to delete any information or cancel their account. But, by far, our biggest commitment is that we do not make a single dollar from advertising revenue—never have. This means we avoid the fundamental conflict of interest between gathering customer information and fueling advertising revenue, and the unavoidable compromises in customer privacy that it brings. The goal of this policy is to make explicit the information we gather on our customers and users, how we will use it, and how we will not. This policy is unfortunately longer than we would like, but we must unambiguously address all the relevant cases.We will try and keep the language simple and direct as much as possible.
BY ENTERING, ACCESSING OR USING OUR WEBSITES AND/OR BY PROVIDING INFORMATION TO US, YOU AGREE TO THE TERMS AND CONDITIONS OUTLINED IN THIS PRIVACY POLICY, INCLUDING TO THE COLLECTION AND PROCESSING OF YOUR INFORMATION. IF YOU DISAGREE ANY TERM PROVIDED HEREIN, YOU MAY NOT ACCESS OR USE OUR WEBSITES, AND YOU SHOULD NOT PROVIDE US WITH ANY INFORMATION. FOR AVOIDANCE OF DOUBT, YOU HEREBY CONSENT TO THE  PROCESSING, TRANSFER, AND USE OF YOUR INFORMATION. YOU ALSO ACKNOWLEDGE AND CONFIRM THAT YOU ARE NOT REQUIRED TO PROVIDE US WITH YOUR INFORMATION AND THAT SUCH INFORMATION IS VOLUNTARILY PROVIDED TO US.
Scope of this Privacy
Policy This Privacy Policy applies to the Kendracyber websites. It also applies to the products and services provided  through these websites and our mobile applications. This Privacy Policy does not apply to any of our websites, products, or services that have a separate privacy policy.

ThisPrivacyPolicy is divided into three parts:
Part I – Information we collect and control. This part deals with how Kendracyber collects and uses information about website visitors, potential customers, users of Kendracyber's products and services, and others who contact Kendracyber through forms or email addresses published on or linked to our websites. 

Part II – Information that Kendracyber processes on your behalf. This part deals with how Kendracyber handles data that you entrust to us when you use our products and services, or when you share any personal or confidential information with us while requesting customer support.

Part III – General. This part deals with topics that are relevant to both Part I and II and other general topics such as Kendracyber's security commitments and how we will inform you when we change this Privacy Policy.
Part I – Information Kendracyber collects and controls
What information Kendracyber collects
We collect information about you only if we need the information for some legitimate purpose. Kendracyber will have information about you only if (a) you have provided the information yourself, (b)Kendracyber has automatically collected the information, or (c) Kendracyber has obtained the information from a third party. Below we describe the various scenarios that fall under each of those three categories and the information collected in each one.
Information that you provideus
We collect information about you only if we need the information for some legitimate purpose. Kendracyber will have information about you only if (a) you have provided the information yourself, (b)Kendracyber has automatically collected the information, or (c) Kendracyber has obtained the information from a third party. Below we describe the various scenarios that fall under each of those three categories and the information collected in each one.
  1. Account signup: When you sign up for an account to access one or more of our services, we may ask for information like your name, contact number, email address, and country to complete the account signup process. You'll also be required to choose a unique username and a passwor for accessing the created account. You may also provide us with more information such as your photo, time zone and language, but we may not require that information to signup for an account.
  2. Event registrations and other form submissions: We have not run any “marketing event” or “social event” till date but if we decide to do so, then the information that you submit when you (i) register for any event, including webinars or seminars, (ii) subscribe to our newsletter or any other mailing list, (iii) submit a form in order t download any product, whitepaper, or other materials, (iv) participate in contests or respond to surveys, or (v) submit a form to request customer support or to contact Kendracyber for any other purpose.
  3. Testimonials: When you authorize us to post testimonials about our products and services on websites, we may include your name and other personal information in the testimonial. You will be allowed to review and approve the testimonial before we post it. If you wish to update or delete your testimonial, you can contact us at privacy-mail@Kendracyber.com
  4. Interactions with Kendracyber: We may record, analyze, and use your interactions with us, including email, telephone, and chat conversations with our sales and customer support professionals, for improving our interactions with you and other customers.
Information that we collectautomatically
  1. Information from browsers, devices and servers  When you visit our websites, we collect information that web browsers, mobile devices and servers make available, such as the internet protocol address, browser type, language preference, time zone, referring URL, date and time of access, operating system, mobile device manufacturer and mobile network information. We include these in our log files to understand more about visitors to our websites.
  2. Information from first-party cookies and tracking technologies : We use temporary and permanent cookies to identify users of our services and to enhance user experience. We embed unique identifiers in our downloadable products to track usage of the products.We also use cookies, beacons, tags, scripts, and other similar technologies to identify visitors, track website navigation, gather demographic information about visitors and users, understand email campaign effectiveness, and for targeted visitor and user engagement by tracking your activities on our websites. We may use third-party cookies or other third-party tracking technologies on our websites. We also use first-party Local Storage Objects (LSOs) such as HTML5 to store content information and preferences to provide certain features.
  3. Information from application logs and mobile analytics. We collect information about your use of our products, services, and mobile applications from application logs and in-house usage analytics tools, and use it to understand how your business use and needs can improve our products. This information includes clicks, scrolls, features accessed, access time and frequency, errors generated, performance data, storage utilized, user settings and configurations, and devices used to access and their locations.
Information that we collectfrom third parties
  1. Signups using federated authentication service providers : You can log in to Kendracyber Services using supported federated authentication service providers such as Microsoft and Google. These services will authenticate your identity and give you the option to share certain personal information with us, such as your name and email address.
  2. Referrals : If someone has referred any of our products or services to you through any of our referral programs, that person may have provided us your name,email address, and other personal information. You may contact us atprivacy-mail@Kendracyber.com to request that we remove your information from our database. If you provide us information about another person, or if another person gives us your information, we will only use that information for the specific reason for which it was provided to us.
  3. Information from social media sites and other publicly available sources : When youinteract or engage with us on social media sites such as Facebook, Twitter, Google+, and Instagram through posts, comments, questions, and other interactions, we may collect such publicly available information, including profile information, to allow us to connect with you, improve our products, or better understand user reactions and issues. We must tell you that once collected, this information may remain with us even if you delete it from the social media sites. Kendracybermay also adds and updates information about you, from other publicly available sources.
Purposes for usinginformation
In addition to the purposes mentioned above, we may use your information for the following purposes:
  • To communicate with you (such as through email) about products that you have downloaded and services that you have signed up for, changes to this Privacy Policy, changes to the Terms of Service, or important notices;
  • To provide customer support, and to analyze and improve our interactions with customers;
  • To detect and prevent fraudulent transactions and other illegal activities, to report spam, and to protect the rights and interests of Kendracyber, Kendracyber’s users, third parties and the public;
  • To update,expand and analyze our records, identify new customers, and provide products and services that may be of interest to you;
  • We may use and share non-identifiable information to improve our products and services, for statistical and research purposes, to enhance user experience and to keep our services safe and secure.
Legal bases for collecting and using information
Legal processing bases applicable to Kendracyber : If you are an individual from the European Economic Area (EEA), our legal basis for information collection and use depends on the personal information concerned and the context in which we collect it. Most of our information collection and processing activities are typically based on (i) contractual necessity, (ii) one or more legitimate interests of Kendracyber or a third party that are not overridden by your data protection interests, or (iii) your consent. Sometimes, we may be legally required to collect your information, or may need your personal information to protect your vital interests or those of another personWithdrawal of consent : Where we rely on your consent as the legal basis, you have the right to withdraw your consent at any time, but this will not affect any processing that has already taken place. Legitimate interests notice : Where we rely on legitimate interests as the legal basis and those legitimate interests are not specified above, we will clearly explain to you what those legitimate interests are at the time that we collect your information
Your choice in information use
Opt out of non-essential electronic communications : You may opt out of receiving newsletters and other non-essential messages by using the ‘unsubscribe’ function included in all such messages. However, you will continue to receive notices and essential transactional emails. Disable cookies : You can disable browser cookies before visiting our websites. However, if you do so, you may not be able to use certain features of the websites properly.Optional information : You can choose not to provide optional profile information such as your photo. You can also delete or change your optional profile information. You can always choose not to fill in non-mandatory fields when you submit any form linked to our websites.
Who we share your information with
The services provided by Kendracyber have access to the information covered in Part I. We do not sell any personal information. We share your information only for the purpose of providing our services to you in the ways that are described in this Privacy Policy, and only with parties who adopt appropriate confidentiality and security measures.Employees and independent contractors : Employees and independent contractors of Kendracyber have access to the information covered in Part I on a need-to-know basis. We require all employees and independent contractors of Kendracyber to follow this Privacy Policy for personal information that we share with them.Third-party service providers : we share information with our service providers only for the purpose of providing our services. Such service providers may be located in a country that does not have the same data protection laws as your jurisdiction. Other cases : Other scenarios in which we may share the same information covered under Parts I and II are described in Part III.
Your rights with respect to information we hold about you as a controller
Right to access : You have the right to access (and obtain a copy of, if required) to the categories of personal information that we hold about you, including the information's source, purpose and period of processing, and the persons with whom the information is shared.

Right to rectification : You have the right to update the information we hold about you or to rectify any inaccuracies. Based on the purpose for which we use your information, you can instruct us to add supplemental information about you in our database.

Right to erasure : You have the right to request that we delete your personal information at any time.

Right to restriction of processing : You may also have the right to request to restrict the use of your information in certain circumstances, such as when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
If you are in the European Economic Area (EEA), you have the following rights with respect to information that Kendracyber holds about you. Kendracyber undertakes to provide you the same rights no matter where you choose to live.

Right to data portability : You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format, in circumstances where the information is processed with your consent or by automated means.

Right to object : You have the right to object to the use of your information for any purpose.

Right to complain : You have the right to complain to the appropriate supervisory authority if you have any grievance against the way we collect, use or share your information. This right may not be available to you if there is no supervisory authority dealing with data protection in your country.
Retention of information
We retain your personal information for as long as it is required for the purposes stated in this Privacy Policy. Sometimes, we may retain your information for longer periods as permitted or required by law, such as to maintain suppression lists, prevent abuse, if required in connection with a legal claim or proceeding, to enforce our agreements, for tax, and accounting, or to comply with other legal obligations. When we no longer have a legitimate need to process your information, we will delete or anonymize your information from our active databases. We will also securely store the information and isolate it from further processing on backup discs until deletion is possible.

Part II – Information that Kendracyber processes on your behalf
Information entrusted to Kendracyber and purpose
Information provided in connection with services : You may entrust information that you or your organization (“you”) control, toKendracyber in connection with the use of our services or for requesting technical support for our products. By way of example, you may upload your security policies to our service. This includes information regarding your customers and your employees (if you are a controller) or data that you hold and use on behalf of another person for a specific purpose, such as a customer to whom you provide services (if you are a processor). The data may either be stored on our servers when you use our services, or transferred or shared with us as part of a request for technical support or other services.

Information from mobile devices  When you elect to allow it, some of our mobile applications may have access to the camera, call history, contact information, photo library, and other information stored on your mobile device. Our applications may require such access to provide their services. Similarly, when you elect to provide access, location-based information may also be collected for purposes including, but not limited to, locating nearby contacts or setting location-based reminders. This information will be exclusively shared with our mapping providers and will be used only for mapping user locations. You may disable the mobile applications' access to this information at any time by editing the settings on your mobile device.The data stored on your mobile device and their location information to which the mobile applications have access will be used in the context of the mobile application and transferred to and associated with your account in the corresponding services (in which case the data will be stored on our servers) or products (in which case the data will remain with you unless you share it with us).

Information from Authorized Access to Gmail or Microsoft Email: When you elect to allow it, Kendracyber may request optional authorization to Gmail or Microsoft Mail using OAUTH2 Access. The use of information received from Gmail APIs will adhere to Google's Limited UseRequirements. The use of information received from Microsoft APIs will adhere to Microsoft's Limited Use Requirements. As this is a voluntary integration you may disable Kendracyber's access to Gmail or Microsoft Email any time.

(All the information entrusted to Kendracyber is collectively termed“service data”)
Ownership and control of your service data
We recognize that you own your service data. We provide you complete control of your service data by providing you the ability to (i)access your service data, (ii) share your service data through supported third-party integrations, and (iii) request export or deletion of your service data.
How we use servicedata
We process your service data when you provide us instructions through the various modules of our services. For example, when you request our service to complete a security questionnaire, information from security policies that you uploaded to our service will be used.
Generative AI
We use generative AI services, such as OpenAI, in order to provide our services. We do not use yoeur service data to train AI models. Your service data is used by us only to provide and improve the services provided to you. The generative AI services we use may retain and use your service data according to their terms of use and privacy policy.

GenerativeAI services use experimental and evolving technology, may provide incomplete, inaccurate incorrect output, and are not designed for or intended to be used to meet regulatory, legal, or other obligations. You should evaluate the accuracy of any output as appropriate for your use case, including by using a human review of the output.
Push notifications
If you have enabled notification on our desktop and mobile applications, we will push notifications through a push notification provider such as Apple Push Notification Service, Google Cloud Messaging or Windows Push Notification Services. You can manage your push notification preferences or deactivate these notifications by turning off notifications in the application or device settings.
Who we share servicedata with
Employees and independent contractors : We may provide access to your service data to our employees and individuals who are independent contractors of Kendracyber involved in providing the services(collectively our “employees”). We ensure that access by our employees to your service data is restricted to specific individuals, and is logged and audited. Our employees will also have access to data that you knowingly share with us for technical support or to import data into our products or services. We communicate our privacy and security guidelines to our employees and strictly enforce privacy safeguards within Kendracyber.

Collaborators and other users  Some of our products or services may allow you to collaborate with other users or third parties. Initiating collaboration may enable other collaborators to view some or all of your profile information. For example, when you edit a document that you have shared with other persons for collaboration, your name and profile picture will be displayed next to your edits to allow your collaborators to know that you made those edits.

Third-party integrations you have enabled  Some of our products and services may support integrations with third-party products and services. If you choose to enable any third-party integrations, you may be allowing the third party to access your service information and personal information. We encourage you to review the privacy practices of the third-party services and products before you enable integrations with them.

Other cases  Other scenarios in which we may share information that are common to information covered under Parts I and II are described in Part III.
Retention of information
We hold the data in your account as long as you choose touse Kendracyber Services. Once you terminate your Kendracyber user account, your data will eventually get deleted from active database during the next clean-up that occurs once in 6 months. The data deleted from active database will be deleted from backups after 3 months.
Data subject requests
If you are from the European Economic Area and you believe that we store, use, or process your information on behalf of one of our customers, please contact the customer if you would like to access, rectify, erase, restrict, or object to processing, or export your persona data. We will extend our support to our customers in responding to your request within a reasonable timeframe.
Part III – General
Children’s personal information
Our products and services are not directed to individuals under 16. Kendracyber does not knowingly collect personal information from children who are under 16 years of age. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you believe that a child under 16 years has provided personal information to us, please write to privacy-mail@Kendracyber.com with the details, and we will take the necessary steps to delete the information we hold about that child.
Data Protection Officer
We have appointed a Data Protection Officer to oversee our management of your personal information in accordance with this Privacy Policy. If you have any questions or concerns about our privacy practices with respect to your personal information, you can reach out to our Data Protection Officer by sending an email to dpo@Kendracyber.com or by writing to: Data Protection Officer, Kendracyber,3183 Raleigh Ct, Fremont CA 94555.
Locations and international transfers
We share your personal information and service datawithin Kendracyber. We do not have Idata withternational offices and we are located in the USA at one location (Fremont, CA). By accessing or using our products and services or otherwise providing personal information or service data to us, you consent to the processing, transfer, and storage of your personal information or service data within the United States of America, the European Economic Area (EEA) and other countries where Kendracyber operates.
Data processing addendum
To enable you to be compliant with the data protection obligations under the General Data Protection Regulation, we are prepared to sign a Data Processing Addendum (DPA) that is based on Standard Contractual Clauses. You can request a DPA from Kendracyber by writing to privacy-mail@Kendracyber.com. Once we get your request, we'll forward the DPA to you for your signature.
External links on our websites
Some pages of our websites may contain links to websites that are not linked to this Privacy Policy. If you submit your personal information to any of these third-party sites, your personal information is governed by their privacy policies. As a safety measure, we recommend that you not share any personal information with these third parties unless you've checked their privacy policies and assured yourself of their privacy practices.
Blogs and forums
We may offer publicly accessible blogs and forums on our websites. Please be aware that any information you provide on these blogs and forums may be used to contact you with unsolicited messages. We urge you to be cautious in disclosing personal information in our blogs and forums. Kendracyber is not responsible for the personal information you elect to disclose publicly. Your posts and certain profile information may remain even after you terminate your account with Kendracyber. To request the removal of your information from our blogs and forums, you can contact us at privacy-mail@Kendracyber.com
Social media widgets
Our websites include social media widgets such as Facebook "like" buttons and Twitter "tweet" buttons that let you share articles and other information. These widgets may collect information such as your IP address and the pages you navigate on the website, and may set a cookie to enable the widget to function properly. Your interactions with these widgets are governed by the privacy policies of the companies providing them.
Disclosures in compliance with legal obligations
We may be required by law to preserve or disclose yourpersonal information and service data to complywith any applicable law, regulation, legalprocess or governmental request, including to meet national security requirements.
Enforcement of our rights
We may disclose personal information and service data to a third party if we believe that such disclosure is necessary for preventing fraud, investigating any suspected illegal activity, enforcing ouragreements or policies, or protecting the safety of our users.
Business Transfers
In the event that we sell our business or get acquired or merged, we will ensure that the acquiring entity is legally bound to honor our commitments to you. We will notify yo via email or through a prominent notice on our website of any change in control or in the use of your personal information and service data. We will also notify you about any choices you may have regarding your personal information and service data.
Security
We take reasonable measures to maintain the security and integrity of our websites and prevent unauthorized access to them or use thereof through generally accepted industry standard technologies and internal procedures. Your information and service data are hosted on third parties’ servers, which provide advanced strict security standards (both physical and logical). Please note, however, that there are inherent risks in the transmission of informationover the Internet or other methods of electronic storage and we cannot guarantee that unauthorized access or use will never occur. KENDRACYBER SHALL NOT BE RESPONSIBLE OR LIABLE FOR UNAUTHORIZED ACCESS, HACKING, OR OTHER SECURITY INTRUSIONS OR FAILURE TO STORE OR THE THEFT, DELETION, CORRUPTION, DESTRUCTION, DAMAGE, OR LOSS OF ANY DATA OR INFORMATION.    
Compliance with this Privacy Policy
We make every effort, including periodic reviews, toensure that personal information you provide is used in conformity with thisPrivacy Policy. If you have any concerns about our adherence to this PrivacyPolicy or the manner in which your personal information is used, kindlywrite to us privacy-mail@Kendracyber.com.
Notification of changes
We may modify the Privacy Policy at any time, uponnotifying you through a service announcementor by sending an emailto your primaryemail address. If we make significantchanges to the Privacy Policy that affect your rights, you will be providedwith at least 30 days' advance notice of the changes by email to your primaryemail address or by a service announcement. If you think that the updatedPrivacy Policy affects your rights with respect to your use of our products orservices, you may terminate your use by sending us an email within 30 days.Your continued use after the effective date of changes to the Privacy Policywill be deemed to be your agreement to the modified Privacy Policy. You willnot receive email notification of minor changes to the Privacy Policy. If youare concerned about how your personal information is used, you should checkback at https://Kendracyber.com/privacy-policy periodically.