Cynet Privacy Policy
Last Updated: September 14, 2025
This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website. This policy describes the scope of PII collection in respect of using Cynet services, website (the “Services“). By using our Services, you acknowledge that you have reviewed both our Terms and Conditions and this Privacy Policy and agree to be bound by them. Please be aware that this Privacy Policy does not apply to the practices of any third parties to whom Cynet may disclose PII pursuant to the terms of this Privacy Policy.
1. WHEN DO WE COLLECT INFORMATION?
- When you browse or visit our website, https://www.cynet.com/ (“Website”);
- When you make use of or interact with our Website:
- When you request a free trial or watch a product demo
- When you subscribe to our email list / newsletters / blog
- When you contact us (e.g. customer support, help, submit a request)
- When you interact with our live agent or book a meeting
- When you make use of our App (Cynet Authenticator software application):
- When you create or access your account.
- When you use the App
- When you attend a marketing event and provide us with your PII
- When you exchange business cards with us
- When we process your job application
- When we use the PII of our resellers, distributors, agents and/or finders (e.g. contact details)
- When we use the PII of our service providers (e.g. contact details)
- When we use the PII of our customers (e.g. contact details)
- When you interact with us on our social media profiles (e.g., Facebook, LinkedIn, Instagram, X (Twitter))
2. WHAT INFORMATION WE COLLECT, WHY WE COLLECT IT, AND HOW IT IS USED
When you browse or visit our Website
PII we collect: Cookies, analytic tools, and log files
Why we collect it:
- Review or improve the usage and operations of our Website
- Analyze trends
- Administer the Website
- Track users’ movement around the Website
- Gather demographic information
Legal basis: Consent; Legitimate interest (e.g., essential cookies)
Third parties: Google Analytics, Facebook, ServiceBell, Microsoft
Consequences of not providing: Cannot collect and store the information; Cannot use or access some parts of the Website
When you make use of, or interact with our Website
Requesting a free trial or watching a demo
PII we collect: Email address
Why we collect it: To provide you with the Services
Legal basis: Legitimate interest (e.g., to provide you with the Services)
Third parties: APIHub, Inc. dba Clearbit; HubSpot, Inc.
Consequences of not providing: Cannot provide you with the Services
Subscribing to email lists / newsletters / blog
PII we collect: Email address
Why we collect it:
- To add you to our mailing list
- To send newsletters or other marketing communications
Legal basis: Consent; Legitimate interest (to send marketing communications)
Third parties: APIHub, Inc. dba Clearbit; HubSpot, Inc.
Consequences of not providing: Cannot add you to our mailing list; Cannot send you marketing communications
Contacting us (e.g., customer support, help, submitting a request)
PII we collect: Email address; Any other information you decide to provide
Why we collect it:
- To process and answer questions
- To provide support (e.g., to solve problems, bugs, or issues)
Legal basis: Contract necessity; Legitimate interest (e.g., respond to your request)
Third parties: APIHub, Inc. dba Clearbit; HubSpot, Inc.
Consequences of not providing: Cannot process and answer questions; Cannot provide support
Interacting with our live agent or booking a meeting
PII we collect: Full name, Email, Phone number, Country, Company name, Any other information you decide to provide
Why we collect it: To schedule and conduct a meeting for future engagement
Legal basis: Contract necessity; Legitimate interest (e.g., respond to your request)
Third parties: APIHub, Inc. dba Clearbit; HubSpot, Inc.; Calendly
Consequences of not providing: Cannot schedule or conduct a meeting
When you make use of our Platform
Creating or accessing your account
PII we collect: Full name, Email, Phone number
Why we collect it:
- To provide you with the Platform
- To verify your identity
Legal basis: Contract necessity; Legitimate interest (e.g., to allow access to the Platform)
Third parties: Google Analytics; Microsoft (SSO); Google (SSO)
Consequences of not providing: Cannot access the Platform; Cannot provide the Platform; Cannot verify identity
Using the Platform
PII we collect: Screen requests, Device information (IP address), User information (email), File information (path name), Organizational information (e.g., org units), Network information (firewall sessions), Activity information (Windows events)
Why we collect it:
- To provide you with the Platform
- To perform fraud detection
Legal basis: Contract necessity; Legitimate interest (e.g., to provide the Platform)
Third parties: Google Analytics; Microsoft (SSO); Google (SSO); Elevio (announcement dialogs in console)
Consequences of not providing: Cannot provide the Platform; Cannot perform fraud detection
When you make use of our App
Creating or accessing your account
PII we collect: Mobile phone number
Why we collect it:
- To create your account on the App
- To provide you with the App
Legal basis: Contract necessity; Legitimate interest (e.g., to create your account)
Third parties: Coralogix Ltd.; AWS
Consequences of not providing: Cannot create account; Cannot provide the App
Using the App
PII we collect: Information on installed apps on your device; Device location
Why we collect it:
- To provide you with the App
- To view your overall mobile security posture
Legal basis: Contract necessity; Legitimate interest (e.g., to provide the App)
Third parties: Coralogix Ltd.; AWS
Consequences of not providing: Cannot provide the App
When you attend a marketing event and provide PII
PII we collect: Full name, Email, Phone number, Corporate position, Any other information you decide to provide
Why we collect it:
- To establish a business connection
- To send marketing communications
Legal basis: Legitimate interest (B2B marketing) or consent
Third parties: HubSpot (CRM)
Consequences of not providing: Cannot establish a business connection; Cannot send marketing communications
When you exchange business cards with us
PII we collect: Full name, Email, Phone number, Corporate position, Any other information you decide to provide
Why we collect it:
- To establish a business connection
- To send marketing communications
Legal basis: Legitimate interest (B2B marketing) or consent
Third parties: HubSpot (CRM)
Consequences of not providing: Cannot establish a business connection; Cannot send marketing communications
When we process your job application
PII we collect: Full name, Email, Country, Phone number, CV, Any other information you decide to provide
Why we collect it: To assess you as a candidate
Legal basis: Contract necessity; Legitimate interest (e.g., to assess you)
Third parties: N/A
Consequences of not providing: Cannot assess you as a candidate
When we use the PII of our resellers, distributors, agents, and/or finders
PII we collect: Full name, Email, Phone number, Company name, Job position, Any other information you decide to provide
Why we collect it:
- To contact resellers/distributors/agents/finders
- To perform/execute the agreement
Legal basis: Contract necessity; Legitimate interest (e.g., send related communications)
Third parties: Salesforce, Outreach, HubSpot, Impartner, Netsuite
Consequences of not providing: Cannot contact resellers/distributors/agents/finders; Cannot execute the agreement
When we use the PII of our service providers and suppliers
PII we collect: Full name, Email, Phone number, Company name, Job position, Any other information you decide to provide
Why we collect it:
- To contact service providers and suppliers
- To perform/execute the agreement with them
Legal basis: Contract necessity; Legitimate interest (e.g., contract communications)
Third parties: Netsuite
Consequences of not providing: Cannot contact service providers and suppliers; Cannot execute the agreement
When we use the PII of our customers
PII we collect: Full name, Email, Phone number, Company name, Job position, Any other information you decide to provide
Why we collect it:
- To provide our Services
- To perform the customer agreement
- To communicate with customers
Legal basis: Contract necessity; Legitimate interest (e.g., to provide Services); Legal obligations (e.g., tax/bookkeeping laws)
Third parties: Salesforce, Outreach, HubSpot, Netsuite
Consequences of not providing: Cannot provide Services; Cannot perform agreement; Cannot communicate with customers
When you interact with us on our social media profiles
PII we collect: Full name, Email, Phone number, Company name, Job position, Any other information you decide to provide
Why we collect it: To answer your questions
Legal basis: Legitimate interest or consent (depending on context)
Third parties: Facebook, Instagram, Twitter, LinkedIn (social media channels); HubSpot (CRM)
Consequences of not providing: Cannot answer your questions
3. WHY IS THE PII COLLECTED AND FOR WHAT PURPOSES?
Depending on which features of Cynet’s Services you use, we collect different kinds of information (including PII) about or from you. This PII is necessary for the performance of our contractual obligations towards you and providing you with our Services, to protect our legitimate interests, as well as for compliance with regulatory obligations to which we are subject. If this information will not be provided, you may not be able to use our Services (such as opening a Cynet account), or certain features of our Services. In certain instances, we will obtain your consent to the collection of your PII, as appropriate (in which case, you can revoke your consent at any time by approaching us).
Please note that some of the abovementioned PII will be used for detecting, taking steps to prevent, and prosecution of fraud or other illegal activity, to identify and repair errors, to conduct audits, and for security purposes. PII may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims. In certain cases, we may or will anonymize or de-identify your PII and further use it for internal and external purposes, including, without limitation, to improve the Services and for research purposes. “Anonymous Information” means information which does not enable identification of an individual user, such as aggregated information about the use of our Services. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our Services and enhance your experience with them).
4. HOW DO WE PROTECT YOUR INFORMATION?
Cynet stores the PII if it is necessary to fulfil the purpose for which the information has been collected. This means that Cynet deletes your PII when such information is no longer necessary. Statistics and analysis which have been anonymised may be saved thereafter.
We do not use vulnerability scanning and/or scanning to PCI standards.
We never ask for credit card numbers.
We use regular Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.
You should be aware that there is always some risk involved in transmitting information over the internet and that there is also some risk that others could find a way to thwart our security systems. As a result, while we strive to protect your information, we cannot ensure or warrant the security and privacy of your PII or other content you transmit using the Services, and you do so at your own risk. We encourage you to exercise discretion regarding the PII you choose to disclose.
5. SHARING YOUR PII
In addition to the recipients described in Section 1, we may share your PII as follows:
- With our business partners with whom we jointly offer products or services. We may also share PII with our affiliated companies;
- To the extent necessary, with regulators, courts, or competent authorities, to comply with applicable laws, regulations, and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory, and other governmental agencies or if required to do so by court order;
- If, in the future, we sell or transfer, or we consider selling or transferring, some or all of our business, shares or assets to a third party, we will disclose your PII to such third party (whether actual or potential) in connection with the foregoing events;
- In the event that we are acquired by, or merged with, a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, disclose or assign PII in connection with the foregoing events, including, in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or to another company; and/or
- Where you have provided your consent to us sharing or transferring your PII (e.g., where you provide us with marketing consents or opt-in to optional additional services or functionality).
For more information, please send an email to [email protected].
6. ANALYTIC TOOLS
We also use a tool called “Google Analytics” to collect information about use of the website. Google Analytics collects information such as how often users visit this website, what pages they visit when they do so, and what other websites they used prior to coming to this website. We use the information we get from Google Analytics to maintain and improve the website and our products. We do not combine the information collected through the use of Google Analytics with PII we collect. Google’s ability to use and share information collected by Google Analytics about your visits to this website is restricted by the Google Analytics Terms of Service, available at https://marketingplatform.google.com/about/analytics/terms/us/, and the Google Privacy Policy, available at http://www.google.com/policies/privacy/. You may learn more about how Google collects and processes data specifically in connection with Google Analytics at http://www.google.com/policies/privacy/partners/. You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.
We may allow you to use Google API services as part of an authentication and authorization framework that gives us the ability to connect directly with google users when we would like to request access to Google user data. Therefore, the App’s use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
In addition, when you download our App to your mobile device, we may collect data on the installed apps on your mobile device and your device location at the time of a detected threat in order to view your overall mobile security posture.
We reserve the right to remove or add new analytic tools.
7. BEHAVIORAL ADVERTISING
We use your PII to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by visiting these links:
FACEBOOK – https://www.facebook.com/settings/?tab=ads
GOOGLE – https://www.google.com/settings/ads/anonymous
BING – https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
LINKEDIN – https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences?lang=en
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info.
8. DO NOT TRACK
We collect personally identifiable information about an individual consumer’s online activities over time in our Websites when a consumer uses the Services. If you choose to operate your web browser “do not track” signals or any other mechanism that provides consumers the ability to exercise choice regarding the collection of such information, we will abide by your request and stop collecting such information. We may allow third parties such as companies that provide us with analytics tools, to collect personally identifiable information about an individual consumer’s online activities over time and in our Website when a consumer uses the Services.
9. CHILDREN
We do not offer our products or services for use by children under the age of thirteen (13) years, and do not intend to collect PII from anyone we know to be under thirteen (13) years. If you believe that we might have any such information, please contact us at [email protected]. If you are under thirteen (13), you may not use the Services, or provide any information to the Website and/or App without the involvement of a parent or a guardian. For the purposes of the GDPR, we do not intend to offer information society services directly to children. Regardless, in the event that we become aware that you provide PII in violation of applicable privacy laws, we reserve the right to delete it.
10. HOW CAN I DELETE MY ACCOUNT?
Should you ever decide to delete your Cynet account, you may do so by emailing [email protected]. If you terminate your account, any association between your account and the information we store will no longer be accessible through your account. However, given the nature of sharing on the Services, any public or team activity on your account prior to deletion will (to the extent permissible pursuant to data protection laws) remain stored on our servers and will remain accessible to the public or team. Please note that whilst you may be able to exercise your data protection rights in respect of such information, they may be subject to certain exemptions or derogations.
11. YOUR RIGHTS:
EUROPEAN RESIDENTS
You have a right to access PII held about you; You have the right to request that we amend any PII we hold that is inaccurate or misleading; You have the right to request the erasure of the PII that relates to you; You have the right to object, to or to request restriction, of the processing; You have the right to data portability (to receive your PII in a structured, commonly used and machine-readable format and transmit that data to another controller; You have the right to object to profiling; You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place of work or place of alleged infringement) at any time (we ask that you please attempt to resolve any issues with us before you contact your local supervisory authority; You have the right to withdraw your consent; You also have a right to request details of the basis on which your PII is transferred outside the European Economic Area, but you acknowledge that data transfer agreements may need to be partially redacted for reasons of commercial confidentiality.
If you wish exercise your rights, please contact us through the contact information below. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing and/or honoring your request. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law. Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise or defense of legal claims.
Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States, in accordance with applicable laws.
CALIFORNIA RESIDENTS
Right to ask for disclosure:
You have the right to ask us to disclose certain information regarding our collection and use of your PII over the past 12 months. Once we receive and confirm your verifiable consumer request, we will provide you with the required information mandated by CCPA.
Right to ask for deletion:
You have the right to request that we delete any of your personal information that we collected from you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete, and direct our service providers to delete, your personal information from our records, unless an exception applies.
Within the past 12 months, we have disclosed to the following third parties your personal information:
- Affiliates;
- Service providers;
- Third parties to which you authorized us to disclose PII in connection with Services provided to you.
Cynet does not and will not sell your PII.
Right to non-discrimination:
We will not discriminate against you for exercising any of your rights under the CCPA. Unless permitted by the CCPA, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services; or
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
Without derogating from Section 9 above, we do not market to children under the age of 13 years old.
12. FAIR INFORMATION PRACTICES
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur we will notify the users via in-site notification within 7 business days.
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only those individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
13. CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
Send information, respond to inquiries, and/or other requests or questions
To be in accordance with CANSPAM, we agree to the following:
Not use false or misleading subjects or email addresses.
Identify the message as an advertisement in some reasonable way.
Include the physical address of our business or site headquarters.
Monitor third-party email marketing services for compliance, if one is used.
Honor opt-out/unsubscribe requests quickly.
Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can email us at: [email protected] and we will promptly remove you from ALL correspondence.
14. DATA RETENTION
Cynet stores the PII as long as it is necessary to fulfil the purpose for which the data has been collected. This means that Cynet deletes Your PII when such information is no longer necessary, unless we have a legitimate interest to retain such data for longer periods or are required to do so by any applicable law. Statistics which have been anonymised may be saved thereafter.
15. CHANGES
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.
16. CONTACT US:
For the purposes of GDPR, you may contact our EU representative, Cynet Security Italy SRL, at [email protected].
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by using the details provided below:
Website: https://www.cynet.com
Address:132 Begin Rd., Tel Aviv, Israel
Email: [email protected]