Legal
Privacy Policy
How we collect, use, and protect your personal data — and the rights you have over it.
Last updated: 25 April 2026
1. Who we are
This website (solidcyber.net) is operated by Solid Cyber LLC, a limited liability company formed under the laws of the State of Wyoming, United States.
Registered agent address: 30 N Gould St, Ste N, Sheridan, WY 82801, USA.
For privacy-related questions or to exercise your data protection rights, contact us at [email protected].
We do not currently have a designated representative in the United Kingdom or European Union under Article 27 of the UK GDPR / EU GDPR. We rely on the exemption available where processing is occasional, does not include large-scale processing of special category data or criminal-conviction data, and is unlikely to result in a risk to the rights and freedoms of natural persons. If you are based in the UK or EU and wish to raise a concern, please contact us at the email above.
2. Scope of this policy
This policy describes how we handle personal data collected through solidcyber.net and any of its sub-paths.
It does not cover personal data we may process while delivering paid services to clients (for example, during a penetration test or compliance engagement). Such processing is governed by the engagement agreement and any associated Data Processing Addendum signed with the client.
3. What we collect
Information you provide
When you submit our contact form, we collect:
- Your name
- Your email address
- Your company or website (optional)
- The service you are interested in
- The content of your message
Information collected automatically
When you visit the site, our hosting and security provider (Cloudflare) automatically logs technical data such as your IP address, user agent, referring URL, and request metadata. This is standard for any website and is used to deliver content, prevent abuse, and maintain availability.
Our contact form is protected by Cloudflare Turnstile, which processes your IP address, user agent, and certain browser signals to distinguish humans from bots. Turnstile does not use tracking cookies or fingerprinting for advertising purposes.
Cookies and similar technologies
This site does not currently set analytics, advertising, or marketing cookies. The only cookies that may be set are strictly-necessary cookies used by Cloudflare to operate the site securely and deliver bot-protection challenges.
4. Why we collect it & legal bases
If you are located in the United Kingdom or European Economic Area, our processing relies on the following legal bases under Article 6 of the UK GDPR / EU GDPR:
| Purpose | Data involved | Legal basis |
|---|---|---|
| Responding to your enquiry and any pre-contract discussions | Contact form data (name, email, optional company, service interest, message) | Art. 6(1)(b) — steps taken at your request prior to entering into a contract Art. 6(1)(f) — legitimate interest in running our business and replying to enquiries |
| Maintaining site availability, security, and abuse prevention | Server / CDN logs (IP address, user agent, request metadata) | Art. 6(1)(f) — legitimate interest in operating a secure, available website |
| Bot protection on the contact form | IP address, user agent, browser signals processed by Cloudflare Turnstile | Art. 6(1)(f) — legitimate interest in preventing automated abuse of our forms |
| Keeping records to defend or pursue legal claims, and to comply with US tax and accounting law (where a contact-form enquiry becomes an invoiced engagement) | Contact data, contract data, billing records | Art. 6(1)(c) — compliance with a legal obligation (US federal tax recordkeeping) Art. 6(1)(f) — legitimate interest in establishing, exercising, or defending legal claims |
You have the right to object to processing based on legitimate interests — see Section 9.
5. Who we share data with
We do not sell or rent personal data, and we do not share it with advertisers. We do use a small number of trusted service providers (sub-processors) to operate the site and respond to enquiries:
- Cloudflare, Inc. (United States) — content delivery, edge compute (Cloudflare Workers), Cloudflare D1 database hosted in an EU region (where contact form submissions are stored as a backup), and Cloudflare Turnstile bot protection.
- Brevo (Sendinblue SA) (France) — SMTP relay used to deliver contact form submissions to our inbox.
- Google LLC (United States) — Gmail, which acts as the destination inbox for contact form submissions.
- Discord Inc. (United States) — receives anonymised operational notifications when a contact form is submitted. These notifications confirm whether a submission succeeded or failed and contain no name, email address, message body, or other personal data.
We may also disclose personal data where required by law, to enforce our terms, or to protect our rights, property, or safety, or those of others.
6. International transfers
Some of our sub-processors are located outside the United Kingdom and the European Economic Area. Where personal data is transferred outside the UK / EEA, we rely on the following safeguards:
- Transfers to the United States to providers self-certified under the EU-US Data Privacy Framework and its UK Extension (this currently applies to Google).
- The European Commission's Standard Contractual Clauses and the UK's International Data Transfer Addendum, as a fallback where another mechanism does not apply (for example, for transfers to Cloudflare and Discord).
Cloudflare D1 storage of contact form submissions is configured to use an EU region. Brevo is a French company and processes email in the EU.
7. Is providing your data mandatory?
Providing your personal data is voluntary. You are not under any statutory or contractual obligation to provide it. However, if you choose not to provide the information requested in our contact form, we will not be able to respond to your enquiry or provide the information or services you have asked about.
Where, as a result of your enquiry, we go on to provide you with paid services, separate retention obligations may apply to the records of that engagement under US tax and accounting law — see Section 8.
8. Retention
- Contact form submissions in our D1 backup — retained for up to 24 months, then deleted.
- Contact form submissions in our inbox — retained for as long as we may reasonably need them to respond to or follow up on the enquiry. You can ask us to delete them at any time.
- Cloudflare CDN and security logs — retained per Cloudflare's defaults (typically around 30 days).
- Discord operational notifications — anonymised, so they do not constitute personal data; retained per Discord's own retention policies.
- Tax and accounting records relating to invoiced engagements — retained for at least seven (7) years in line with US Internal Revenue Service recordkeeping requirements, and for as long as required to defend or pursue legal claims under the applicable statute of limitations.
9. Your rights
If you are in the United Kingdom or European Economic Area
Under the UK GDPR / EU GDPR, you have the right to:
- Access the personal data we hold about you;
- Have inaccurate data rectified;
- Have your data erased in certain circumstances;
- Restrict or object to processing;
- Receive your data in a portable format;
- Withdraw any consent you have given (without affecting the lawfulness of prior processing); and
- Lodge a complaint with a supervisory authority.
UK residents may complain to the Information Commissioner's Office (ICO). EU residents may complain to their local data protection authority.
If you are a California resident
Under the California Consumer Privacy Act (CCPA), as amended by the CPRA, you have the right to:
- Know what personal information we have collected about you;
- Request deletion of your personal information;
- Correct inaccurate personal information;
- Opt out of the sale or sharing of your personal information — we do not sell or share personal information as those terms are defined under the CCPA;
- Not be discriminated against for exercising any of these rights.
How to exercise your rights
Email [email protected] from the address you originally contacted us from, or include sufficient information for us to verify your identity. We will respond within the timeframe required by applicable law (typically one month under GDPR, 45 days under CCPA).
10. Children
This site is not directed to children, and we do not knowingly collect personal data from them.
- Under the UK GDPR / EU GDPR, we do not knowingly collect personal data from children under the age of 16.
- Under the US Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal data from children under the age of 13.
If you believe a child has provided us with personal data, please contact us at [email protected] and we will take steps to delete it.
11. Security
We use industry-standard measures to protect the data we collect, including encryption in transit (TLS), Cloudflare's security and DDoS protections, and the principle of least privilege for access to backend systems. However, no method of transmission over the internet or method of electronic storage is fully secure, and we cannot guarantee absolute security.
12. Automated decision-making and profiling
We do not use your personal data for automated decision-making or profiling within the meaning of Article 22 of the UK GDPR / EU GDPR.
The only automated processing applied to visitor data is by Cloudflare's bot-protection systems (Cloudflare Turnstile and edge security rules), which may block or challenge requests that exhibit characteristics of automated abuse. This is operational security and does not produce legal effects concerning you or similarly significantly affect you.
13. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top of this page reflects the latest revision. Where changes are significant, we will provide additional notice (for example, by flagging the change on the site homepage).
14. Contact
If you have any questions about this policy or our handling of personal data, contact us at:
Solid Cyber LLC
30 N Gould St, Ste N
Sheridan, WY 82801, USA
Email: [email protected]