Bugsec
Privacy Policy

BugSec

Privacy Policy

Recently Updated: May 25, 2025

Bugsec Ltd., together with its subsidiaries and affiliated companies (collectively “Company”, “Bugsec” “we”, “us” or “our”) respects your privacy and recognizes that your privacy is important.

Bugsec d.b.a. CYCL is a cybersecurity company specializing in cloud-native Managed Detection and Response (MDR) solutions to our clients (“Clients”). Our platform (“Platform”) integrates advanced behavioral AI analytics with expert cloud security knowledge to proactively detect, investigate, and neutralize threats across various cloud environments (“Services”). Utilizing both agentless and lightweight agent-based technologies, CYCL aims to reduce the workload on security teams by focusing on critical alerts and risks, ensuring that cloud environments remain secure, compliant, and resilient.

This privacy policy (“Privacy Policy”) explains the Company’s practices regarding the collection, processing, usage, and transfer of certain data, including Personal Data (as defined below), from:

  1. Individuals who visit our informative website available at: https://www.cycl.cloud/ (“website”), subscribe to our newsletter, or otherwise (“Prospects”).
  2. Clients who purchase our Services and a license to access and use our Platform and their authorized users who access the Platform (“Users”).
  3. Individuals who submitted their information for the purpose of applying a Bugsec’s job position (“Job Applicants”).

Prospects, Clients, Users, and Job Applicants may by individually or collectively referred herein as “you” or “your.”

This Privacy Policy is an integral part of our website terms and conditions or any other agreement referencing this Privacy Policy.

Please note that this Privacy Policy does not apply in situations when Bugsec process Personal Data in its role as a “Data Processor” (or a comparable role such as “service provider” in certain jurisdictions) on behalf of its Clients when providing the Services. Bugsec Data Protection Agreement (DPA) governs how Bugsec process Personal Data on behalf of its Clients and is not governed by this Privacy Policy.

Any Personal Data you provide is made at your free will and consent (where required under applicable data protection laws), and you acknowledge that you are not under any statutory obligation to provide us with Personal Data. However, we must collect or receive some Personal Data to provide the Service, and if you will not provide us with such Personal Data, we will not be able to fulfill certain purposes, for example, provide certain Services or enable use of certain features – all as described under Section ‎3 below – “Data Sets We Collect“ which details the purposes for which each Personal Data set is collected.

This Privacy Policy applies to all individuals world-wide, however, certain jurisdictions require that applicable disclosures will be provided in a certain way and format, and therefore in the event that you are a US resident – please also review Section ‎12 of this Policy.

1.       Policy Amendments

We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of this Privacy Policy will always be posted on the website and reflected in the “Recently Updated” heading. Any amendments to the Privacy Policy will become effective immediately, unless we notify otherwise. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.

2.       Data Controller Details

Bugsec Ltd., incorporated under the laws of the State of Israel [Internal to Bugsec – please confirm], is the “Data Controller” or “Business” (as such term is defined under the applicable data protection law) of the Personal Data collected from you detailed herein below.

If you have any question, inquiry, request or concern related to this Privacy Policy or the processing of your Personal Data, you may contact us and our privacy team as follows:

  • ‍By Email[email protected]; or
  • By Mail: Bugsec Ltd., Sderot Nim 2, Rishon LeTsiyon, Israel

3.       The Data Sets We Collect

We may collect two types of information from you, depending on your interaction with us:

The first type of information is non-identifiable and anonymous information (“Non-Personal Data”). We are not aware of the identity of the individual from whom we have collected the Non-Personal Data. Non-Personal Data consists of technical information, and may contain, among other things, the type of operating system and type of browser, type of device, session duration, etc.

The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Data” or “Personal Information” as defined under the applicable data protection law).

For the avoidance of doubt, any Non-Personal Data connected or linked to Personal Data shall be deemed as Personal Data as long as such connection or linkage exists. However, this Privacy Policy does not apply to any data insofar as it is held, processed, disclosed or published in a form which cannot be linked to an individual (such as anonymized or aggregated data which cannot directly or indirectly be used to identify you or to obtain information about you (“Anonymized and Aggregated Data”). We may generate or extract Anonymized and Aggregated Data out of any databases containing your Personal Data and we may make use of any such Anonymized and Aggregated Data for our purposes as we see fit.

The table below details the types of Personal Data we collect depending on your interaction with us, how and for which purposes we process and use your Personal Data: 

 

Type of Data

Purposes and Operation

Prospects, Clients, Users, Job Applicants

Online Identifiers and Usage Data:

When you interact with the website, we may collect online identifiers associated with your browser or device such as your Internet Protocol address (“IP”) and generate and assign to your device additional identifiers allowing us to individually identify you, such as a Cookie ID (“Online Identifiers”).

Further, additional information is automatically collected regarding your “website online behavior”. Such information includes the pages you viewed, click stream data, access time stamp, etc. (collectively “Usage Data”)

Online Identifiers and Usage Data are collected through our use of our or third party’s tools such as cookies and similar technologies.

Online Identifiers and certain Usage Data are used:

1.       To operate the website and enable its proper functionality (for example, in order to automatically recognize you by the next time you enter the website).

2.       For security and fraud prevention purposes (for example, to confirm you are a real person).

3.       For debugging and to resolve technical problems.

4.       To understand how individuals use the website.

5.       To measure effectiveness of some marketing campaigns we run in order to track conversions, build targeted audience, and market our Services to people who have taken some action on the website.

Certain Online Identifiers and Usage Data are indirectly processed by third-parties marketing and analytic tools, for analytic and marketing purposes.

Prospects, Clients, Users, Job Applicants

Contact Information:

If you voluntarily contact us with any inquiries (i.e., the “contact us” page, a demo request page, white paper request, “become a partner” request or support ticket), through any means of communications we make available (e.g., an online forms available on the website, email correspondence, chat, social media chats, toll free number, customer support, etc.) for support or to use our Services (including the demo session) or other inquiries, if you register to receive our newsletter (to the extent available), or apply for a job at Bugsec, you will be required to provide us with certain information such as your name, email address, company affiliation (if any) and details relevant to your request, etc. In addition, you can choose to provide us with additional information as part of your correspondence with us (“Contact Information”).

Contact Information is used:

1.       To provide you with the support you requested or to respond to your inquiry. The correspondence with you may be processed and stored by us in order to improve our client service and in the event when we believe it is required to continue to store it, for example, in the event of any claims or in order to provide you with any further assistance (if applicable).

2.       If you registered to receive our newsletter (to the extent available) or requested a white paper, we will use you Contact Information in order to provide you with the requested communications.

3.       We may use your email address in order to send you service communications and marketing promotions, such as new features, additional offerings, special opportunities or any other information we think you will find valuable (“Direct Marketing”).

4.       We will further use your email address, if applicable, under our suppression list, when you request to opt-out to ensure we comply with such preference and choice.

Clients, Users

Account Details:

In order to use our Services and Platform, you will be required to register and create an account. During the registration process you will be requested to provide us with your Contact Information (as defined above) and additional information on the business you represent (if applicable), billing and payments information, etc. (“Account Details”).

We will use your Account Details to provide the client support needed, the Services and the Platform, authentication, related account management services (including billing and invoicing), and to send you Direct Marketing (as defined above) communications.

We will retain such correspondence for as long as needed. 

Telemetry Data and Device Data:

We keep track of certain information about you when you visit and interact with our Services and Platform. This information includes the features you use; the links you click on; pages you have viewed, the type and size of attachments you upload to or provide through the Services; and additional information on how you interact with our Services and Platform (“Telemetry Data”).

We also collect information about your computer, phone, tablet, or other devices you use to access the Services, such as your connection type and settings when you access, update, or use our Services (“Device Data”). We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data.

We use Telemetry Data and Device Data:

1.       To provide and improve functionality; to recognize you across different Services and devices; operate, maintain, and improve the Services.

2.       To troubleshoot, to identify trends, usage, activity patterns, and areas for integration and to improve our Services and to develop new products, features and technologies that benefit our clients and the public.

3.       To resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair the Services.

Job Applicants

If you apply to a Bugsec job position, throughout the application and recruitment process, you may provide us (or we may otherwise collect or have access to) the Personal Data about you such as name, identification information Contact Information (as defined above), resume/CV, work-related data and employment history, education and qualifications, skills and expertise, social media activity, etc., and any additional information voluntarily included or provided by you (“Job Application Data”).

Further, if we proceed with your application, we may further process information that might be gathered from interviews, tests, or assessments conducted as part of the recruitment process to evaluate your suitability for the job position applied to; background check results; work eligibility; communication and internal records, such as correspondences and phone call records or other interactions between you and us during the recruitment process (“Recruitment Data”).

We process Job Application and Recruitment Data:

1.       To assess the Job Applicant’s qualifications, skills, and suitability for the position and role applied for.

2.       To facilitate our communications and correspondence with the Job Applicant during the recruitment process, including scheduling interviews, providing updates, and addressing inquiries.

3.       To verify the accuracy of the information provided by the Job Applicant, including with regards to education, employment history and professional references, as well as, where we deem necessary or required by law, conducting background checks and to further confirming the Job Applicant’s legal right to work in the relevant territory and comply with immigration related requirements.

4.       To ensure adherence to relevant laws, such as labor laws and regulations, etc.

5.       To facilitate the hiring and decision-making process, compare candidates, and decide upon the suitable candidate for the position.

6.       To maintain records of the recruitment process, including evaluations, assessments, and decisions made.

7.       For administration and performance of human resources related duties, obligations, and procedures.

8.       To analyze and improve our recruitment practices, processes and strategies.

Please note that the actual processing operation per each purpose of use in the table above may differ. Such processing operation usually includes a set of operations, made by automated means, such as collection, storage, use, disclosure by transmission, erasure or destruction.

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the website and Services and to enforce our policies and agreements, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability.

4.       How We Collect Information

Depending on the nature of your interaction with us, we may collect information as follows:

  • Automatically– certain Personal Data such as Online Identifiers and Telemetry Data is generated automatically and collected through the use of cookies and similar tracking technologies (such as pixels, tags, agent, etc.). For more information on the cookies we use and how to opt out of third-party collection of this information, please see Section ‎5 below “Cookies and Similar Tracking Technologies”.
  • Provided by you voluntarily or following your authorization – we will collect information if and when you choose to provide us with the information, such as through a form available on the website.

5.       Cookies and Similar Tracking Technologies

When you access to or use the website or some of our Services, we use “cookies” or similar tracking technologies, which store certain information on your device (i.e., locally stored). The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies are used by us for various purposes, including allowing you to navigate between pages efficiently, as well as for statistical purposes, analytic purposes and advertising. You can find more information about our use of cookies here: www.allaboutcookies.org.

Most browsers will allow you to erase cookies from your device, block acceptance of cookies, or receive a warning before a cookie is stored. You may set your browser to block all cookies, including cookies associated with our website, or to indicate when a cookie is being used by us, by adjusting the privacy and security settings of your web browser. Please refer to the support page of your browser to learn more about how you can adjust your privacy and security settings. Please note that once you choose to opt out or disable cookies, some features of the website may not operate properly, and your online experience may be limited.

6.       Data Sharing – Categories of Recipients with Whom We Share Personal Data

We share your Personal Data with third parties, including with trusted partners or service providers that help us to manage our business operation, website, etc. You can find here information about the categories of such third-party recipients. ‍

CATEGORY OF RECIPIENT

DATA THAT WILL BE SHARED

PURPOSE OF SHARING

Service providers and business partners

All types of Personal Data depending on the applicable service provider or business partner, and your interaction with us.

We may share Personal Data about you with third-party business partners and service providers that perform services on our behalf in connection with our Services, such as cloud service provider, analytics and marketing service providers, our CRM provider, etc.  Where your Personal Data is shared with such third parties, we ensure that the third party will deal with your information only on our behalf and on our instructions and solely for the benefit of our business (and not for its own benefit).

Affiliated companies

All types of Personal Data, as strictly necessary and on a case-by-case basis.

We may share certain information with our affiliated companies, which will provide us with certain required services and, for internal compliance and measurement. 

In addition, certain information may also be shared with potential affiliated companies in the event of a potential business re-organization while we undergo certain due diligence processes. In such event, those potential affiliated companies are bound by robust confidentiality obligations.

Legal authorities, regulators, etc.

All types of Personal Data as strictly necessary and on a case-by-case basis.

To the extent permitted or required by applicable law, we may disclose information about you to third parties to: (i) enforce or apply our terms of use or any applicable service agreement; (ii) comply with laws, subpoenas, warrants, court orders, legal processes or requests of government or law enforcement officials; (iii) protect our rights, reputation, safety or property, or that of our users or others; (iv) protect against legal liability; (v) establish or exercise our rights to defend against legal claims; or (vi) investigate, prevent or take action regarding known or suspected illegal activities; fraud; our rights, reputation, safety or property, or those of our clients or others; violation of our applicable policies and agreements; or as otherwise required by law.

7.       Cross-Border Data Transfer

Due to our global business operation, your Personal Data may be transferred to, and processed in countries other than the country in which you reside. These countries may have data protection laws that are different to the laws of your country. However, in all cases, we will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer.

8.       Data Retention

We retain Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until an individual expresses a preference to opt-out.

Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that, except as required by applicable law, we may at our sole discretion delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes.

9.       Privacy Rights

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.

In the table below you can review your rights depending on your interaction with us, how you can exercise them, and appeal a decision we take in this regard. Please note that some rights are available in certain jurisdictions only.

For any question you have regarding your right, or if you wish to exercise them, please contact us at: [email protected]

Right to be informed

You have the right to be provided with information regarding our Personal Data collection and privacy practices. You may also have the right, at our option, to receive a list of the specific third parties to which we have disclosed either your Personal Data or any Personal Data. All is detailed under this Privacy Policy.

Right to know (access)

You have the right to confirm whether we collect Personal Data about you, know which Personal Data we specifically hold about you, and receive a copy of such or access it.

If you wish to receive a copy of the Personal Data, please submit a DSR form as available here.

Right to correction

You have the right to correct inaccuracies in your Personal Data, taking into account the nature and purposes of each processing activity. Please submit a DSR form as available here.

Right to deletion

In certain circumstances, you have the right to delete the Personal Data we hold about you. In order to exercise this right, please submit a DSR form as available here.

Right to portability

You have the right to obtain the Personal Data in a portable, and to an extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. We will select the format in which we provide your copy. If you wish to exercise this right, please submit our DSR form as available here.

Right to opt out from:

(i) selling personal data;

(ii) right to opt out from targeted advertising; and

(iii) right to opt out from profiling and automated decision making

Marketing: You have the right to opt-out from receiving any Marketing communications from us, by unsubscribing through the email received.

Cookies and specifically opt out from sale of personal data for targeted advertising, monetary gain, or profiling, or share or sale of personal information for analytic or marketing: You have the right to opt-out from cookies tracking your behavior for analytic and marketing purposes. When you no longer wish cookies to track your behavior for analytic or marketing purposes, change your preferences through the cookie settings available on your browser privacy and security settings. You have the right to opt-out of the “selling” or “sharing” of your Personal Data for “cross-contextual behavioral advertising”, or “targeted advertising”, often referred to as “interest-based advertising” as well. You can exercise these rights as detailed in the “Cookies & Tracking Technologies” section above.

Newsletter & White Papers: You have the right to withdraw consent when you no longer wish to be in our newsletter list by clicking the “unsubscribe” link within the e-communication we sent you.

Further, you are able to install privacy-controls in the browser’s settings to automatically signal the opt-out preference to all websites you visit (like the “Global Privacy Control”). We honor the Global Privacy Control, where applicable, subject to your jurisdiction, as a valid request to opt-out of the sharing of information linked to your browser. [Internal to Bugsec – please advise whether it is accurate]

Note you may have the right to authorize another person acting on your behalf to opt out (including by technical tools and opt out signals).

In any event, please keep in mind that opt-out tools are limited to the browser or device you use because they work off your browser ID and device ID and, accordingly, you will need to opt-out on each browser and device you use. Your browser may save some information in its cookies and cache to maintain your privacy preferences. Clearing these may remove opt-out preferences, requiring you to opt-out again.

Right to appeal or lodge a complaint

If we decline to take action on your request, we shall so inform you without undue delay as required under applicable laws. The notification will include a justification for declining to take action and instructions on how you may appeal, if applicable.

Additional information for the appeal procedure under certain state laws, please see section 12 below “Jurisdiction-Specific Notices for US Residents”.

Non-discrimination

Such discrimination may include denying a service, providing a different level or quality of service, or charging different prices. We do not discriminate our users and visitors.

10.   Security

We take great care in implementing and maintaining the security of your Personal Data. We employ industry standard procedures and policies to ensure the safety of individuals’ information and prevent unauthorized use of any such.

We have implemented technical, physical and administrative security measures to protect the Personal Data we process. Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our website, and we make no warranty, express, implied or otherwise, that we will always be able to prevent such access.

Please contact us at: [email protected] if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.

11.   ‍Children’s Data

Our website, Services and Platform are not intended for children under the age of 18. Subject to limitation outlined above, if you are under the age of 18, you are not permitted to use our Services or the website. If you become aware that a child has provided us with Personal Data, please contact us immediately at: [email protected]

12.   Jurisdiction-Specific Notices For US Residents

The section is applicable to residents of certain U.S. states (depending on the applicable state law, acting in an individual or household context and not in a commercial or employment context or as a representative of business), including the following state laws:

  • California Consumer Privacy Act
  • Colorado Privacy Act
  • Connecticut Data Privacy Act
  • Delaware Personal Data Privacy Act
  • Florida Digital Bill of Rights
  • Indiana Consumer Data Protection Act
  • Iowa Consumer Data Protection Act
  • Kentucky Consumer Data Protection Act
  • Maryland Online Data Privacy Act
  • Minnesota Consumer Data Privacy Act
  • Montana Consumer Data Privacy Act
  • Nebraska Data Privacy Act
  • Nevada S.B. 370 
  • New Hampshire Data Privacy Act
  • New Jersey Data Protection Act
  • Oregon Consumer Privacy Act
  • Rhode Island Data Transparency and Privacy Protection Act
  • Texas Data Privacy and Security Act
  • Tennessee Information Protection Act
  • Utah Consumer Privacy Act
  • Virginia Consumer Data Protection Act, and
  • Washington’s My Health My Data Act.

We are required to provide you with clear and accessible privacy notice that includes the categories of Personal Data processed, purpose of processing, instructions for exercising consumer rights and appealing decisions, categories of Personal Data shared with third parties, categories of third parties with whom data is shared, and any sale of data or targeted advertising.

Under the paragraph “The Data Sets We Collect” of this Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collecting and processing, and the purposes for which Personal Data is processed, stored or used.

Under the paragraph “Data Sharing – Categories of Recipients with Whom We Share Personal Dataof this Privacy Policy, we detail and disclose the categories of third parties we share Personal Data with for business purposes. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent.

Additionally, under the paragraph “Privacy Rightsof this Privacy Policy, we detail and disclose your rights and how to exercise such requests.

“Sale” of Personal Data: Under certain US privacy laws the term “sale” is referring to disclosing or making available Personal Data to a third-party in exchange for monetary or other valuable consideration, including for targeted advertising purposes. We do not “sell” information as most people would commonly understand that term, we do not, and will not, disclose your Personal Data in direct exchange for money or some other form of payment. However, subject to the definition of the term “Sale” under certain US privacy laws, we may “sell” the following categories of Personal Data when we use cookies or other third-party services:

  • Identifiers – online identifiers such as IP and Cookie ID;
  • Internet and electronic network activity information – such as your engagement with our website.

Appeal Rights

Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request, by contacting us as instructed in our response. Please send your appeal request with a summary of the request and decision you want to appeal to [email protected]  

Not more than 60 days after receipt of an appeal, and always in accordance with the timelines set by the applicable US Privacy Laws, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decision.

If you are not happy with our response, depending on your jurisdiction, you may have the right to lodge a complaint against us with the relevant State’s Attorney General:

We use cookies to make your experience better
By using this site you accept our use of cookies to personalize and analyze website usage and to create relevant ads. We may also share data with partners for the same purpose. Read More
Accept