Privacy Policy

Introduction

CyberScore, published by Patrick Astoul (Individual Entrepreneur), is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.

Data Controller

Personal Data Collected

1. Registration Data

• First and last name
• Email address
• Organization name (optional)

2. Billing Data

• Billing address
• Payment information (processed by Stripe, not stored by CyberScore)

3. Service Usage Data

• Scanned domains
• Security scan results
• Scan history
• Generated PDF reports

4. Technical Data

• IP address
• Browser type
• Pages visited
• Connection timestamps

Processing Purposes

Your data is collected to:

• Provide CyberScore security scanning services
• Manage your account and subscription
• Track usage according to your plan
• Improve service quality
• Comply with legal obligations
• Communicate about service updates

Legal Basis for Processing

• Contract performance: to provide scanning services
• Legitimate interest: for service improvement and security
• Legal obligation: for billing and accounting
• Consent: for optional features

Retention Period

Your Rights

Under GDPR, you have the following rights:

• Right of access: view your personal data
• Right to rectification: correct inaccurate data
• Right to erasure: delete your data
• Right to object: oppose data processing
• Right to portability: retrieve your data in a structured format
• Right to restriction: limit data processing

To exercise your rights, contact us at: patrick@cybersco.re

Data Security

CyberScore implements the following security measures:

• HTTPS/TLS encryption: all communications are encrypted in transit
• Password encryption: passwords are encrypted with bcrypt hashing (one-way, salted)
• Secure authentication: JWT tokens with expiration
• Restricted access: only authorized administrators access data
• Access monitoring: audit logs for sensitive operations
• Secure backups: daily encrypted backups
• Data isolation: Docker containerization

Note: Scan results (DNS records, SSL certificates, HTTP headers) are stored unencrypted as they represent publicly available information. Only passwords and authentication tokens are encrypted.

Data Sharing

Your data may be shared with:

• Stripe: for payment processing (PCI-DSS compliant)
• Hostinger International Ltd: for hosting (servers in France)
• Competent authorities: in case of legal obligation

⚠️ Your data is never sold to third parties.

International Data Transfers

Some data may be transferred outside the European Union (notably to the United States for Stripe). These transfers are governed by Standard Contractual Clauses (SCC) approved by the European Commission.

Cookies

CyberScore uses cookies to:

• Maintain your login session
• Remember your preferences
• Analyze site usage

You can disable cookies in your browser settings, but this may affect service functionality.

Minors

CyberScore is not intended for persons under 18 years old. If you are under 18, please do not use this service.

Filing a Complaint (EU Residents)

If you believe your rights are not being respected, you can file a complaint with the CNIL (French Data Protection Authority):

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Last updated: December 2025

Contact

For any questions regarding this privacy policy, contact us: