Last renewal: 2026-05-13
This privacy policy describes how SIA Baltic Security Consulting (hereinafter "the Manager") processes personal data in the cyb3r.help platform in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR) and the Law on the Processing of Personal Data of the Republic of Latvia.
1. Data controller and contacts
- Manager: SIA Baltic Security Consulting
- E-mail: privacy@cyb3r.help
- Data Protection Officer (DPO): reachable via the above-mentioned e-mail with the theme "DPO'.
2. Categories of data to be processed
- Identification - e-mail, username, first name
- Authentication data - passwords Argon2id derivative, MFA TOTP secret, renewal codes
- Profile Data - bio, telephone, website URL, social network links
- Content of adverts - titles, descriptions, contact details
- Technical data - IP addresses (within security windows), browser type, session identifiers
- Payment metadata - Citadele Klix order ID, amount, status (CARDS NUMBERS DO NOT SUCCESS)
- Audit Logs - login attempts, failed authentication events
3. Legal basis for processing (Article 6 of the GDPR)
- Account data, profiles - Contract performance (VDAR 6(1)(b))
- Security Logs, IP, MFA - Legitimate interest (security) (VDAR 6(1)(f))
- Payments and accounting - Legal obligations (VDAR 6(1)(c))
- Marketing e-mails - Data subject's consent (VDAR 6(1)(a))
4. Time limits for storage
- Account details - while the account is active + 6 months after the redemption request
- Payment data and invoices -10 years
- Security Logs -12 months
- Audit log entries -24 months
- Marketing consent - until withdrawal
5. Rights of the data subject (Articles 15-22 of the GDPR)
You have the following rights in relation to your personal data:
- Right of access (article 15) - obtain proof of processing
- Right to rectification (article 16) - correct inaccurate data
- Right to be forgotten (article 17) - request for deletion (with legal exceptions)
- Right to restriction of processing (article 18)
- Right to data portability (article 20) - to receive data in machine-readable format
- Right to object (article 21) - against processing on grounds of legitimate interest
- Right to withdraw consent (article 7 (3)) - no retroactive effect
Applications shall be made by writing to: privacy@cyb3r.helpWe respond within one calendar month (Article 12 of the NDAR).
6
In accordance with Article 32 of the GDPR, the following technical and organisational measures are implemented:
- Argon2id password derivative (OWASP relevance)
- TLS 1.3 mandatory (for all data transmission channels)
- Multifactor authentication (TOTP) for administrative accounts
- Brute-force defense - django-axes (5 attempts, 1h blocking)
- Full audit log with 12-month storage (NIS2)
- UUID identifiers (data minimisation, IDOR protection)
- Regular update management and vulnerability scanning
7. Transmission of data to third parties
Personal data shall be transferred only to the following processors with a signed Data Processing Contract (DPA):
- AS Citadele banka (Klix) - payment processing (LV)
- Resend Inc. (US) - Transaction emails (EU region, EU-US Data Privacy Framework and SCC pursuant to Article 46 of the GDPR)
- Porkbun, LLC (US) - Domain Registration and Email Transfer (SCC under Article 46 GDPR)
- Sentry GmbH - error monitoring (DE)
The transfer of data outside the EEA takes place only to the US jurisdiction of processors (Resend, Porkbun) through the Standard Contract Clauses (SCC) and EU-US Data Privacy Framework - compliance with Article 46 of the General Data Protection Regulation (GDPR).
8. Submission of complaints
If you consider that your personal data is processed contrary to the GDPR, you have the right to submit a complaint to the Data State Inspectorate (www.dvi.gov.lv).
9. Cookies
See separate cookie policy.
10 Policy change
Privacy policy changes are published on this page. Users are informed about significant changes by email at least 14 days in advance.