Sign-up
Sign-in Sign-up Pricing Documentation FAQ Request Assistance

Privacy Policy

About us and what we do

CyberTrace.online is owned and operated by TBD ("CyberTrace", "we" or "us"). This policy outlines the limited personal information we collect during your use of the CyberTrace website, as well as the measures we implement to handle and safeguard your data.

CyberTrace's purpose is to enhances visibility into cybersecurity exposure risks faced by corporate organizations as a result of data breaches and leaks

CyberTrace delivers a range of free and paid services to organizations to help them gain visibility into which companies/organization may have been impacted by a data breach, including:

  • a subscriber service that supplies statistics whether user credentails belonging to a given domain has been exposed as part of data breaches or leaks
  • a subscriber service that supplies listing of all e-mails for a given domain that has been exposed as part of a data breach or leaks

What kinds of personal information do we collect and hold?

When we use the term personal information, we mean any information or an opinion about an individual who is identified or reasonably identifiable to us. Personal information is sometimes also referred to as personal data. We only collect the limited personal information we need for the purposes of providing our services.

We collect and hold email addresses for the purposes of providing our subscription services to verified email addresses.

We collect and hold only the bare minimum logging information required to keep the service operational and combat malicious activity. This includes transient web server logs, Google Analytics to assess usage patterns and Application Insights for performance metrics. These logs may include information submitted in a form by the user, browser headers such as the user agent string and, in some cases, the user's IP address.

We do not collect or store your personal information when you conduct a search in the CyberTrace database. Searching for a domain only ever retrieves the data from storage then returns it in the response. The data from the search is not explicitly stored anywhere.

We also store some lists of data classes that were impacted in a particular data leak that is loaded into CyberTrace. For example, we will state that email addresses and passwords appeared in a leak but will not provide any information about which email addresses had corresponding compromised passwords.

The information we collect is not always personal information, as it may not relate to an identified individual or we otherwise may not be able to identify you from it.

Sensitive information is a subset of personal information that includes health information and other forms of sensitive personal information, and generally requires a higher level of privacy protection than other types of personal information. We do not collect sensitive information.

How do we collect, hold and use personal information?

Collection

We collect personal information:

  • from individuals directly, who subscribe to our services; and
  • from third parties, such as breached organisations, where CyberTrace can verify the legitimacy of a breach.

Storage

When a data breach is loaded into CyberTrace, the email addresses are stored in the online system.

Uses

We use the personal information we hold for the purpose of providing our services.

Who do we disclose your information to, and why?

We do not share your information with any third parties

How do we protect your data?

Security on CyberTrace is handled by a "defence in depth" approach, that is the service employs many different layers of security including (but not limited to):

  • all data transmitted over the internet is done over HTTPS;
  • regular security scans are performed to identify code or configuration vulnerabilities;
  • firewalls are employed to limit access to services running on AWS

Questions, concerns or complaints

If you have any questions, concerns or complaint about the way in which we have handled your personal information, you should contact us in the first instance. Our contact details are set out below.

We will endeavour to reply to you within a reasonable time following receipt of the complaint and, where appropriate, will advise you of the general reasons for the outcome of the complaint.

If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor. There is more information and guidance on the website of the Office of the Australian Information Commissioner (www.oaic.gov.au) about protecting your privacy.

Our contact details

If you have any questions, please contact us at:

support@cybertrace.online

Changes to this policy

From time to time, we may change our Privacy Policy on how we handle personal information or the types of personal information which we hold. Any changes to our Privacy Policy will be published on our website.

You may obtain a copy of our current Policy from our website or by contacting us at the contact details above.