Effective date: 2 May 2026 · Last updated: 3 May 2026
CybereyeQ ("CybereyeQ", "we", "our") publishes regulatory intelligence briefings for compliance and governance, risk, and compliance (GRC) professionals. This policy explains what personal information we collect when you interact with our website, newsletter, podcast, and social media presence, how we use that information, and the rights you have over it.
We've tried to write this in plain English. If something is unclear, contact us at the address at the end of this policy.
CybereyeQ operates the website at https://www.cybereyeq.com and the related newsletter, podcast, and social media accounts under the CybereyeQ name. For the purposes of the European Union General Data Protection Regulation (GDPR), CybereyeQ acts as the data controller for personal information we collect directly from you.
2. What information we collect
We aim to collect only what we need to deliver our content and operate our publishing infrastructure.
a. Information you provide
Newsletter subscription data. When you subscribe to a CybereyeQ newsletter, we collect your email address. We may also collect optional information you choose to provide (for example, a first name) through our newsletter platform.
Communications. If you contact us by email or via a contact form, we receive the content of your message, your email address, and any information you choose to include.
Survey or feedback responses. If you participate in a survey, poll, or feedback form, we collect the answers you provide. These are typically anonymous unless you choose to identify yourself.
b. Information collected automatically
Website usage data. When you visit www.cybereyeq.com, our hosting provider (currently GitHub Pages) and any analytics service we use may automatically log standard server-side information: IP address, browser type, referring URL, pages viewed, and the date and time of access. We use the minimum analytics required to understand readership trends.
Newsletter engagement data. Our email service provider records standard email engagement metrics — for example, whether an email was opened, links you clicked, and whether the email bounced — to help us measure performance and maintain deliverability.
Podcast listening data. When you listen to the CybereyeQ podcast through a third-party app (Apple Podcasts, Spotify, Overcast, or any RSS-compatible client), the host of our audio files (currently GitHub Pages) may log download requests. We do not directly identify individual listeners.
c. Information from third parties
LinkedIn. When you interact with CybereyeQ's LinkedIn presence (following our Page, engaging with our posts, or messaging us), LinkedIn provides us with engagement data and basic profile information per LinkedIn's own platform terms. CybereyeQ uses LinkedIn's developer platform to publish content to our own LinkedIn Page. The scope of data we access is limited to what is required to publish posts and read engagement metrics on content we have posted. We do not access, store, or sell data about LinkedIn members who interact with our content beyond what LinkedIn's platform makes available to a Page admin.
Other social platforms. We may publish to additional platforms including X (formerly Twitter) and Bluesky. When you engage with CybereyeQ on those platforms, the platform's own privacy practices apply.
d. What we do not collect
We do not knowingly collect:
payment-card data (we do not currently sell anything directly through our website);
precise geolocation;
biometric data;
special categories of personal data under GDPR Article 9 (health, race, sexual orientation, religious beliefs, etc.);
information about children under the age of 16.
3. How we use information
We use the information described above only for the following purposes:
To deliver the content you requested — sending you newsletters, replying to your messages, providing access to lead-magnet downloads.
To improve our content. Aggregated readership trends help us decide what to write about and how often.
To operate the publishing infrastructure — managing our email list, posting to social platforms, hosting the website and podcast.
To comply with legal obligations — for example, retaining records required by tax law or responding to lawful requests from regulators.
We do not use your personal information to train machine-learning models, and we do not sell or rent our newsletter list.
Legal bases under GDPR
If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following GDPR legal bases:
Activity
Legal basis
Sending the newsletter you subscribed to
Consent (Art. 6(1)(a)) — withdrawable at any time via the unsubscribe link
Aggregated analytics on website and email engagement
Legitimate interests (Art. 6(1)(f)) — operating and improving the publication
Responding to direct inquiries
Legitimate interests (Art. 6(1)(f)) — providing the help you asked for
Complying with applicable law
Legal obligation (Art. 6(1)(c))
4. How we share information
We share personal information only with the third-party service providers we rely on to operate CybereyeQ. Each acts as a data processor under our instructions and is bound by their own privacy commitments.
Provider
Role
Privacy policy
Beehiiv
Email newsletter platform — stores subscriber records and delivers email
share newsletter-subscriber data with advertisers;
transfer your data to other publications, sponsors, or data brokers.
We may disclose information when required by law (for example, a valid subpoena or court order), or when necessary to protect the rights, property, or safety of CybereyeQ, our readers, or others.
International transfers
Some of our processors operate in the United States. When personal data of individuals in the European Economic Area, the United Kingdom, or Switzerland is transferred to the United States, the transfer is covered by appropriate safeguards under GDPR Chapter V — typically the European Commission's Standard Contractual Clauses, or the EU–US Data Privacy Framework where the recipient is certified.
5. How long we keep information
We keep personal information only as long as we need it for the purposes described above:
Newsletter subscribers: until you unsubscribe. Unsubscribed records are retained in a suppression list for the minimum period needed to honor your unsubscribe and meet anti-spam law obligations.
Direct inquiries: typically 24 months from your last message, unless you request earlier deletion.
Server and analytics logs: typically 12 months or less, except where we need to retain a record to investigate a security incident.
6. Your rights
You have rights over your personal information. Specific rights and the procedure for exercising them depend on where you live.
a. Everyone
You can:
unsubscribe from the newsletter at any time using the link at the bottom of every email;
ask what we hold about you by emailing the address at the end of this policy;
ask us to correct or delete information we hold about you.
We respond to verified requests as promptly as we can, typically within 30 days.
b. Individuals in the EEA, UK, or Switzerland (GDPR / UK GDPR)
In addition to the rights above, you have the right to:
access your personal data and receive a copy in a portable format;
rectify inaccurate or incomplete data;
erase your data ("right to be forgotten") in certain circumstances;
restrict how we process your data;
object to processing based on legitimate interests;
data portability — receive your data in a machine-readable format;
withdraw consent at any time, where processing is based on consent;
lodge a complaint with your national data-protection authority. A list is available at edpb.europa.eu/members_en. UK readers can contact the Information Commissioner's Office at ico.org.uk.
c. California residents (CCPA / CPRA)
If you are a California resident, you have the right to:
know the categories and specific pieces of personal information we have collected about you;
delete personal information we have collected, subject to legal exceptions;
correct inaccurate personal information;
opt out of the sale or sharing of personal information. CybereyeQ does not sell or share personal information within the meaning of the CCPA/CPRA;
limit the use of sensitive personal information. We do not collect sensitive personal information as defined by the CCPA;
non-discrimination — we will not deny service, charge a different price, or provide a different level of quality because you exercised a privacy right.
To exercise any of these rights, email the address at the end of this policy. We may need to verify your identity before fulfilling certain requests.
d. Other US states
If you are a resident of another US state with a comprehensive privacy law (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others), you have similar rights to those described above. Contact us using the details below.
7. Cookies and similar technologies
The CybereyeQ website is built to use the minimum cookies necessary. We do not use cookies for advertising or behavioral tracking. We may use a small number of strictly-necessary cookies for basic site functionality, and limited first-party analytics cookies if we enable analytics. Where required by law, we will request your consent before setting non-essential cookies.
You can control cookies through your browser settings. Disabling cookies will not prevent you from reading the site.
Our email service provider may include a small tracking pixel in newsletter emails to record opens. You can disable image loading in your email client to prevent this.
8. LinkedIn App data — additional disclosures
CybereyeQ uses LinkedIn's developer platform (the LinkedIn Marketing API and Share API) to publish content to our own LinkedIn Page and to retrieve standard engagement metrics on that content. To support this:
Authentication tokens issued by LinkedIn are stored securely and are used only to call the LinkedIn API on behalf of CybereyeQ as a Page admin.
The scope of data accessed is the minimum required, namely permissions to read the basic profile of the authorizing administrator, post content as the Page, and read engagement metrics on Page-owned posts.
We do not access, store, transmit, or sell data about LinkedIn members beyond standard engagement metrics LinkedIn makes available to any Page admin.
We do not provide LinkedIn-derived data to third parties.
We honor LinkedIn member requests to delete data forwarded to us by LinkedIn, and we comply with LinkedIn's Developer Terms of Use and Restricted Uses of LinkedIn Marketing APIs and Data.
If you are a LinkedIn member who believes CybereyeQ holds personal information about you that you wish to access, correct, or delete, please contact us using the details below or use LinkedIn's own data-rights tools.
9. Security
We take reasonable technical and organizational measures to protect personal information. These include encrypted transport (HTTPS/TLS) for all website traffic, restricted access to administrative tools, and use of reputable third-party processors for storage and delivery. No system is perfectly secure; if a breach of personal information occurs, we will notify affected individuals and applicable authorities as required by law.
10. Children's privacy
CybereyeQ is intended for adult readers in regulated industries. We do not direct our content to children, and we do not knowingly collect personal information from individuals under 16. If you believe a child has provided personal information to us, please contact us and we will delete it.
11. Changes to this policy
We may update this policy as our practices evolve, the law changes, or we add or change service providers. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be announced in the newsletter or on the website. Your continued use of our services after a change indicates your acceptance of the updated policy.
12. Contact us
If you have any questions, requests, or complaints about this policy or about how we handle your personal information, please contact us: