CyberElites
CyberElites
Request demo
Legal

Privacy Policy

Effective: 22 May 2026·Last updated: 22 May 2026

This Privacy Policy explains how CyberElites ("we", "us", "our") collects, uses, and protects your personal information when you visit cyberelites.aeor use our cyber defense training platform, Forge (the "Service").

1. Information we collect

Information you provide directly:

  • Contact details (name, work email, organization, role) submitted via our demo request form.
  • Account credentials when you sign up for a pilot or licensed use of the Service.
  • Configuration data you provide when authoring custom ranges.
  • Communications you send to us (support tickets, emails).

Information collected automatically:

  • IP address, browser type, device information.
  • Pages visited, time spent, referrer URL.
  • Cookies and similar technologies (see Section 6).

Information from Service usage:

  • Training session telemetry (commands run, alerts triaged, scoring events) — used only for skill analytics within your tenant.
  • Logs and audit trails for security and operational purposes.

2. How we use information

  • To deliver, secure, and operate the Service.
  • To respond to inquiries, demo requests, and customer support.
  • To compute scoring, analytics, and dashboards for licensed use.
  • To detect, investigate, and prevent fraud or abuse of the platform.
  • To comply with legal obligations and respond to lawful requests.
  • To communicate with you about your account, updates, and security.

3. Lawful bases (GDPR / UAE PDPL)

Where applicable, we rely on the following lawful bases:

  • Performance of contract — operating the Service you signed up for.
  • Legitimate interests — security, fraud prevention, and improving the Service.
  • Consent — where required (e.g. marketing communications).
  • Legal obligation — compliance with applicable law.

4. Sharing of information

We do not sell personal information. We share data only with:

  • Service providers strictly necessary to operate the Service (cloud hosting, identity, transactional email).
  • Authorities, when required by law or to protect the rights and safety of our users.
  • Successors in connection with a corporate transaction, subject to confidentiality obligations.

5. Data residency

Production data can be hosted in a customer-selected region. Air-gapped on-premises deployment is supported where required (for example, sovereign or classified environments). Training data does not leave your chosen environment.

6. Cookies

We use first-party cookies that are strictly necessary for the Service to function (authentication, security, preferences). We do not use third-party advertising trackers.

7. Retention

We retain personal data only as long as necessary for the purposes set out in this policy, to comply with legal obligations, or to resolve disputes. Training telemetry retention for licensed Service usage is governed by your applicable customer agreement.

8. Security

We apply industry-standard administrative, technical, and organizational measures to protect personal data, including:

  • TLS in transit and AES-256 at rest.
  • Managed encryption keys, with customer-managed key options for enterprise tiers.
  • Multi-factor authentication required for administrative access.
  • Immutable audit logging of control-plane actions.

No system is perfectly secure. If you believe you have discovered a vulnerability, please email support@cyberelites.ae.

9. Your rights

Subject to applicable law, you have rights to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Restrict or object to certain processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time, where processing is based on consent.

To exercise these rights, email support@cyberelites.ae.

10. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have, please contact us so we can remove it.

11. International transfers

If you access the Service from outside the United Arab Emirates, your information may be processed in the UAE or other regions where we operate. We apply appropriate safeguards (such as standard contractual clauses) where required by law.

12. Changes to this policy

We may update this policy from time to time. The "Last updated" date above reflects the most recent revision. Material changes will be communicated through the Service.

13. Contact

For questions about this Privacy Policy or our privacy practices: