// LEGAL

Privacy Policy

Last updated: June 2025 · Effective date: June 2025
Controller: Cyber Newsroom · Contact: contact@cybernewsroom.xyz

Short version: We collect minimal data. We do not sell your personal information. Analytics (Google Analytics) are only activated with your explicit consent. You can withdraw consent at any time.

1. Who We Are

Cyber Newsroom is an AI-powered cybersecurity intelligence platform accessible at https://cybernewsroom.xyz. For all privacy-related matters, contact us at contact@cybernewsroom.xyz.

2. Data We Collect

2.1 Data You Provide Directly

Cyber Newsroom is a read-only publication. We do not offer user accounts, comment sections, newsletters, or contact forms. We collect no personal data that you directly submit, with the exception of emails sent to our contact address.

2.2 Data Collected Automatically

Server logs: Standard web-server access logs containing IP address, browser user-agent, referring URL, requested URL, timestamp, and HTTP status code. Logs are retained for up to 30 days for security and operational purposes only.
Cookies — essential: A session cookie is set for authenticated administrators only (admin dashboard users). This cookie is HttpOnly, SameSite=Lax, and expires after 8 hours. Regular visitors are not issued any session cookies.
Local storage (consent record): We store your cookie consent preference in your browser's localStorage (key: cn_consent). This contains only your preference ("all" or "essential") and a timestamp. It never leaves your device.

2.3 Analytics Data (Consent Required)

With your consent, we load Google Analytics 4 (Google LLC, USA), which collects: page views, session data, browser/device type, approximate geographic location (country/city level), referral source, and on-site behaviour. This data is processed by Google under their Privacy Policy. We use IP anonymisation. Analytics data is retained for 14 months.

Analytics are NOT loaded unless you click "Accept All". Choosing "Essential Only" keeps Google Analytics entirely disabled for your visit.

3. Legal Bases for Processing (GDPR)

For visitors in the European Economic Area (EEA), United Kingdom, and other jurisdictions where the GDPR or equivalent law applies, our legal bases are:

Legitimate interests (Art. 6(1)(f)): Server log retention for security monitoring and operational integrity. Our interest in operating a secure service is balanced against the minimal impact on visitors from short-term log retention.
Consent (Art. 6(1)(a)): Google Analytics activation. You may withdraw consent at any time via the "Cookie Preferences" link in the site footer.

4. Cookies

For a full list of cookies and how to manage them, see our Cookie Policy.

5. Third-Party Services

Google Analytics 4 (Google LLC, Mountain View, CA, USA) — loaded only with consent. Data transfer to the USA is covered by Google's Standard Contractual Clauses and participation in the EU-US Data Privacy Framework.
Google Fonts / CDN assets — We do not load external fonts or CDN-hosted assets by default. Some pages load the Marked.js library from jsDelivr. jsDelivr may log your IP.
Unsplash — Article cover images may be sourced from Unsplash. Images are loaded from their CDN which may process your IP.

We do not use advertising networks, social-media tracking pixels, or retargeting tools.

6. Data Retention

Server access logs: 30 days
Email correspondence (contact@): 3 years or until resolved
Analytics data (if consented): 14 months (Google Analytics default)
Consent preference (localStorage): 12 months, then cleared and re-prompted

7. Your Rights (GDPR)

If you are located in the EEA or UK, you have the following rights under the GDPR (EU) 2016/679 and UK GDPR:

// ACCESS (ART. 15)

Request a copy of the personal data we hold about you.

// RECTIFICATION (ART. 16)

Request correction of inaccurate or incomplete data.

// ERASURE (ART. 17)

Request deletion of your personal data ("right to be forgotten").

// RESTRICTION (ART. 18)

Request that we limit how we process your data.

// PORTABILITY (ART. 20)

Receive your data in a structured, machine-readable format.

// OBJECTION (ART. 21)

Object to processing based on legitimate interests.

// WITHDRAW CONSENT

Withdraw analytics consent at any time via "Cookie Preferences" in the footer.

// COMPLAINT

Lodge a complaint with your national data protection authority.

To exercise any of these rights, email contact@cybernewsroom.xyz with the subject "Privacy Request". We will respond within 30 days.

8. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you the following rights:

Right to Know: Request disclosure of what personal information we collect, use, disclose, and sell.
Right to Delete: Request deletion of personal information we have collected from you.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt Out of Sale / Sharing: We do not sell your personal information for monetary consideration. However, sharing data with Google Analytics may constitute "sharing" under CPRA. To opt out, select "Essential Only" in the cookie banner or click "Cookie Preferences" in the footer. You may also submit a request via our contact email.
Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by the CPRA.

Do Not Sell or Share My Personal Information: To opt out of analytics sharing, click "Cookie Preferences" below or use the link in the site footer, and select "Essential Only". To submit a formal CCPA request, email contact@cybernewsroom.xyz with the subject "CCPA Request". We respond within 45 days.

9. Children's Privacy

This site is not directed at children under 13 (US) or under 16 (EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. International Transfers

Server infrastructure is located in [your hosting region]. Google Analytics processes data in the USA. Transfers to the USA from the EEA are covered by Standard Contractual Clauses (SCCs) executed by Google, and Google's participation in the EU-US Data Privacy Framework.

11. Security

We implement appropriate technical and organisational measures to protect data against unauthorised access, alteration, disclosure, or destruction. Admin sessions use HMAC-signed tokens, HttpOnly cookies, and 8-hour expiry. Connections are served over HTTPS.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be reflected in the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

13. Contact & Complaints

For all privacy enquiries: contact@cybernewsroom.xyz
For complaints in the EU/UK, you may contact your national supervisory authority (e.g. the ICO in the UK, the DPC in Ireland, the CNIL in France, the BfDI in Germany).