Short version: We collect minimal data. We do not sell your personal information.
Analytics (Google Analytics) are only activated with your explicit consent. You can withdraw
consent at any time.
1. Who We Are
Cyber Newsroom is an AI-powered cybersecurity intelligence platform accessible at
https://cybernewsroom.xyz.
For all privacy-related matters, contact us at
contact@cybernewsroom.xyz.
2. Data We Collect
2.1 Data You Provide Directly
Cyber Newsroom is a read-only publication. We do not offer user accounts, comment sections,
newsletters, or contact forms. We collect no personal data that you directly submit, with the
exception of emails sent to our contact address.
2.2 Data Collected Automatically
-
Server logs: Standard web-server access logs containing IP address, browser
user-agent, referring URL, requested URL, timestamp, and HTTP status code. Logs are retained
for up to 30 days for security and operational purposes only.
-
Cookies — essential: A session cookie is set for authenticated administrators
only (admin dashboard users). This cookie is HttpOnly, SameSite=Lax, and expires after 8 hours.
Regular visitors are not issued any session cookies.
-
Local storage (consent record): We store your cookie consent preference in
your browser's localStorage (key:
cn_consent). This contains only your preference
("all" or "essential") and a timestamp. It never leaves your device.
2.3 Analytics Data (Consent Required)
With your consent, we load Google Analytics 4 (Google LLC, USA), which collects:
page views, session data, browser/device type, approximate geographic location (country/city level),
referral source, and on-site behaviour. This data is processed by Google under their
Privacy Policy.
We use IP anonymisation. Analytics data is retained for 14 months.
Analytics are NOT loaded unless you click "Accept All". Choosing "Essential Only"
keeps Google Analytics entirely disabled for your visit.
3. Legal Bases for Processing (GDPR)
For visitors in the European Economic Area (EEA), United Kingdom, and other jurisdictions where
the GDPR or equivalent law applies, our legal bases are:
-
Legitimate interests (Art. 6(1)(f)): Server log retention for security monitoring
and operational integrity. Our interest in operating a secure service is balanced against the
minimal impact on visitors from short-term log retention.
-
Consent (Art. 6(1)(a)): Google Analytics activation. You may withdraw consent
at any time via the "Cookie Preferences" link in the site footer.
4. Cookies
For a full list of cookies and how to manage them, see our Cookie Policy.
5. Third-Party Services
-
Google Analytics 4 (Google LLC, Mountain View, CA, USA) — loaded only with
consent. Data transfer to the USA is covered by Google's Standard Contractual Clauses and
participation in the EU-US Data Privacy Framework.
-
Google Fonts / CDN assets — We do not load external fonts or CDN-hosted assets
by default. Some pages load the Marked.js library from jsDelivr. jsDelivr may log your IP.
-
Unsplash — Article cover images may be sourced from Unsplash. Images are
loaded from their CDN which may process your IP.
We do not use advertising networks, social-media tracking pixels, or retargeting tools.
6. Data Retention
- Server access logs: 30 days
- Email correspondence (contact@): 3 years or until resolved
- Analytics data (if consented): 14 months (Google Analytics default)
- Consent preference (localStorage): 12 months, then cleared and re-prompted
7. Your Rights (GDPR)
If you are located in the EEA or UK, you have the following rights under the GDPR (EU) 2016/679
and UK GDPR:
// ACCESS (ART. 15)
Request a copy of the personal data we hold about you.
// RECTIFICATION (ART. 16)
Request correction of inaccurate or incomplete data.
// ERASURE (ART. 17)
Request deletion of your personal data ("right to be forgotten").
// RESTRICTION (ART. 18)
Request that we limit how we process your data.
// PORTABILITY (ART. 20)
Receive your data in a structured, machine-readable format.
// OBJECTION (ART. 21)
Object to processing based on legitimate interests.
// WITHDRAW CONSENT
Withdraw analytics consent at any time via "Cookie Preferences" in the footer.
// COMPLAINT
Lodge a complaint with your national data protection authority.
To exercise any of these rights, email
contact@cybernewsroom.xyz
with the subject "Privacy Request". We will respond within 30 days.
8. California Privacy Rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the
California Privacy Rights Act (CPRA) grants you the following rights:
- Right to Know: Request disclosure of what personal information we collect, use, disclose, and sell.
- Right to Delete: Request deletion of personal information we have collected from you.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt Out of Sale / Sharing: We do not sell your personal information for monetary consideration. However, sharing data with Google Analytics may constitute "sharing" under CPRA. To opt out, select "Essential Only" in the cookie banner or click "Cookie Preferences" in the footer. You may also submit a request via our contact email.
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
- Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by the CPRA.
Do Not Sell or Share My Personal Information: To opt out of analytics sharing,
click "Cookie Preferences" below or use the link in the site footer, and select "Essential Only".
To submit a formal CCPA request, email
contact@cybernewsroom.xyz
with the subject "CCPA Request". We respond within 45 days.
9. Children's Privacy
This site is not directed at children under 13 (US) or under 16 (EEA). We do not knowingly collect
personal information from children. If you believe a child has provided us with personal data,
please contact us and we will delete it promptly.
10. International Transfers
Server infrastructure is located in [your hosting region]. Google Analytics processes data in the
USA. Transfers to the USA from the EEA are covered by Standard Contractual Clauses (SCCs) executed
by Google, and Google's participation in the EU-US Data Privacy Framework.
11. Security
We implement appropriate technical and organisational measures to protect data against unauthorised
access, alteration, disclosure, or destruction. Admin sessions use HMAC-signed tokens, HttpOnly
cookies, and 8-hour expiry. Connections are served over HTTPS.
12. Changes to This Policy
We may update this policy from time to time. Material changes will be reflected in the "Last updated"
date at the top of this page. We encourage you to review this policy periodically.
13. Contact & Complaints
For all privacy enquiries: contact@cybernewsroom.xyz
For complaints in the EU/UK, you may contact your national supervisory authority (e.g. the ICO in
the UK, the DPC in Ireland, the CNIL in France, the BfDI in Germany).