Skip to content

Privacy and Security Policy

Privacy Policy

Protecting your private information is our priority. This Statement of Privacy applies to www.tidalcyber.com, and Tidal Cyber and governs data collection and usage. For the purposes of this Privacy Policy, unless otherwise noted, all references to Tidal Cyber include www.tidalcyber.com and Tidal. The Tidal website is a Tidal Cyber's Corporate Website site. By using the Tidal Cyber website, you consent to the data practices described in this statement.

 

Collection of your Personal Information

In order to better provide you with products and services offered, Tidal Cyber may collect personally identifiable information, such as your:

- First and Last Name

- E-mail Address

- Employer

- Job Title

We do not collect any personal information about you unless you voluntarily provide it to us. However, you may be required to provide certain personal information to us when you elect to use certain products or services. These may include: (a) registering for an account; (b) signing up for special offers; (d) sending us an email message; (e) submitting your credit card or other payment information when ordering and purchasing products and services. To wit, we will use your information for, but not limited to, communicating with you in relation to services and/or products you have requested from us. We also may gather additional personal or non-personal information in the future.

 

Use of your Personal Information

Tidal Cyber collects and uses your personal information to operate and deliver the services you have requested.

Tidal Cyber may also use your personally identifiable information to inform you of other products or services available from Tidal Cyber and its affiliates.

 

Sharing Information with Third Parties

Tidal Cyber does not sell, rent or lease its customer lists to third parties.

Tidal Cyber may share data with trusted partners to help perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to Tidal, and they are required to maintain the confidentiality of your information.

Tidal Cyber may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Tidal Cyber or the site; (b) protect and defend the rights or property of Tidal Cyber; and/or (c) act under exigent circumstances to protect the personal safety of users of Tidal Cyber, or the public.

 

Tracking User Behavior

Tidal Cyber may keep track of the websites and pages our users visit within Tidal Cyber, in order to determine what Tidal Cyber services are the most popular. This data is used to deliver customized content and advertising within Tidal Cyber to customers whose behavior indicates that they are interested in a particular subject area.

 

Automatically Collected Information

Information about your computer hardware and software may be automatically collected by Tidal Cyber. This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the Tidal Cyber website.

 

Use of Cookies

The Tidal Cyber website may use "cookies" to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize Tidal Cyber pages, or register with Tidal Cyber site or services, a cookie helps Tidal Cyber to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same Tidal Cyber website, the information you previously provided can be retrieved, so you can easily use the Tidal Cyber features that you customized.

You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Tidal Cyber services or websites you visit.

 

Security of your Personal Information

Tidal Cyber secures your personal information from unauthorized access, use, or disclosure. Tidal Cyber uses the following methods for this purpose:

- TLS/SSL Protocol

When personal information is transmitted to other websites, it is protected through the use of encryption, such as the Secure Sockets Layer (SSL) protocol.

We strive to take appropriate security measures to protect against unauthorized access to or alteration of your personal information. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) security, integrity, and privacy of any and all information and data exchanged between you and us through this Site cannot be guaranteed.

 

Right to Deletion

Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:

• Delete your personal information from our records; and

• Direct any service providers to delete your personal information from their records.

Please note that we may not be able to comply with requests to delete your personal information if it is necessary to:

• Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;

• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;

• Debug to identify and repair errors that impair existing intended functionality;

• Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;

• Comply with the California Electronic Communications Privacy Act;

• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;

• Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;

• Comply with an existing legal obligation; or

• Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

 

Children Under Thirteen

Tidal Cyber does not knowingly collect personally identifiable information from children under the age of thirteen. If you are under the age of thirteen, you must ask your parent or guardian for permission to use this website.

 

E-mail Communications

From time to time, Tidal Cyber may contact you via email for the purpose of providing announcements, promotional offers, alerts, confirmations, surveys, and/or other general communication. In order to improve our Services, we may receive a notification when you open an email from Tidal Cyber or click on a link therein.

If you would like to stop receiving marketing or promotional communications via email from Tidal Cyber, you may opt-out of such communications by emailing us at contact@tidalcyber.com.

 

External Data Storage Sites

We may store your data on servers provided by third-party hosting vendors with whom we have contracted.

GDPR Compliance and Data Protection

Our company is committed to upholding the privacy and security standards required by the General Data Protection Regulation (GDPR). We implement robust data protection practices to secure Personally Identifiable Information (PII) and ensure its confidentiality, integrity, and availability. We only collect, process, and retain data necessary to fulfill contractual obligations and provide services to our clients, with explicit consent where required.

Data Removal Requests
In compliance with GDPR and other applicable privacy laws, we honor requests from individuals to access, rectify, or delete their personal data. Requests for data removal will be processed promptly, and we will confirm removal within the timeframe established by GDPR, or as stipulated by other applicable regulations.

 

Changes to this Statement

Tidal Cyber reserves the right to change this Privacy Policy from time to time. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your account, by placing a prominent notice on our website, and/or by updating any privacy information. Your continued use of the website and/or Services available after such modifications will constitute your: (a) acknowledgment of the modified Privacy Policy; and (b) agreement to abide and be bound by that Policy.

 

Contact Information

Tidal Cyber welcomes your questions or comments regarding this Statement of Privacy. If you believe that Tidal Cyber has not adhered to this Statement, please contact Tidal Cyber at:

security@tidalcyber.com

 

Security Policy

Organizational Security

  • Information Security Program
    • We have an Information Security Program in place that is communicated throughout the organization. Our Information Security Program follows the criteria set forth by the SOC 2 Framework. SOC 2 is a widely known information security auditing procedure created by the American Institute of Certified Public Accountants.
  • Third-Party Audits
    • Our organization undergoes independent third-party assessments to test our security and compliance controls.
  • Third-Party Penetration Testing
    • We perform an independent third-party penetration at least annually to ensure that the security posture of our services is uncompromised.
  • Roles and Responsibilities
    • Roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well defined and documented. Our team members are required to review and accept all of the security policies.
  • Security Awareness Training
    • Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.
  • Confidentiality
    • All team members are required to sign and adhere to an industry standard confidentiality agreement prior to their first day of work.
  • Background Checks
    • We perform background checks on all new team members in accordance with local laws.

Cloud Security

  • Cloud Infrastructure Security
    • All of our services are hosted with Amazon Web Services (AWS). AWS employs a robust security program with multiple certifications. For more information on our provider’s security processes, please visit AWS Security.
  • Data Hosting Security
    • All of our data is hosted on Amazon Web Services (AWS) databases. These databases are all located in the United States. Please reference the above vendor specific documentation linked above for more information.
  • Encryption at Rest
    • All databases are encrypted at rest.
  • Encryption in Transit
    • Our applications encrypt in transit with TLS/SSL only.
  • Vulnerability Scanning
    • We perform vulnerability scanning and actively monitor for threats.
  • Logging and Monitoring
    • We actively monitor and log various cloud services.
  • Business Continuity and Disaster Recovery
    • We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.
  • Incident Response
    • We have a process for handling information security events which includes escalation procedures, rapid mitigation, and communication.

Access Security

  • Permissions and Authentication
    • Access to cloud infrastructure and other sensitive tools are limited to authorized employees who require it for their role.
    • Where available we have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies to ensure access to cloud services are protected.
  • Least Privilege Access Control
    • We follow the principle of least privilege with respect to identity and access management.
  • Quarterly Access Reviews
    • We perform quarterly access reviews of all team members with access to sensitive systems.
  • Password Requirements
    • All team members are required to adhere to a minimum set of password requirements and complexity for access.
  • Password Managers
    • All company issued laptops utilize a password manager for team members to manage passwords and maintain password complexity.

Vendor and Risk Management

  • Annual Risk Assessments
    • We undergo at least annual risk assessments to identify any potential threats, including considerations for fraud.
  • Vendor Risk Management
    • Vendor risk is determined and the appropriate vendor reviews are performed prior to authorizing a new vendor.

Last updated 10/31/2024