Privacy Policy

We believe privacy should be simple. Here is exactly what we collect, what we don't, and what your rights are.

Last updated: April 27, 2026  ·  Effective: April 27, 2026

Contents

  1. Who We Are
  2. What This Policy Covers
  3. Assessment Methodology
  4. Information We Collect
  5. Your Assessment Data
  6. Browser Storage
  7. Third-Party Services
  8. Payment Processing
  9. Data Retention
  10. Your Rights
  11. Children's Privacy
  12. Changes to This Policy
  13. Contact Us
1

Who We Are

CyberCheck ("we," "us," or "our") is a free cybersecurity assessment tool for small business owners, operated at cyberchecker.netlify.app. This Privacy Policy explains how we handle information in connection with your use of our website and any services we offer.

For privacy-related questions, contact us at: fawazmpire@gmail.com


2

What This Policy Covers

This policy applies to all visitors of cyberchecker.netlify.app. It describes:

Plain English Summary
CyberCheck is a static website. Your assessment answers never leave your device. We do not have a database of users. We do not sell your data. We do not run advertising.

3

Assessment Methodology

CyberCheck's assessment questions and recommendations are structured in alignment with the NIST Cybersecurity Framework (CSF) 2.0, published by the National Institute of Standards and Technology. The six assessment categories map to the following NIST CSF 2.0 functions:

CyberCheck Category NIST CSF 2.0 Function Code
Password & Access ManagementPROTECTPR.AA
Network & Wi-Fi SecurityPROTECTPR.IR
Data Backup & RecoveryPROTECT · RECOVERPR.DS · RC.RP
Employee Security AwarenessPROTECTPR.AT
Software & Device SecurityPROTECTPR.PS
Incident ResponseRESPOND · GOVERNRS.MA · GV.RM

CyberCheck is not affiliated with, endorsed by, or certified by NIST. The NIST CSF is a publicly available framework free to reference. Full documentation: nist.gov/cyberframework.


4

Information We Collect

CyberCheck is designed to collect as little information as possible. Here is a complete breakdown:

Information We Do NOT Collect
  • Your name, email address, or any contact information
  • Your company name or business details
  • Your answers to the assessment questions
  • The PDF report you generate
  • Any payment card details (handled by Stripe - see Section 7)
  • Location data beyond what your IP address may indicate
Information Collected Indirectly

When you visit our website, our hosting provider Netlify automatically collects standard server log data. This may include your IP address, browser type, operating system, referring URL, and the date and time of your visit. This is standard for any website on the internet. We do not control or retain this data ourselves - it is governed by Netlify's Privacy Policy (see Section 6).


5

Your Assessment Data

Your answers never leave your device

All 25 assessment questions are processed entirely within your web browser using JavaScript. Your answers are stored temporarily in your browser's memory only while you are completing the assessment. They are never transmitted to our servers or to any third party. The PDF report is also generated entirely within your browser - no file is uploaded anywhere.

When you close the browser tab or navigate away, all assessment data is permanently erased from your device's memory. There is no account, no profile, and no history associated with your use of CyberCheck.


6

Cookies and Browser Storage

We do not set any cookies on your device. We use sessionStorage - a browser feature that stores a small amount of temporary data. Unlike cookies, sessionStorage data:

CyberCheck uses sessionStorage solely to remember your in-progress assessment answers as you move between question pages within a single session. Nothing is retained after your session ends.

Third-party services we load (Google Fonts, Cloudflare) may set their own cookies or use browser storage according to their own policies, outlined in Section 6 below.


7

Third-Party Services

CyberCheck uses the following third-party services to function. Each service may collect data according to its own privacy policy. We have chosen these services because they are industry-standard, widely trusted, and necessary to deliver the website.

Service Purpose Data They May Collect Their Privacy Policy
Netlify Website hosting and delivery IP address, browser info, page request logs netlify.com/privacy
Google Fonts Typeface (Inter font) IP address when font files are requested. Google states it does not use font requests for advertising or tracking. policies.google.com/privacy
Cloudflare CDN Loads icons (Font Awesome), assessment engine (jsPDF), and animation library (particles.js) IP address and request metadata as part of CDN delivery cloudflare.com/privacypolicy
Stripe (future) Payment processing for premium reports (not yet active) Payment card details, billing name, email. Stripe is PCI-DSS Level 1 certified. We never see or store your card number. stripe.com/privacy

We do not use Google Analytics, Facebook Pixel, or any other advertising or behavioral tracking tools.


8

Payment Processing

When premium paid features are available, payments will be processed exclusively by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. When you complete a payment:

We do not store, log, or retain any payment information on our side.


9

Data Retention

Because we collect virtually no personal data ourselves, our retention practices are straightforward:


10

Your Privacy Rights

Depending on where you are located, you may have the following rights regarding your personal data. Because we collect minimal data, most of these rights are satisfied by default - but they remain available to you.

Right to Know

Request a description of what personal data we hold about you.

Right to Delete

Request deletion of any personal data we hold. Since we hold almost none, this is largely pre-satisfied.

Right to Correct

Request correction of any inaccurate personal data we may hold.

Right to Opt Out

We do not sell personal data. There is nothing to opt out of.

Right to Portability

Request a portable copy of any personal data we hold about you.

Right to Restrict Processing

Request that we limit how we use your data in certain circumstances.

EU / UK visitors (GDPR): You have all rights listed above under the General Data Protection Regulation. Our legal basis for processing is legitimate interest in delivering the service you requested. You also have the right to lodge a complaint with your local data protection authority.

California residents (CCPA/CPRA): We do not sell or share your personal information. You have all rights listed in the California Consumer Privacy Act. To exercise any right, contact us at the address in Section 12.

To exercise any right, email us at fawazmpire@gmail.com. We will respond within 30 days.


11

Children's Privacy

CyberCheck is intended for business owners and professionals. It is not directed at children under the age of 13 (or 16 in the EU under GDPR). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.


12

Changes to This Policy

We may update this Privacy Policy from time to time as our practices change or as required by law. When we do, we will update the "Last updated" date at the top of this page. If we make significant changes, we will make reasonable efforts to notify you, such as by posting a notice on the website. We encourage you to review this policy periodically.

Your continued use of CyberCheck after any changes take effect constitutes your acceptance of the updated policy.


13

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Privacy Contact

CyberCheck
Email: fawazmpire@gmail.com
Website: cyberchecker.netlify.app

This Privacy Policy was drafted in good faith to accurately reflect the data practices of CyberCheck. It is intended to comply with the GDPR (EU) 2016/679, the California Consumer Privacy Act (CCPA) as amended by the CPRA, and applicable U.S. federal and state privacy laws. This policy does not constitute legal advice. If you operate a business with significant data processing activities, consult a qualified privacy attorney.