We believe privacy should be simple. Here is exactly what we collect, what we don't, and what your rights are.
CyberCheck ("we," "us," or "our") is a free cybersecurity assessment tool for small business owners, operated at cyberchecker.netlify.app. This Privacy Policy explains how we handle information in connection with your use of our website and any services we offer.
For privacy-related questions, contact us at: fawazmpire@gmail.com
This policy applies to all visitors of cyberchecker.netlify.app. It describes:
CyberCheck's assessment questions and recommendations are structured in alignment with the NIST Cybersecurity Framework (CSF) 2.0, published by the National Institute of Standards and Technology. The six assessment categories map to the following NIST CSF 2.0 functions:
| CyberCheck Category | NIST CSF 2.0 Function | Code |
|---|---|---|
| Password & Access Management | PROTECT | PR.AA |
| Network & Wi-Fi Security | PROTECT | PR.IR |
| Data Backup & Recovery | PROTECT · RECOVER | PR.DS · RC.RP |
| Employee Security Awareness | PROTECT | PR.AT |
| Software & Device Security | PROTECT | PR.PS |
| Incident Response | RESPOND · GOVERN | RS.MA · GV.RM |
CyberCheck is not affiliated with, endorsed by, or certified by NIST. The NIST CSF is a publicly available framework free to reference. Full documentation: nist.gov/cyberframework.
CyberCheck is designed to collect as little information as possible. Here is a complete breakdown:
When you visit our website, our hosting provider Netlify automatically collects standard server log data. This may include your IP address, browser type, operating system, referring URL, and the date and time of your visit. This is standard for any website on the internet. We do not control or retain this data ourselves - it is governed by Netlify's Privacy Policy (see Section 6).
All 25 assessment questions are processed entirely within your web browser using JavaScript. Your answers are stored temporarily in your browser's memory only while you are completing the assessment. They are never transmitted to our servers or to any third party. The PDF report is also generated entirely within your browser - no file is uploaded anywhere.
When you close the browser tab or navigate away, all assessment data is permanently erased from your device's memory. There is no account, no profile, and no history associated with your use of CyberCheck.
We do not set any cookies on your device. We use sessionStorage - a browser feature that stores a small amount of temporary data. Unlike cookies, sessionStorage data:
CyberCheck uses sessionStorage solely to remember your in-progress assessment answers as you move between question pages within a single session. Nothing is retained after your session ends.
Third-party services we load (Google Fonts, Cloudflare) may set their own cookies or use browser storage according to their own policies, outlined in Section 6 below.
CyberCheck uses the following third-party services to function. Each service may collect data according to its own privacy policy. We have chosen these services because they are industry-standard, widely trusted, and necessary to deliver the website.
| Service | Purpose | Data They May Collect | Their Privacy Policy |
|---|---|---|---|
| Netlify | Website hosting and delivery | IP address, browser info, page request logs | netlify.com/privacy |
| Google Fonts | Typeface (Inter font) | IP address when font files are requested. Google states it does not use font requests for advertising or tracking. | policies.google.com/privacy |
| Cloudflare CDN | Loads icons (Font Awesome), assessment engine (jsPDF), and animation library (particles.js) | IP address and request metadata as part of CDN delivery | cloudflare.com/privacypolicy |
| Stripe (future) | Payment processing for premium reports (not yet active) | Payment card details, billing name, email. Stripe is PCI-DSS Level 1 certified. We never see or store your card number. | stripe.com/privacy |
We do not use Google Analytics, Facebook Pixel, or any other advertising or behavioral tracking tools.
When premium paid features are available, payments will be processed exclusively by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. When you complete a payment:
We do not store, log, or retain any payment information on our side.
Because we collect virtually no personal data ourselves, our retention practices are straightforward:
Depending on where you are located, you may have the following rights regarding your personal data. Because we collect minimal data, most of these rights are satisfied by default - but they remain available to you.
Request a description of what personal data we hold about you.
Request deletion of any personal data we hold. Since we hold almost none, this is largely pre-satisfied.
Request correction of any inaccurate personal data we may hold.
We do not sell personal data. There is nothing to opt out of.
Request a portable copy of any personal data we hold about you.
Request that we limit how we use your data in certain circumstances.
EU / UK visitors (GDPR): You have all rights listed above under the General Data Protection Regulation. Our legal basis for processing is legitimate interest in delivering the service you requested. You also have the right to lodge a complaint with your local data protection authority.
California residents (CCPA/CPRA): We do not sell or share your personal information. You have all rights listed in the California Consumer Privacy Act. To exercise any right, contact us at the address in Section 12.
To exercise any right, email us at fawazmpire@gmail.com. We will respond within 30 days.
CyberCheck is intended for business owners and professionals. It is not directed at children under the age of 13 (or 16 in the EU under GDPR). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.
We may update this Privacy Policy from time to time as our practices change or as required by law. When we do, we will update the "Last updated" date at the top of this page. If we make significant changes, we will make reasonable efforts to notify you, such as by posting a notice on the website. We encourage you to review this policy periodically.
Your continued use of CyberCheck after any changes take effect constitutes your acceptance of the updated policy.
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
CyberCheck
Email: fawazmpire@gmail.com
Website: cyberchecker.netlify.app
This Privacy Policy was drafted in good faith to accurately reflect the data practices of CyberCheck. It is intended to comply with the GDPR (EU) 2016/679, the California Consumer Privacy Act (CCPA) as amended by the CPRA, and applicable U.S. federal and state privacy laws. This policy does not constitute legal advice. If you operate a business with significant data processing activities, consult a qualified privacy attorney.