How HAIntelligence handles personal data.

HAIntelligence respects privacy and handles personal data with care. This Privacy Policy explains what personal data may be collected through the website and related communications, why it is processed, how long it may be kept, and what rights individuals have.

This policy applies to visitors, prospects, clients, business contacts, and individuals who interact with HAIntelligence through the website, contact form, email, or service discussions.

HAIntelligence provides cybersecurity intelligence, digital exposure assessment, threat intelligence monitoring, OSINT-based research, security reporting, and AI-assisted security workflows. Some services may involve business, technical, or security-related information provided by clients or discovered through authorized analysis.

For the processing described in this Privacy Policy, HAIntelligence acts as the data controller unless otherwise stated in a separate written agreement.

The data controller determines why and how personal data is processed in relation to website use, contact requests, commercial discussions, and service communications.

This Privacy Policy covers personal data processed through the HAIntelligence website, contact form, email communications, service requests, business discussions, and related administrative or security operations.

It does not replace a client-specific data processing agreement, statement of work, or confidentiality agreement. Where a separate signed agreement applies, that agreement may define additional or different responsibilities.

• Website visits and technical security logs
• Contact form submissions
• Email and business communications
• PDF attachments sent through the contact form
• Cybersecurity service discussions and scoping information
• Authorized service delivery and reporting communications

HAIntelligence collects only the personal data needed to respond to requests, operate the website securely, communicate with prospects or clients, and deliver agreed services.

The exact data collected depends on how you interact with HAIntelligence.

• Identity and contact details, such as name, work email, phone number, company name, and company size.
• Website or domain information submitted through the contact form.
• Service interest, message content, and any information voluntarily included in a request.
• PDF attachments voluntarily uploaded through the contact form.
• Technical information such as IP address, browser information, timestamps, request metadata, and security logs.
• Security verification data generated by anti-abuse tools such as Cloudflare Turnstile.
• Email delivery and communication metadata processed through email service providers.

The public contact form is not intended for sensitive personal data, credentials, secrets, private keys, authentication tokens, internal incident details, or confidential security evidence.

If sensitive security material must be shared for a legitimate business purpose, HAIntelligence may request that a more appropriate secure channel be agreed before such material is transmitted.

• Do not submit passwords or credentials.
• Do not submit private keys, API keys, or tokens.
• Do not submit unnecessary personal data about employees, clients, or third parties.
• Do not submit incident evidence unless a secure process has been agreed.

HAIntelligence processes personal data for specific business, security, legal, and communication purposes.

• Responding to contact requests and business inquiries.
• Understanding the context, scope, and relevance of a requested service.
• Preparing proposals, quotations, assessments, reports, or service discussions.
• Operating, securing, monitoring, and protecting the website and contact form.
• Preventing spam, abuse, fraud, malicious submissions, and unauthorized activity.
• Sending and receiving service-related communications.
• Maintaining business records, invoices, contractual documents, and compliance information.
• Improving internal methods, workflows, and service quality.

Depending on the context, HAIntelligence processes personal data under one or more legal bases recognized by the GDPR.

• Legitimate interest: responding to professional inquiries, securing the website, preventing abuse, managing business communications, and improving services.
• Pre-contractual steps or contract performance: preparing proposals, discussing services, delivering agreed work, and managing client relationships.
• Legal obligation: maintaining accounting, tax, compliance, or legal records where required.
• Consent: where consent is specifically requested, for example for optional communications or future non-essential tracking if implemented.

The contact form may validate submitted fields before a request is accepted. This can include email format validation, phone number validation, PDF attachment restrictions, anti-spam checks, and domain existence checks.

Domain checks are used to reduce spam, improve lead quality, and verify that submitted domain information is technically plausible. They do not prove ownership of a domain or authorization to request a cybersecurity assessment.

Personal data may be accessed by HAIntelligence and by carefully selected service providers that help operate the website, secure the contact form, deliver emails, host infrastructure, or support business operations.

Service providers process data only for the relevant operational purpose and are not intended to use it for their own unrelated purposes.

• Website hosting and deployment providers.
• Email delivery providers, including Resend for contact form delivery.
• Security and anti-abuse providers, including Cloudflare Turnstile.
• Domain name, DNS, or infrastructure providers where relevant.
• Professional advisers, accountants, or legal representatives where necessary.
• Public authorities where disclosure is legally required.

Some service providers used to operate the website, deliver email, provide security verification, or host infrastructure may process data outside the European Economic Area.

Where such transfers occur, HAIntelligence seeks to rely on appropriate safeguards such as adequacy decisions, standard contractual clauses, provider contractual commitments, or other mechanisms recognized under applicable data protection law.

Personal data is not kept indefinitely. Retention periods depend on the type of data, the purpose of processing, legal obligations, and the need to protect legitimate business or security interests.

• Contact form submissions may be kept for the time needed to respond, follow up, and manage the business relationship.
• Commercial and contractual records may be kept for the duration required by accounting, tax, legal, or limitation rules.
• Security logs may be kept for a limited period necessary to detect abuse, investigate incidents, and protect the website.
• Attachments may be reviewed and retained only where relevant to the request or service discussion.
• Data that is no longer needed may be deleted, anonymized, or archived according to operational and legal requirements.

HAIntelligence applies reasonable technical and organizational measures to protect personal data against unauthorized access, misuse, loss, alteration, or disclosure.

No website, email system, or internet transmission can be guaranteed completely secure. Users should avoid sending unnecessary sensitive information through public forms.

• Server-side form validation.
• Anti-abuse and bot verification.
• Restricted attachment types and file size limits.
• Transport security where supported by hosting infrastructure.
• Access limitation and operational security practices.
• Monitoring for suspicious or abusive submissions.

Subject to the conditions and limits provided by applicable law, individuals may have rights over their personal data.

• Right of access: request confirmation and access to personal data processed about you.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion in certain circumstances.
• Right to restriction: request that processing be limited in certain circumstances.
• Right to object: object to processing based on legitimate interests.
• Right to portability: receive certain data in a structured format where applicable.
• Right to withdraw consent where processing is based on consent.
• Right to lodge a complaint with a competent data protection authority.

HAIntelligence does not currently operate a public newsletter through this website. If marketing communications are introduced later, they will be handled according to applicable consent and unsubscribe requirements.

Service-related and business communications, such as replies to requests, proposals, or client follow-ups, are not marketing newsletters.

The website may use strictly necessary technologies required for security, routing, language preferences, contact form protection, or basic website operation.

For more information about cookies and similar technologies, please see the Cookie Policy.

The HAIntelligence website and services are intended for professional and business use. They are not directed to children.

HAIntelligence does not knowingly collect personal data from children through the website.

HAIntelligence may update this Privacy Policy to reflect changes in services, legal requirements, security practices, providers, or data processing operations.

The updated version will be published on the website with a revised update date.

For questions about this Privacy Policy or to exercise privacy rights, you may contact HAIntelligence using the details below.

If you believe your data protection rights have not been respected, you may also contact the competent data protection authority, including CNIL in France where applicable.