Legal

Privacy Policy

How we collect, use, protect, and respect your personal information — in plain language, in full compliance with the Protection of Personal Information Act (POPIA).

LAST UPDATED: JUNE 2025

1. Who We Are

Greyhat4Hire is an independent cybersecurity consulting firm providing penetration testing, vulnerability assessments, compliance audits, and incident response services across South Africa.

We are the responsible party for the personal information we collect through this website and through our client engagements, as defined under the Protection of Personal Information Act 4 of 2013 (POPIA).

Contact: info@greyhat4hire.com
Phone: +27 84 635 3581
Website: greyhat4hire.com

2. Information We Collect

We collect only the minimum information necessary to provide our services. This may include:

  • Contact information — name, email address, phone number, and company name submitted through our contact form or WhatsApp.
  • Engagement information — technical details about systems in scope, as agreed in a signed Statement of Work and NDA.
  • Communication records — emails and messages exchanged during an engagement.
  • Website usage data — basic analytics such as page visits and browser type, collected through essential cookies only. We do not use advertising or tracking cookies.

We do not collect sensitive personal information (as defined by POPIA) without your explicit written consent.

3. How We Use Your Information

We use your personal information solely to:

  • Respond to enquiries and provide quotes for our services.
  • Conduct and deliver agreed cybersecurity engagements.
  • Communicate with you about your engagement, findings, and remediation.
  • Comply with legal obligations, including tax and regulatory requirements.
  • Improve our website based on anonymised usage patterns.

We will never sell, rent, or trade your personal information to any third party. We will never use your information for marketing purposes without your explicit consent.

4. Cookies

This website uses essential cookies only. These are strictly necessary for the website to function correctly and cannot be disabled without breaking core functionality.

We do not use:

  • Advertising or tracking cookies
  • Third-party analytics platforms (Google Analytics, Facebook Pixel, etc.)
  • Session profiling or behavioural targeting

Your cookie consent preference is stored locally in your browser. You can clear it at any time by clearing your browser data.

5. How We Protect Your Information

Security is our business — and we apply the same rigour internally. We protect your personal information through:

  • Encrypted communication channels for all sensitive data transfer.
  • Strict NDA coverage from the first point of contact.
  • Access controls limiting who can view client data.
  • Secure deletion of client data after agreed retention periods.
  • No storage of engagement findings on third-party cloud platforms without explicit consent.

6. Sharing Your Information

We do not share your personal information with third parties except in the following limited circumstances:

  • Legal obligation — if required by South African law, court order, or a regulatory authority.
  • With your consent — if you explicitly authorise us to share specific information.
  • Service providers — limited to essential tools (e.g. email delivery) under strict confidentiality agreements. We never share client engagement details with any subcontractor without your written approval.

We will never disclose your identity, engagement details, or findings as a case study or reference without your explicit written permission.

7. Data Retention

We retain personal information only for as long as necessary:

  • Enquiries that did not proceed to an engagement — deleted within 12 months.
  • Client engagement records — retained for 3 years after engagement close, in line with standard professional practice, then securely deleted.
  • Financial records — retained for 5 years as required by South African tax law.

You may request earlier deletion of your personal information at any time (see Section 9).

8. Your Rights Under POPIA

As a data subject under POPIA, you have the right to:

  • Access — request a copy of the personal information we hold about you.
  • Correction — request that inaccurate or incomplete information be corrected.
  • Deletion — request that we delete your personal information, subject to legal retention obligations.
  • Objection — object to us processing your personal information in certain circumstances.
  • Complaint — lodge a complaint with the Information Regulator of South Africa if you believe we have violated your rights.

Information Regulator (South Africa):
Website: www.justice.gov.za/inforeg
Email: inforeg@justice.gov.za

9. Contact Us About Your Privacy

To exercise any of your rights, or if you have any questions about this Privacy Policy, please contact us directly:

Email: info@greyhat4hire.com
WhatsApp: +27 84 635 3581
Response time: We aim to respond to all privacy requests within 5 business days.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any material changes will be posted on this page with an updated date. We encourage you to review this page periodically.

Continued use of our website or services after any changes constitutes your acceptance of the updated policy.

Back to Home